Either I'm missing something or this doesn't really seem like that big a deal.<p>Here <a href="http://www.secdev.org/conf/skype_BHEU06.pdf" rel="nofollow">http://www.secdev.org/conf/skype_BHEU06.pdf</a> is a 2006 analysis of Skype that found that "RC4 is used for obfuscation not for privacy." They simply worked around it to continue their reverse engineering. And showed that you don't need to understand it to e.g. build a parallel evil Skype network or overflow a buffer and hack everyone running skype.<p>An impressive feat of reverse engineering given the lengths Skype went to, but I don't quite see how practical it is.
Posted to HN three days ago, here: <a href="http://news.ycombinator.com/item?id=1496726" rel="nofollow">http://news.ycombinator.com/item?id=1496726</a>
The original post is here:<p><a href="http://webcache.googleusercontent.com/search?q=cache:http://www.enrupt.com/index.php/2010/07/07/skype-biggest-secret-revealed" rel="nofollow">http://webcache.googleusercontent.com/search?q=cache:http://...</a>