Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Privacy Communications Security Your Rights Online

Hacked Skype IP Address Search Shows Who's Speaking From Where 84

Posted by timothy from the we-see-you-mr-appelbaum dept.
mask.of.sanity writes "An online search portal has been launched that reveals the IP addresses of any Skype user. The portal needs only a Skype username entered in a search bar for it to produce the IP address of a target user. It then uses IP addresses to geo-locate users on a map and reveal their ISP information."
This discussion has been archived. No new comments can be posted.

Hacked Skype IP Address Search Shows Who's Speaking From Where More

Hacked Skype IP Address Search Shows Who's Speaking From Where

Comments Filter:

  • not surprising (Score:4, Insightful)

    by v1 ( 525388 ) on Tuesday May 01, 2012 @12:59PM (#39858799) Homepage Journal

    Can be done very simply with a little bit of tcpdump. they're just sniffing network traffic from the machine to reveal information that skype doesn't normally display.

    They make it sound like it's some awesome service hacking app when it's just displaying information the client app is just choosing not to show you.

    Does this really surprise anyone? Skype directly connects you to another user. Their servers aren't a relay, they're just a meeting point to hook users together. Both users' computers simply have to have the IP address of the other person for their service to function. (though I could see them relaying just text traffic, but certainly not audio/video)

  • Re:not surprising (Score:5, Insightful)

    by Talennor ( 612270 ) on Tuesday May 01, 2012 @02:17PM (#39859785) Journal

    http://en.wikipedia.org/wiki/NAT_traversal [wikipedia.org]

    Skype servers help make the connection, but aren't involved in the data stream.

  • Re:not surprising (Score:5, Insightful)

    by s_p_oneil ( 795792 ) on Tuesday May 01, 2012 @03:06PM (#39860395) Homepage

    "Can be done very simply with a little bit of tcpdump."

    Um, no. Not even close. This is a web site that can find any Skype user in the world by their Skype username. No one (not even the web server) needs to have Skype installed to use this, and no packet sniffing is being done. Since the encryption used for Skype's TCP connections starts with a Diffie-Hellman key exchange, a tcpdump would be pretty useless. Sure you could see your own Skype client talking to 100 different IP addresses, but you wouldn't have any idea who was at the other end of them, and you would have no way of sniffing the packets of every Skype user world-wide.

    I agree that this isn't surprising, though. Skype's protocol has been cracked (and those cracks have been published) so that anyone could write a program to talk to the Skype supernodes (any normal Skype client that allows incoming connections can be promoted to a supernode) and to perform this kind of search. The problem here lies in how much Skype supernodes trust any client that knows how to speak its language. The author considered that part of the Skype client to be sufficiently crack-proof, but he was wrong.

Slashdot Top Deals

One man's constant is another man's variable. -- A.J. Perlis

Close