It's been more than a year since the WSJ reported that Skype leaks its users' IP addresses and locations. Microsoft has done nothing to fix this since, and as Brian Krebs reports, the past year has seen the rise of several tools that let you figure out someone's IP address by searching for him on Skype, then automate launching denial-of-service attacks on that person's home.
In the above screen shot, we can see one such service being used to display the IP address most recently used by the Skype account “mailen_support” (this particular account belongs to the tech support contact for Mailien, a Russian pharmacy spam affiliate program by the same name).
Typically, these Skype resolvers are offered in tandem with “booter” or “stresser” services, online attack tools-for-hire than can be rented to launch denial-of-service attacks (one of these services was used in an attack on this Web site, and on that of Ars Technica last week). The idea being that if you want to knock someone offline but you don’t know their Internet address, you can simply search on Skype to see if they have an account. The resolvers work regardless of any privacy settings the target user may have selected within the Skype program’s configuration panel.
Beyond exposing one’s Internet connection to annoying and disruptive attacks, this vulnerability could allow stalkers or corporate rivals to track the movement of individuals and executives as they travel between cities and states.
Privacy 101: Skype Leaks Your Location
It’s free for anyone to take, and Finns can get credit at the Open University of University of Helsinki (yes, that’s what it’s called).
The Dirty Cow vulnerability dates back to code included in the Linux kernel in 2007, and it can be trivially weaponized into an easy-to-run exploit that allows user-space programs to execute as root, meaning that attackers can take over the entire device by getting their targets to run apps without administrator privileges.
A China-based maker of surveillance cameras said Monday it will recall some products sold in the United States after a massive “Internet of Things” malware attack took down a major DNS provider in a massive DDOS attack. The stunningly broad attack brought much internet activity to a halt last Friday.
TV antennas are making a comeback, and the Ghost Indoor HDTV antenna is a great example of why. Unlike the old bunny ear-style antennas, this compact antenna is barely noticeable and picks up channels easily. Plus with the addition of streaming services like Netflix, we find ourselves with plenty to watch without a pricey monthly cable bill. The Ghost […]
I’ve never really felt the need to purchase a smartwatch because a lot of them aren’t very functional, but at just shy of $30, the Martian Notifier Smartwatch was worth checking out. For that low of a price, it actually does feature an impressive amount of functionality, and comes in handy when you don’t want to be carrying around your […]
Geek Fuel is a subscription delivery service that caters to those of us that love comics, gaming, and general geek culture. Every month, Geek Fuel will assemble a box of goodies with a value of $50 or over. The specific items are a mystery, but you’ll always get an exclusive t-shirt not found anywhere else, a full […]