A security researcher has found it’s possible to reveal a Skype app user’s IP address without the target needing to even click a link. Microsoft said the vulnerability does not need immediate attention.
A security researcher has found it’s possible to reveal a Skype app user’s IP address without the target needing to even click a link. Microsoft said the vulnerability does not need immediate attention.
i did too. i’m genuinely not sure why it exists. microsoft is making teams into its favorite productivity app, and i can’t think of anything skype has that teams doesn’t. why does skype still exist?
On a serious note, most of those people (activists, journalists, etc.) aren't exactly the computer savvy types, nor have the time or resource to spend learning about matters they seldom know about, and yet they are the ones that desperately need this knowledge. They might have an important message to be sent. What would you use to spread the message in their shoes?
Sure, we the tech guys, especially subscribed to privacy related communities, can talk about Tor browser or threat modeling all day. But have you tried bring that up in social circles, if any?
Non tech minded activists will simply use the tools at their disposal: messaging apps? sure; social media apps, if looking for message amplification, whatever it runs on their cheap android phone. Metadata? IP? Profiling? Browser fingerprinting? Some are aware of it, as they also had to endure internet censorship growing up. It's a trade they make knowingly or unknowingly between the cause and their physical and mental health.
We can laugh at their ignorance all we want, but this is how we become the Ivory tower that fuels resentment.
People used to use this attack in League of Legends a decade ago. If they're losing, they guess someone might have Skype open; and moreover, that their Skype is the same as their summoner name. Then they get an ip address and ddos the entire lobby, causing the game to crash (I think it happened in one of my games maybe once, but I didn't really play ranked other than team ranked).
Also, since all pro & semipro players had each other added, this was possible to do at any time during online tournaments (which was most tournaments - TSM invitational etc). So there were always rules that ddossing was disallowed. But it did happen.
Known ddossers were more hated in the community than known flamers, but a few people who did it "reformed" and went on to be pro players anyway.
With just an IP? Then the system is broken. Because an IP is often easy to get, and everything that directly connects to you needs your IP, unless you use a VPN I guess.
Every website knows your IP. Every internet application knows your IP. Everyone in a peer-to-to-peer network knows your IP. It's not a secret, it's just your internet address. It is designed to be known.
When Skype was still in common use, this was a very known issue. I’m in lots of gaming communities, and you had to be careful about who knew your username because you could have your IP exposed then get DDoS.
Possibly they patched it and this is a new instance of this, but it was like this for years and years before.
Wait you can still do this? I was booting people off games when they would use the same user as their Skype over 10 years as a script kiddie, how is it not patched by now
Lol I love how behind the times academics can be. This literally was a big thing used to ddos streamers back in the day like 2010s-2015s. All that needed to happen was they accepted a call and since Skypes peer to peer the hacker instantly got their IP. I remember Destiny being targeted for a while by it.
Was common practice in procurement for me and my team, still have contacts at ASRock / Keychron / Logitech / SteelSeries / Beacn / HYTE / Maxsun and many more.
Was a platform that was used early on and has carried through. Factories in China will commonly use WeChat but many of the more mainstream western brands will default to Skype.