"Security researchers at Johns Hopkins report that a variable bit-rate compression scheme being rolled out on VoIP systems leaves encrypted calls vulnerable to bugging. Simpler syllables are squeezed into smaller data packets, with more complex ones taking up more space; the researchers built software that uses this to spot phrases of interest in encrypted calls simply by measuring packet size."http://technology.newscientist.com/article/dn14124-compressed-web-phone-calls-are-easy-to-bug.html

You’ve gotta be kidding me, First, the article mixes things : vowels actually are simpler than consonant to compress (because of spectral complexity - consonant use much more different frequencies. They are mostly noises and have a more "random"-like wave form making them harder to compress). They got it completely in reverse.

Then TFA doesn’t show a method to magically guess was is being said over a encrypted channel only by looking at the bitrates, it only says that it finds some predetermined pattern in a given set of samples to test against. The whole thing would only be able to answer to some very simple questions like "did the words XYZ appear in the conversation ? or did ABC appear in the conversation ?" - with a rather bad success rate if those words are long and complex enough - which hardly makes it enough to obtain personal information or otherwise efficiently spy on someone.

Then the whole system has a lot of short comings :

- As said before it assumes that the spy knows exactly that some phrase has to be said - if the spy doesn't guess exactly what words he must search for the attack fails (the users may be speaking in a foreign language to begin with).

- It assumes that the speech-generator-made needle they are looking for in the hay stack will be close to what they are looking for. The users may have an accent and pronounce words differently (i.e. alumnium vs. aluminium, etc...)

- And worse of all, it assume that the granularity of the packed will be small enough so that the phonemes will have an influence on the bit rate. Whereas in reality, short packets have a big overhead of bandwidth, longer packets increases the latency. But lots of VoIP users are happy with a 500ms latency because it really diminishes the overhead. At 500ms you can have a couple of words in a single packet. The whole packet will tend to have a corresponding bandwidth close to the average (there will be small difference between phonemes, but these will all be packed into the same packet and will average).

- It fails to take into account an interleaved video stream. Video conferencing is really popular, and its own bandwidth will completely dwarf the bandwidth used by audio. So unless the VoIP uses 2 separate streams (some VoIP systems do), and only encrypt at the stream level, and the transmission is happening over a non encrypted channel (no sane person should do that), this method will fail epically.

http://kotaku.com/5013638/first-duke-nukem-forever-gameplay-video

You have to fast forward through the first like 2 minutes of BS to get to it.... but yes, you read the link correctly: The first (well, for this game engine) Duke Nukem Forever game play video.