[liberationtech] Microsoft Accesses Skype Chats
Eugen Leitl
eugen at leitl.org
Fri May 17 05:01:10 PDT 2013
On Fri, May 17, 2013 at 07:31:24AM -0400, Rich Kulawiec wrote:
> Everyone who thinks that's the *only* thing that Microsoft is quietly
> doing behind everyone's back, raise your hand.
>
> And incidentally, the proffered rationale for this doesn't fly, given
> that (a) they're only sending HEAD: actually scanning destination URLs
> for malware et.al. would require fetching the whole page and (b) they're
> only retrieving HTTPS URLs (per Heise) which is not what someone actually
> looking for malware would do. Moreover (c) even if they classified
> a URL as malicious, let's say https://example.net/blah, the recipient
> of said URL is likely to access it via a data path outside their control,
> thus -- unless they blocked it *inside* Skype -- they have no way to
> prevent access to it and delivery of whatever malware payload awaits.
PR meltdown was eventually detected by the mothership Borgcube:
http://www.heise.de/newsticker/meldung/Skypes-ominoeser-Link-Check-stillgelegt-1865275.html
http://www.heise.de/security/artikel/Mehr-Fakten-und-Spekulationen-zu-Skypes-ominoesen-Link-Checks-1865370.html
> Source code is truth; all the rest is smoke and mirrors, hype and PR.
> If Microsoft had the *slightest* interest in telling y'all the truth,
> then they would have answered the group letter earlier this spring with
> code, not with glib prose crafted by a committee of talented spokesliars.
>
> ---rsk
>
> p.s. Heise's discovery is an existence proof that it's possible to
> intercept the contents. Therefore we must presume that other entities
> besides Microsoft may have this capability -- doubly so given that some
> of those entities have not only the resources, but the motivation.
More information about the liberationtech
mailing list