News

Skype Flaw Discloses IP Addresses

A security vulnerability in Skype could allow someone to identify a targeted user's IP address, according to a posted exploit on Pastebin.

The exploit instructions, posted by an anonymous individual, provides details on how to download a modified version of Skype 5.5 that could allow an attacker to turn on the debug-log file with the addition of specially crafted registry keys. The attacker can then view a user's Vcard (file format standard used by Skype), whether they appear on the attacker's friend list or not. The attacker would then have access to a user's IP address, city, country and specific Internet provider.

While Skype, which was purchased by Microsoft for $8.5 billion last year, hasn't confirmed whether the exploit is real, it said it is currently looking into the issue.

"We are investigating reports of a new tool that allegedly captures a Skype user's last known IP address," said a Skype representative. "This is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the safety and security of our customers and we are takings measures to help protect them."

In October of last year, Skype acknowledged that it was theoretically possible to identify a user's IP address "just as with typical internet communications software", said Adrian Asher, Skype's chief information security officer, to Network World. Asher said that Skype continually monitors and improves security measures to avoid these types of exploits from spreading.

In response to the new exploit Skype has already begun blocking accounts of those using the modified client, according to Marcus Carey, security researcher for Rapid7. However, he believes that this will just cause attackers to create multiple accounts to avoid being detected and deleted.

He also said that if in the right hands, this exploit could be used in crime prevention. "This particular exploit is very beneficial to law enforcement personnel trying to gain the location of criminals who use Skype to communicate over the Internet," said Carey in an e-mailed response.

 

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

comments powered by Disqus