30 April 2012, 17:53
Skype divulges user IP addresses - Update
According to a blog post, a modified version of the Skype VoIP software can be used to easily find out the IP address of any valid Skype user. No contact has to be made with the user in order to get the information. This IP could then be used to find out other personal details about the user, such as their location or even their employer.
With a certain registry key, the manipulated version of Skype will create a log file with information including other users' external and internal IP addresses. These IPs can be retrieved simply by opening up a user's profile with the Skype client. In a test conducted by The H's associates at heise Security, the log file always showed the correct IPs – and when a user was logged in with multiple clients, the IP addresses for all the clients were visible.
Shortly after this was discovered, a hacker known as "Zhovner" put together the skype-ip-finder.tk web service. After a CAPTCHA has been submitted, the service can be used to find out IPs even without the special Skype client, and therefore without having to use a valid Skype account.
The service uses a modified version of Skype's SkypeKit SDK that is currently only available via BitTorrent, and Zhovner has put the necessary Python scripts on GitHub. In a post on Hacker News, Zhovner says that Skype has already banned his account, likely because of his experiments.
Update 03-05-12: According to Sophos, Skype, now owned by Microsoft, has known about the IP address security flaw since November 2010, when it was first disclosed to the company by researchers from the French Inria institute and the Polytechnic Institute of New York University.
(crve)Skype 泄露你的IP地址和地理位置 http://lihlii.blogspot.com/2012/04/skype-ip.html
喜欢这篇文章吗？欢迎发空信给 email@example.com 订阅《童言无忌》邮件组 发空信给 firstname.lastname@example.org 订阅《今日知录邮件组》。