[liberationtech] Comments on Internews new "information security guide"
Maxim Kammerer
mk at dee.su
Wed Nov 14 02:20:41 PST 2012
On Wed, Nov 14, 2012 at 2:02 AM, Eric S Johnson <crates at oneotaslopes.org> wrote:
> Alternatively, since (like OTR) no Skype communication is known to have ever
> been successfully in-line-intercepted […]
I guess it depends on your definition of “in-line interception”, but
there is a topic making rounds in Russian blogosphere today about
hijacking Skype accounts based on knowledge of victim's email. You can
download chat history from conversation partners (or possibly even
from the victim who is logged in elsewhere) after that. Apparently,
Skype was vulnerable to the method for at least several months (with
many users hijacked), and ignored reports by the blogger in question.
It seems that they put in some crude temporary fix today, partially
disabling users' ability to reset passwords.
http://habrahabr.ru/post/158545/ (Russian, with details and noise)
http://en.ria.ru/world/20121114/177453756.html (English, summary)
--
Maxim Kammerer
Liberté Linux: http://dee.su/liberte
More information about the liberationtech
mailing list