页面

2012年5月14日星期一

Re: Skype 泄露你的IP地址和地理位置

http://www.h-online.com/security/news/item/Skype-divulges-user-IP-addresses-Update-1564236.html
30 April 2012, 17:53
Skype divulges user IP addresses - Update
According to a blog post, a modified version of the Skype VoIP software can be used to easily find out the IP address of any valid Skype user. No contact has to be made with the user in order to get the information. This IP could then be used to find out other personal details about the user, such as their location or even their employer.

With a certain registry key, the manipulated version of Skype will create a log file with information including other users' external and internal IP addresses. These IPs can be retrieved simply by opening up a user's profile with the Skype client. In a test conducted by The H's associates at heise Security, the log file always showed the correct IPs – and when a user was logged in with multiple clients, the IP addresses for all the clients were visible.


The skype-ip-finder.tk web service reliably finds out Skype users' IP addresses
Shortly after this was discovered, a hacker known as "Zhovner" put together the skype-ip-finder.tk web service. After a CAPTCHA has been submitted, the service can be used to find out IPs even without the special Skype client, and therefore without having to use a valid Skype account.

The service uses a modified version of Skype's SkypeKit SDK that is currently only available via BitTorrent, and Zhovner has put the necessary Python scripts on GitHub. In a post on Hacker News, Zhovner says that Skype has already banned his account, likely because of his experiments.

Update 03-05-12: According to Sophos, Skype, now owned by Microsoft, has known about the IP address security flaw since November 2010, when it was first disclosed to the company by researchers from the French Inria institute and the Polytechnic Institute of New York University.

(crve)

Skype 泄露你的IP地址和地理位置  http://lihlii.blogspot.com/2012/04/skype-ip.html

喜欢这篇文章吗?欢迎发空信给 lihlii+subscribe@googlegroups.com 订阅《童言无忌》邮件组 发空信给 jrzl+subscribe@googlegroups.com 订阅《今日知录邮件组》。


发表评论