Newly found Skype exploit can reveal user's IP address

I don't see how this is an issue for most individuals...

Sure an individual could get hit by a DDOS attack but they could always contact their ISP to change IPs...

Any business should have appropriate measures set up to avoid such attacks.
The solution is probably simple but will be very hard to implement without forcing everyone to update skype before using...
 
Even so... Any software vulnerability like this, no matter how seemingly minor, should be rectified.
 
[h=2]Skype slurping software threatens IP exposure[/h]
Code posted online that can skim the last known IP address of users is being checked out by Skype as a possible security flaw.
The software, posted on Pastebin, works on a patched version of Skype 5.5 and involves adding a few registry keys that allow the attacker to check the IP address of users currently online without calling them.
Services like Whois will then give some other details on the city, country, internet provider and/or the internal IP-address of the target.


http://www.theregister.co.uk/2012/05/01/skype_ip_security/
 
Skype knew about IP address security flaw since November 2010


Skype learned about a security hole that reveals users' IP addresses about 18 months ago, according to the security researchers who discovered the vulnerability.

The vulnerability came to light last week, when Pastebin disclosed the simply executed exploit.

The hole allows for the surreptitious downloading of information from Skype users, including a victim's city, country, Internet provider and IP address.
http://nakedsecurity.sophos.com/201...Feed:+nakedsecurity+(Naked+Security+-+Sophos)
 
Back
Top