[liberationtech] skype

[Andreas Bader]

Anthony Papillion:
> On 03/22/2013 02:21 PM, Andreas Bader wrote:
>> Anthony Papillion:
>>> On 03/22/2013 05:23 AM, Joseph Lorenzo Hall wrote:
>>>
>>>
>>>> On 3/21/13 9:36 PM, Michael Carbone wrote:
>>>>> Anyone looked into the reports that Skype leaks your IP
>>>>> address? Apparently you do not have to interact with the person
>>>>> whose location you are interested in to be able to get their
>>>>> IP address.
>>>
>>>> I think this is (still) the vulnerability Kieth Ross and his
>>>> team at NYU-Poly found a few years ago... last I talked to him
>>>> this particular flaw was still exploitable and hadn't been
>>>> fixed:
>>>
>>> That is definitely true. Basically, you can get the IP address the 
>>> account last logged in from. Do a search for 'Skype Resolver' and 
>>> you'll find a bunch of services that do this.
>>>
>>> Here's one: http://www.anonware.net/index.php?page=resolver
>>>
>>> Put in the Skype username. If it fails, try again as it sometimes 
>>> messes up the first time. Apparently, Microsoft has not fixed this
>>> yet.
>>
>> Is this the same "Script Kiddie Hack" that was available for IQC a few
>> years ago? Don't you think that will solve itself?
> 
> Possibly. I've not read up on the details of it yet. But, regardless, it
> does show that Skype leaks information that could be used in an attack.
> 
> How did it solve itself with ICQ?
I will say it in an easy way:
ICQ realized that they fucked up and fixed it.
Don't know how, but they got it.
But that happened 3 or 4 years before now.