dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
515
share rss forum feed


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS

Miscrosoft Skype leaking IPs, TCP ports

•Heise Online: »www.h-online.com/security/news/i···236.html

quote:
According to a blog post, a modified version of the Skype VoIP software can be used to easily find out the IP address of any valid Skype user. No contact has to be made with the user in order to get the information. This IP could then be used to find out other personal details about the user, such as their location or even their employer.


•ZDNet: »www.zdnet.com/blog/security/skyp···ts/11733
quote:
Microsoft-owned Skype is leaking sensitive user data, including internal and external IP addresses and TCP ports.

The issue has been publicly disclosed and I’ve confirmed that a web-based tool is available to help attackers pinpoint the last known IP address of a Skype user.

In addition to public IP addresses, an attacker with a Skype username can siphon addition information like city, country, Internet provider and the internal user ip-address.

A statement from Skype described the privacy leak as “an ongoing, industry-wide issue faced by all peer-to-peer software companies.”


--
Gladiator Security Forum: www.gladiator-antivirus.com/

moes

join:2009-11-15
Cedar City, UT

You do realize running tcpview will give you the IP address of the person your talking too right?



aurgathor

join:2002-12-01
Lynnwood, WA
kudos:1
reply to chachazz

said by chachazz:

A statement from Skype described the privacy leak as “an ongoing, industry-wide issue faced by all peer-to-peer software companies.”

Thing is, to be able to talk to the other person, without having some kind of central server that can make the connection truly anonymous, your end, or at the very least, the computers between you and the other end need to know the IP and the port of the other end to be able communicate. I'd normally be more critical of Microsoft, but this is a feature, not a bug.
--
Palin 2012!


JohnInSJ
Premium
join:2003-09-22
San Jose, CA
reply to chachazz

In other news, speaking to other human beings face to face leaks DNA, and often useless information.
--
My place : »www.schettino.us



Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3
reply to chachazz

Seriously, there is a reason why his posting wasn't on his employer's site.


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS
reply to aurgathor

said by aurgathor:

said by chachazz:

A statement from Skype described the privacy leak as “an ongoing, industry-wide issue faced by all peer-to-peer software companies.”

Thing is, to be able to talk to the other person, without having some kind of central server that can make the connection truly anonymous, your end, or at the very least, the computers between you and the other end need to know the IP and the port of the other end to be able communicate. I'd normally be more critical of Microsoft, but this is a feature, not a bug.

Skype is leaking sensitive user data,
.......No contact has to be made with the user in order to get the information.
... that's a "feature" ?

Skype knew about IP address security flaw back in 2010
»www.zdnet.com/blog/security/skyp···=nl.e589
quote:
The security researchers who discovered the vulnerability are part of the French research institute Inria and the Polytechnic Institute of New York University. Stevens Le Blond, the group lead, told the WSJ over the phone that they shared their original findings with Skype in November 2010.

In October 2011, they published results showing how to surreptitiously track the city-level location of 10,000 Skype users for two weeks. Given how popular Skype is in the industry, the researchers described how the flaw could be used for corporate espionage: a firm could track the movements of rival employees as they travel to determine where they’re doing business and with whom.
--
Gladiator Security Forum: www.gladiator-antivirus.com/


aurgathor

join:2002-12-01
Lynnwood, WA
kudos:1

said by chachazz:

.......No contact has to be made with the user in order to get the information. ... that's a "feature" ?

But wouldn't the IP address and port eventually be necessary if you'd ever want to make a contact with a person?


In October 2011, they published results showing how to surreptitiously track the city-level location of 10,000 Skype users for two weeks. Given how popular Skype is in the industry, the researchers described how the flaw could be used for corporate espionage: a firm could track the movements of rival employees as they travel to determine where they’re doing business and with whom.

If someone is worried about tracking, then use something else. People can be tracked if they carry an ON cell phone, for example, and most people don't seem to be too upset about that.
--
Palin 2012!


JohnInSJ
Premium
join:2003-09-22
San Jose, CA
reply to chachazz

said by chachazz:

the researchers described how the flaw could be used for corporate espionage: a firm could track the movements of rival employees as they travel to determine where they’re doing business and with whom.

Skype is not an approved business voip tool - at least not in any company I have every worked for.
--
My place : »www.schettino.us


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3
reply to chachazz

96.51.214.45

Like I already get scanned like a billion times an hour from infected systems all over the internet (and they just start at 'A' and work their way through to 'Z')

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool



jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2

Lol...that's the way I look at it. My IP is about as secure as I am. (And I hide in the closet with the lights off shaking when somebody knocks on my front door).
--
I had a life once.....now I have a Computer and a Modem.