Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: On Skype URL eavesdropping
From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 16 May 2013 19:17:55 -0400

On Thu, May 16, 2013 at 5:41 PM, Kirils Solovjovs
<kirils.solovjovs () kirils com> wrote:
You may have read about this in another list.

I'd like to give out some observations and point out some not so obvious
risks (as if Microsoft Skypyingâ„¢ on your conversations is not enough).

Requests always come from the same IP
They have referrer and user agent set to a dash "-".
They are always HEAD requests which immediately follow 302 redirects.
They access both http and https links despite some speculations saying that
they do it one way or the other.
This is a relatively new phenomena that by my accounts is happening since
the end of April 2013.
Back to the point. Now that it's clear that [at least] links from users'
private chats somehow magically end up at Redmond, it's obviously a privacy
issue of having some usernames/password/sessions/whatever embedded in the
There could be legal concerns here too (if a prosecutor takes interest
if folks besides the Swartz's of the world).

I can't wait to see the first CFAA violation brought against
interception services like these. Consider: the owner of the remote
server surely did not authorize the interception service to access the
site with a user's username and password. That's a clear violation of
exceeding one's authority under the CFAA since the interception
service had no authority from the server's owners.


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]