CircleID

Skype's official explanation. Phil Wolff has a good set of interpolated comments on the official explanation. There are two things to add.

1. As the Register points out, last Tuesday was Microsoft's monthly patch day and those patches required a re-boot. If we believe Skype that their problem started with excessive login attempts, this is the only plausible explanation on the table.

2. There was no patch for the Skype client (i.e. this was routine and hasn't been widely adopted) so either:

• we face another problem next time Microsoft issues patches requiring a reboot, or
• they fixed something on their servers.

I suggest the latter. As I pointed out during the outage, Skype generates a lot of traffic between the login servers and supernodes (see slide 16 in DESCLAUX and KORTCHINSKY's presentation. I suggest Skype has patched something on the login servers. It's well known (e.g. Desclaux & Kortchinsky) that Skype login is a centralized function.

Meanwhile, it will be interesting to see if any additional comments or new client releases appear from Skype in the coming days. I suspect not, as their approach to security has always in included both encryption and obfuscation.

Written by Brough Turner, Founder & CTO at Ashtonbrooke; Chief Strategy Officer at Dialogic. Visit the blog maintained by Brough Turner here.

Related topics: P2P, Security, Telecom, VoIP