dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
7643
share rss forum feed


carpetshark3
Premium
join:2004-02-12
Idledale, CO
reply to Dude111

Re:  

What can MS do with Skype on a Linux machine? They can't use Windows updates.

I suppose Skype on Android would have the same question.


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
said by carpetshark3:

What can MS do with Skype on a Linux machine? They can't use Windows updates.

I suppose Skype on Android would have the same question.

What's the question?
--
--Standard disclaimers apply.--
The preceding posting is null and void in Arizona and any other jurisdiction where prohibited by law.


Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5
reply to Dude111
said by Dude111:

I highly doubt it was a mistake Steve

No, it was a mistake. In this thread, pay attention to the Microsoft guy WSUS suddenly installed Skype on 06/27/12
said by MSFT guy :

this is not the expected behavior for the Skype update. It should only be installed to PCs where an earlier version of Skype is already present.

Would you consider sending a ZIP version of a WindowsUpdate.LOG file from an affected PC directly to me at (email)

...
said by MSFT guy :

If anyone affected could send me a WindowsUpdate.LOG from an affected PC, I can investigate. Please ZIP the file and send it directly to me at (address)

I convinced a previous (perhaps even ancient) version of Skype was already installed on these PCs.

...
said by MSFT guy :

Thanks to those who sent me their logs, we've identified the issue and have expired the update.

This kind of thread is exactly how we normally see these problems resolved: Microsoft does whatever testing they do, then release it, and when they get feedback, they dig in and fix when necessary. I have personally sent in WindowsUpdate.LOG files to Microsoft to resolve installer issues that ended up getting fixed.

I suppose one could claim that the above was all a charade and that Microsoft really believed that 1 billion people wouldn't notice, but I'm stickin' with the "mistake" theory.

Steve
--
Stephen J. Friedl | Unix Wizard | Security Consultant | Orange County, California USA | my web site


Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:13
quote:
No, it was a mistake. In this thread, pay attention to the Microsoft guy
Oh my....... Are you that asleep?

YOU REALLY EXPECT HIM TO SAY ANYTHING OTHERWISE??


Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5

1 recommendation

You have your tinfoil on backwards: it's shiny side out

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS

1 recommendation

YOU REALLY EXPECT DUDE111 TO SAY ANYTHING OTHERWISE??

It must be nice to live in the dud's world, where no-one ever makes a mistake: it's all conscious and deliberate strategy to enslave everyone.

There's one thing that puzzles me; if the QA is so damn good that no-one ever ships buggy code, why are they so bad at concealing their evil schemes?


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
said by dave:

There's one thing that puzzles me; if the QA is so damn good that no-one ever ships buggy code, why are they so bad at concealing their evil schemes?

MS never shipped buggy code?
--
--Standard disclaimers apply.--
The preceding posting is null and void in Arizona and any other jurisdiction where prohibited by law.


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
reply to Steve
I'm with Dude111 See Profile on this one, while it probably was a mistake, MS doesn't get a free pass, invasions of privacy are assumed intentional.
--
--Standard disclaimers apply.--
The preceding posting is null and void in Arizona and any other jurisdiction where prohibited by law.


Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5

Re: Skype installed w/o consent

said by AVD:

I'm with Dude111 See Profile on this one, while it probably was a mistake, MS doesn't get a free pass, invasions of privacy are assumed intentional.

Giving you the benefit of the doubt for your poor judgement (regarding the dud, not MSFT), what's the possible benefit to Microsoft for doing something like this on purpose and then orchestrating the expiration of the update.

What conversations do you imagine that might have led to an intentional act like this?

If it were on purpose, why wouldn't it have been done to all Windows Updates users, not just enterprises using WSUS?

I'm all for thinking that Microsoft is evil - and sometimes I mostly agree - but there has to be at least a figment of an upside for them to make this claim anything other than ridiculous.

Steve

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS
reply to AVD

Re:  

said by AVD:

MS never shipped buggy code?

According to my understanding of Dude111 See Profile's position, it's all deliberate. Maybe starting with the WMF security problem, which the dude astutely observes that Microsoft was behind.


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
reply to Steve

Re: Skype installed w/o consent

Don't forget, Skype is a distributed system. The more devices directly connected to a network running skype, the better it works.



Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5
said by AVD:

Don't forget, Skype is a distributed system. The more devices directly connected to a network running skype, the better it works.

Sure, but is there any allegation that whatever is pushed to the PCs actually joins the Skype network, or doesn't it have to be actively signed on with a valid Skype username? Will any unwilling victims actually be made to join the network?

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS
reply to AVD

Re:  

said by AVD:

I'm with Dude111 See Profile on this one, while it probably was a mistake, MS doesn't get a free pass, invasions of privacy are assumed intentional.

How was this 'an invasion of privacy?'. Am I missing something?

Skype was installed on machines that had not previously had Skype installed. Is there some way to use Skype to turn on monitoring without the knowledge or consent of the computer user?

(I assume my privacy was not at risk, since no camera, mic, or speakers...)

At most this seems, if deliberate, to be a case of foisting unwanted software on people.

Skype was instantly deinstallable.

Also, my understanding is that this only affected WSUS users. Isn't that just "places with IT departments"? Which I take to mean places with people who can figure this out and take appropriate action.


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to Dude111
said by Dude111:

said by Fern Rivas :
Most people just think "Skype? Cool.." and move along while their datastreams are being monitored. Makes perfect sense.
Exactly my friend!

Anything to make it even EASIER to spy on people!! (This gives them voice and maybe video also)

Curious. See the screen shots. I expanded the Task Manager list as far as possible, and sorted it two ways. Unless I explicitly invoke Skype, how does it "spy" on me?

When will Skype start?


If Skype isn't invoked?

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
Didn't realize this was the security forum (thought it was the pub), so I'll stop posting flippant replies. But I gotta say you guys are acting real naive here.
--
--Standard disclaimers apply.--
The preceding posting is null and void in Arizona and any other jurisdiction where prohibited by law.


carpetshark3
Premium
join:2004-02-12
Idledale, CO
Reviews:
·CenturyLink
reply to AVD
If you are running Skype on anything else but Windows, can MS FORCE an update or inject commercials into an older version?

Updates for Android apps usually go through Google Play, and you can turn off auto updating.

Update Manager tells you what updates are available, and you don't have to install them, although FX tried to update automatically bypassing Update Manager. So can MS sneak an update through on Ubuntu/Android directly?


Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:13
quote:
If you are running Skype on anything else but Windows, can MS FORCE an update or inject commercials into an older version?
No i dont think they can..... Staying with an older version is the best thing if your gonna be on that! (IF THEY DONT DISABLE THE OLDER VERSIONS THAT IS)

said by dave :
Skype was installed on machines that had not previously had Skype installed.
Yup exactly Dave,they hope people will use it SO THEY CAN THEN SPY ON THEM IN MORE WAYS!!

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS
That's a pretty serious attack vector, then - "hoping" people will use it.

I take it you didn't bother to read my earlier link, on people who believe in conspiracy theories? (tl;dr summary: people who believe in one conspiracy theory will tend to believe in any conspiracy no matter how implausible).


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to Dude111
said by Dude111:

Yup exactly Dave,they hope people will use it SO THEY CAN THEN SPY ON THEM IN MORE WAYS!!

But even the latest version of Skype has a checkbox to "Start when Windows starts". I don't recall what the default was on installation; I have a tendency to disable the "Start when Windows starts" on most of my applications which might "spy" on me.

If the Skype process isn't running, do you suppose they do something else to "spy" on me? But I lead a mostly boring life, so what do they think they will get by all this spying?

On another plane, how do I keep my data packets from traversing AS7018 ("AT&T Services"), where the NSA is plugged in?
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


NICK ADSL UK
Premium,MVM
join:2004-02-22
kudos:16
reply to FF4m3

Re: Microsoft Installs Skype Without Consent

That's a nice bonus for many


carpetshark3
Premium
join:2004-02-12
Idledale, CO
I don't want those commercials you are supposed to "discuss" as they appear on your screen. If they want to eavesdrop on a conversation about my cats' toilet habits -------


FF4m3

@bhn.net
reply to FF4m3
Microsoft silently kills silent, automatic Skype install via Updates:

Microsoft has pulled the plug on a Windows update that snuck Skype onto business PCs.



Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5
said by the article :

One admin blasted:

I administer several banks that belong to a holding company. I had to dispatch techs immediately to remove the software from appx 25 machines first thing this morning because they are in the middle of an IT audit and Skype is definitely not going to pass.

If he's in that much of a high-security environment, why does he have WSUS set to auto-approve?

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS
said by Steve:

If he's in that much of a high-security environment, why does he have WSUS set to auto-approve?

... and in the middle of an "IT audit" too!

Wouldn't you think that a self-respecting IT audit would immediately fail an environment that was vulnerable to arbitrary unapproved overnight changes?


jabarnut
Light Years Away
Premium,MVM
join:2005-01-22
Galaxy M31
kudos:2
reply to FF4m3
Yeah, I was thinking the same thing. Like, what are they thinking?
As a side note, I have "auto-anything" turned off, so unfortunately, I had to install Skype manually.
I minor inconvenience, really.
--
I had a life once.....now I have a Computer and a Modem.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to Alpha_Tay
said by Alpha_Tay:

»en.wikipedia.org/wiki/Skype#Serv···of_China

Service in the People's Republic of China

Since September 2007, users in China trying to download the Skype software client have been redirected to the site of TOM Online, a joint venture between a Chinese wireless operator and Skype, from which a modified Chinese version can be downloaded.[95] The TOM client participates in China's system of Internet censorship, monitoring text messages between Skype users in China as well as messages exchanged with users outside the country.[96][97] Niklas Zennström, then chief executive of Skype, told reporters that TOM "had implemented a text filter, which is what everyone else in that market is doing. Those are the regulations." He also stated: "One thing that’s certain is that those things are in no way jeopardising the privacy or the security of any of the users."[98]

In October 2008, it was reported that TOM had been saving the full message contents of some Skype text conversations on its servers, apparently focusing on conversations containing political issues such as Tibet, Falun Gong, Taiwan independence, and the Chinese Communist Party. The saved messages contain personally identifiable information about the messages' senders and recipients, including IP addresses, usernames, land line phone numbers, and the entire content of the text messages, including the time and date of each message. Information about Skype users outside China who were communicating with a TOM-Skype user was also saved. A server misconfiguration made these log files accessible to the public for a time.[97][99][100]

This might help

SKYPE GOES OPEN SOURCE......FLAWLESS VICTORY:
AFTER MICROSOFT ACQUIRING SKYPE FOR 8.5 BILLION DOLLARS AND PROCEEDING TO ADD BACK DOORS FOR GOVERNMENT TO THE PROGRAM, THE SOFTWARE HAS BEEN HACKED AND IT'S SOURCE CODE RELEASED

»joindiaspora.com/posts/1799228
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:13

 

Ya that might be good if someone can figure out how to BLOCK BACKDOOR ACCESS!

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8

1 recommendation

or add it.

IamGimli

join:2004-02-28
Canada
kudos:2
reply to Dude111
said by Dude111:

Yup exactly Dave,they hope people will use it SO THEY CAN THEN SPY ON THEM IN MORE WAYS!!

If Microsoft's goal was to spy on people without people knowing it, why would they package the technology as a visible application that users can control and not just add the "spying" technology to a kernel patch?

They're the ones who engineer, program and package all Windows patches. Why would they use the least subtle, least efficient format to achieve something covert? It makes no sense whatsoever.

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS

1 recommendation

The tin-foik hat crowd already answered that one: "hidden in plain sight".

It's part of the basic conspiracy-nut mind-set. Failure to find evidence of a conspiracy is evidence that the conspiracy exists and furthermore shows you just how devious the conspirators really are.