It's been more than a year since the WSJ reported that Skype leaks its users' IP addresses and locations. Microsoft has done nothing to fix this since, and as Brian Krebs reports, the past year has seen the rise of several tools that let you figure out someone's IP address by searching for him on Skype, then automate launching denial-of-service attacks on that person's home.
In the above screen shot, we can see one such service being used to display the IP address most recently used by the Skype account “mailen_support” (this particular account belongs to the tech support contact for Mailien, a Russian pharmacy spam affiliate program by the same name).
Typically, these Skype resolvers are offered in tandem with “booter” or “stresser” services, online attack tools-for-hire than can be rented to launch denial-of-service attacks (one of these services was used in an attack on this Web site, and on that of Ars Technica last week). The idea being that if you want to knock someone offline but you don’t know their Internet address, you can simply search on Skype to see if they have an account. The resolvers work regardless of any privacy settings the target user may have selected within the Skype program’s configuration panel.
Beyond exposing one’s Internet connection to annoying and disruptive attacks, this vulnerability could allow stalkers or corporate rivals to track the movement of individuals and executives as they travel between cities and states.
Privacy 101: Skype Leaks Your Location
The CBC asked me to write an editorial for their package about Canadian identity and politics, timed with the 150th anniversary of the founding of the settler state on indigenous lands. They’ve assigned several writers to expand on themes in the Canadian national anthem, and my line was “We stand on guard for thee.”
In a paper for IEEE Security, researchers from Cyberpion and Israel’s College of Management Academic Studies describe a “Password Reset Man-in-the-Middle Attack” that leverages a bunch of clever insights into how password resets work to steal your email account (and other kinds of accounts), even when it’s protected by two-factor authentication.
U.S. Girl Scouts as young as 5 years old will soon be able to earn their first-ever cybersecurity badges. 18 of these merit patches will be launched by the Girl Scouts of the USA starting in September, 2018.
Although flagship smartphones are unlikely to adopt heavy-duty outer casing anytime soon, you can always prepare your device for the outdoors with a beefy case and and an external battery like this Nomad Tile Trackable PowerPack, available in the Boing Boing Store for $119.95.The Nomad Tile can fully recharge an iPhone 7 over three times […]
Even though credit cards now feature an EMV chip for securing transactions, they still have to include the magnetic strip for compatibility with older point of sale systems. Because of this, there’s no way for the chip’s new security capabilities to protect against card skimmers in the wild.How do you protect yourself from legacy-technology-induced fraud? […]
As the old saying goes, “You should sit in meditation for 30 minutes every day. Unless you are too busy, in which case you should meditate for an hour.” Since most of us have an endless list of things to do and people to see, carving out quiet time can feel impossible, especially when most […]