![]() "However, despite a major infrastructure upgrade last year, Skype is still vulnerable to location tracking. "That would prevent low-resource third parties, such as resolvers, to track Skype users," Le Blond wrote in an email to KrebsOnSecurity. The simplest way to address these privacy issues would be to relay all Skype signalling traffic (known in telecommunications circles as 'handshakes') through proxies which disguise the original address, said Stevens Le Blond, a researcher at the Max Planck Institute for Software Systems in Germany. "This is an ongoing, industry-wide issue faced by all peer-to-peer software companies." "We are investigating reports of tools that capture a Skype user's last known IP address," a spokesperson for Skype said in an emailed statement. Skype was purchased by Microsoft in 2011, but Microsoft appears to have done little to address this privacy weakness, despite the attention brought to it and the proliferation of sites offering tools to exploit it. This process writes the IP address of the requested username to the debug log, in plain sight." "This client simply attempts to add the requested username to a contact list and parses the target account's 'information card' (if available). "A simple script is used to construct a link containing a Skype username, which is passed to the modified client," Levene said. Levene said the resolvers work by using a modified Skype client (version 5.5 or 5.9) to create a debug log. ![]() "It's basically a protection scheme," Levene said. ![]() ![]() Many of these resolver services offer "blacklisting," which for a fee will allow users to prevent other users from looking up the IP address attached to a specific Skype account, said Brandon Levene, an independent security researcher. The resolvers work regardless of any privacy settings the target user may have selected within the Skype program's configuration panel.īeyond exposing one's internet connection to annoying and disruptive attacks, this vulnerability could allow stalkers or corporate rivals to track the movement of individuals and executives as they travel between cities and states. The idea being that if you want to knock someone offline but you don't know their internet address, you can simply search on Skype to see if they have an account, and then use the resolvers to locate their IP. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |