Skype bug allows capturing of users' IP address
Posted on 01 May 2012.
Skype users that might - for whatever reason - wish to remain anonymous are currently in danger of getting their remote and local IP addresses discovered via a very simple trick.


The instructions for the exploitation of the bug that allows it were found on Pastebin by the Skype-Open-Source blogger, who tested them and confirmed they were effective.

The preparation for the uncomplicated execution of the process requires the download of a modified version of the Skype VoIP software and the addition of a few registry keys to turn on the creation of a debug-log file.

Next, the snooper must move to add the target's contact name to Skype and click on the user to view his information card. The action will make the IP addresses appear in the log file, and can be used to discover the city and country where the user is based, as well as his ISP.

H-Online confirmed that the exploit works and that even when a user was logged in with multiple clients, the IP addresses for all the clients were visible.

Shortly after they also discovered a web service (skype-ip-finder.tk) that offers the Skype users' IP address information without the need to have a valid Skype account.


One must simply enter the target's Skype username, solve a CAPTCHA, and get the IP address.

According to Neowin.net, Microsoft has reacted to the news by saying that an investigation into the matter is ongoing.

"This is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the safety and security of our customers and we are takings measures to help protect them," stated Adrian Asher, director of product security for Skype.






Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //