All the latest UK technology news, reviews and analysis


Skype flaw allows for collection of user IP addresses

01 May 2012

Skype is warning users that some personal details may be at risk following the launch of a site devoted to harvesting user IP addresses.

The Skype IP-Finder site allowed third-parties to see a user's last known IP address by simply typing in a user name.

"We are investigating reports of a new tool that captures a Skype user's last known IP address," Skype director of product Security Adrian Asher said in a statement released to V3.

"This is an ongoing, industry-wide issue faced by all peer-to-peer software companies."

The search tool, which has since been taken offline, exploits a recently discovered vulnerability in Skype.

The original vulnerability was detailed by an unidentified user on the note-sharing site Pastebin.

Instructions on the site explained how a user could download a patched version of Skype that would "help you to get info about Skype user: City, Country, Internet provider and internal user IP-address."

While the original vulnerability was quickly fixed by de-authorising any Skype user who used the modified patch, the search portal allowed for users to find out private IP information without the need for the modified patch.

The result was a system in which anyone can collect personal Skype data with just a user name.

The disclosure comes as Skype looks to move forward from its $8bn acquisition by Microsoft. Since the deal closed, the company has seen its VoIP platform become a key component in Microsoft's enterprise communications plans.

 

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols
About

Shaun Nichols is the US correspondent for V3.co.uk. He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus
Poll

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?
20%
14%
5%
20%
30%
11%

Popular Threads

Powered by Disqus
Google Android logo

How to take a screenshot on Android

A step by step guide to how to screen-grab on a Google-powered smartphone

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv33

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery

rdc2

iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Data Modeller

Data Modeller required for a client investing in the...

1st/2nd Line Support Analyst - Service Desk Analyst - CONTRACT

Service Desk Analyst - 1st Line Support - 2nd Line Support...

Software Development Engineer

Develop: Customise: Configure. Maximise your technical...

Senior / Lead ASP.NET Developer

Senior / Lead ASP.NET Developer Retox Digital is...
To send to more than one email address, simply separate each address with a comma.