Yesterday I posted about how a security issue was discovered with iSkoot for Symbian phones only and the response from iSkoot. Today iSkoot CEO Mark Jacobstein reports on the iSkoot blog confirming that the problem only existed on a non-production version of the Symbian client and that a new (secure) version will be out by Wednesday, April 30. Most importantly Mark concludes with:

We wish to express our sincere thanks to Phoneboy for identifying the issue. As he notes, “there’s absolutely no excuse for not encrypting the information with SSL” - we completely agree, which is why we use SSL encryption on every production build.

Earlier today on the VoIPSA blog Dan York published a chronology of the weekend's activity outlining how the blogosphere assisted in bringing about a satisfactory resolution to the issue. Andy Abramson at VoIP Watch talks about how the blogosphere really is passionate about seeing Skype succeed and really wants to help.

This is how the blogosphere helps and will continue to do so. Smart companies embrace passion. It's only insecure executives who fear their help.

PhoneBoy himself debates whether he followed the right process by exposing a "zero day exploit" without first approaching the vendor.

And, in closing, it was only at Jeff Pulver's VON Social Networking Breakfast where there was an event attended by PhoneBoy, Mark Jacobstein, Andy and myself along with other VoIP bloggers. (Dan was at another conference in Orlando or would have been there also.) But I first had the opportunity to meet Mark the previous week at eComm 2008 where he not only presented the iSkoot story but also had iSkoot sponsor lunch on the first day of the conference. How did I know it was Mark at lunch? He had a Skypephone sitting on the table.

Tags: iSkoot, Mark Jacobstein, PhoneBoy, Dameon Welch-Abernathy, Dan York, VoIPSA, Andy Abramons, VoIP Watch

Powered by Qumana