New Skype Exploit Can Reveal Users’ IP Addresses
To pull off the trick, all you have to do is add a specific Skype user to your list with debug log file creation turned on. By going to add the person as a contact, but not sending a request, and looking at the target’s information card, Skype will make note of the target’s IP. All anyone has to do then is dig the IP out of the debug files. Once you’ve got yourself an IP, you can go ahead and do all sorts of stuff like attack the computer or use a whois service to get more information on who the person actually is.
Granted, if you’re relying on keeping your IP secret as your only form of security, you’re already in trouble. The whois stuff, on the other hand, could be a bit more of an issue. Fortunately, until Skype deals with the issue, there is an easy fix; don’t be on Skype. The exploit only works on online users, so staying logged off effectively limits the risk. Or you could use a VPN, but not being on Skype is probably easier.
When it comes to fixing the problem, Skype is on it.
“We are investigating reports of a new tool that allegedly captures a Skype user’s last known IP address. This is an ongoing, industry-wide issue faced by all peer-to-peer software companies,” said a Skype representative. “We are committed to the safety and security of our customers and we are takings measures to help protect them.”
In the meantime, if everybody’s out to get you, you might want to stick to phones. Or, like, cowering in the back corner of the closet, draped in musty overcoats, and wearing a tinfoil hat.
(via CNET)
Have a tip we should know? tips@themarysue.com
