Eavesdroppers might be able to gain clues about the content of encrypted conversations even without breaking the cryptography.

VoIP services such as Skype encrypt conversations but law enforcement agencies, most notably in Germany, have complained this can hinder law enforcement investigations.

The emerging use of variable bitrate compression for VoIP transmission carries serious potential drawbacks that may play into the hands of those seeking to spy on the content of conversations, for whatever purpose. Variable bitrate compression to VoIP streams minimises the use of bandwidth without reducing audio quality.

But the technique, when applied to encrypted VoIP streams, means that larger packets of scrambled data are associated with complex sounds such as “ow” than simple consonants, such as “c”. As a result traffic analysis techniques can be applied to encrypted traffic streams.

Boffins from John Hopkins University in Baltimore, USA have found that the relative size of packets in a VoIP conversation might be used to detect whether words or phrases of interest appear in encrypted conversations. The result might yield a transcript even more unintelligible than from comedian Norman Collier’s faulty microphone routine - which might still be a useful result.

Even though the approach is not sophisticated enough to come anywhere near gaining the actual gist of conversations it is be good enough to pick out chosen phrases within encrypted data. By using machine learning techniques the researchers were able to develop systems that “inferred ‘hidden’ information from encrypted VoIP traffic streams based on observable patterns in packet size and timing of various protocols”.

Software developed by the researchers picked out words or short phrases with an average accuracy of 50 per cent, a result that climbed to 90 per cent in the case of longer phrases.

Following the announcement of Sun’s plans to make Java free and open under the General Public License (GPL) at JavaOne 2006, there have been a few struggles on the path to open source. At the time of the OpenJDK release in May last year, around five percent of the code–the portion not owned by Sun–was still closed.

Simon Phipps, the chief open source officer at Sun Microsystems, said: “We released under the GPL everything we had the rights to release under the GPL and that was last summer. There were a couple of holdouts there. One was the area to do with raster graphics and 2D graphics. That turned out to be owned by a company that didn’t want us to release that code as open source. We negotiated with them and because they’ve said ‘yes, you can open source the code’, I can tell you they’re Codec […].”

The only element that’s left now is actually a sound-related component within Java. We finally decided that the vendor that’s involved there just isn’t going to play ball and we’re rewriting the code from scratch. That’s going to be done within the next couple of months.”

Phipps says Java is expected to be completely free within the coming few months.

Only 8 percent of developers are targeting Windows Vista according to a new report from analysts Evans Data Corporation. 49 percent of developers are developing for Vista’s soon-to-be-discontinued predecessor, Windows XP, and even Linux is beating Vista, with some 13 percent of development focused on the open-source OS.

The headline finding of the report, compiled from a biannual survey of North American developers, could point at continued problems for Microsoft. More than a year after its release, Vista is still failing to make significant inroads into the enterprise, with businesses preferring to stick with the tried-and-trusted Windows XP. John Andrews, president and CEO of Evans Data, claims that developers are taking a “wait-and-see” approach to Vista, as “the new operating system has had more than its share of problems”; driver issues, software incompatibility, and steep hardware demands.

Last month, the Internet Corporation for Assigned Names and Numbers (ICANN) was the target of a public complaint that it wasn’t doing enough to fight spam and bogus websites. The complaint was made by anti-spam service Knujon, which suggested that most spam-related websites were funneled through 20 ICANN-approved registrars based in the United States and overseas. The company said that ICANN, despite being repeatedly notified that the registrars’ WHOIS records were filled with false address and contact information for millions of spam sites, did not follow its own mandate to force WHOIS compliance among the worst offenders.

Now, Knujon founder Garth Bruen has formally requested ICANN to shut down the Beijing-based registrar at the top of the list, Xinnet Bei Gong Da Software. According to a new document that Bruen sent to ICANN this week, none of the WHOIS records in a sample of 11,000 alleged spam sites registered through Xinnet and reported by Knujon to ICANN’s Whois Data Problem Report System were corrected in a six-month period ending in May 2008. In many cases, says the document, Xinnet does not have “any Whois record data for review while the sites are still active.”

In response to Sweden’s new wiretapping law, The Pirate Bay’s Peter Sunde has announced the tracker’s intention to offer encryption services to its users.

According to the Local, Sweden’s surveillance law, which passed on Thursday of this week, allows the government to monitor all incoming and outgoing transmissions in the name of national security.

Although The Pirate Bay’s lobbying efforts against the bill were unsuccessful, the tracker still has a few cards left to play. According to Sunde, The Pirate Bay will roll out an encryption option this week.
“Many people have asked me what we’re planning to do,” Peter writes in his blog “- and the answer is “A lot!”. We’re going to help out in any way we can with fighting the law. This week we’re going to add SSL to The Pirate Bay. We’re also going to help out making a website about easy encryption - both for your hard drives and your net traffic. As some people know, we’re running a system for VPN-tunnels already and we’re going to lower the price for that as well and open it up for international users as well.”

The level of protection offered likely varies on the individual’s geographical location. Since The Pirate Bay isn’t actually situated in Sweden, a user in the United States isn’t impacted by the law. However for the concerned user living in Sweden, the new SSL feature will offer some security against the perceived threat.