I found the software you're talking about—that is pretty scary. Especially that it includes all the MITM capabilities, lowering the bar on technical skill required to actually carry out such an attack. Gonna try it out on my next Skype call and see how well it does...

I've made plenty of Skype calls from places such as hotel networks or airport WiFi and transmitted credit card or banking information (out of earshot of passersby—apparently not out of earshot of anyone running VOIP-sniffing software!) Now I'm paranoid about that! I guess it's time to start VPNing all that traffic back to one of my coloed boxes (at a facility I trust as well as have access to their equipment at, so I'm not too worried about them port-mirroring my traffic to sniff it.) Maybe it's time to set up Asterisk as I've been meaning to do for a while since I can do lots of other cool stuff with it too. (That'll be great for traveling internationally with multiple cells to simultaneously ring, hotel numbers or friends' numbers where I'm staying, etc.)

Email is almost more secure in this sense as long as the recipient's email isn't being monitored since I use IMAPS/SMTPS back to the same coloed boxes. So it's secure on my end until it gets out onto the "public" Internet (at which point you really only need to be concerned about Government-types watching it, and if they were they could get my credit card and banking information anyways.) My main concern is the receiver being compromised—for example, my parents owe me some money which needs to be wired to an account in the US, so I emailed them my bank routing code and asked them to call me on my UK cell, where I am at the moment, to get my account number.

Hey, you weren't supposed to find out about that.