Hackers Can Silently Grab Your IP Through Skype. Microsoft Is In No Rush to Fix It (www.404media.co)
from Debs@lemmy.zip to technology@lemmy.world on 28 Aug 2023 18:35
https://lemmy.zip/post/2022177

A security researcher has found it’s possible to reveal a Skype app user’s IP address without the target needing to even click a link. Microsoft said the vulnerability does not need immediate attention.

#technology

threaded - newest

Lettuceeatlettuce@lemmy.ml on 28 Aug 2023 18:41 next collapse

People still use Skype?

eager_eagle@lemmy.world on 28 Aug 2023 19:06 next collapse

You just hurt the feelings of 5 internet users

ChapolinColoradoNZ@lemmy.world on 28 Aug 2023 19:10 collapse

And mine.

Zorque@kbin.social on 28 Aug 2023 19:20 collapse

You're number 4.

ChapolinColoradoNZ@lemmy.world on 28 Aug 2023 22:30 collapse

Can I be number 3? I really wish I could get a medal.

partial_accumen@lemmy.world on 28 Aug 2023 19:25 collapse

People still use Skype?

Relevant parody

PipedLinkBot@feddit.rocks on 28 Aug 2023 19:25 next collapse

Here is an alternative Piped link(s): piped.video/watch?v=ZI0w_pwZY3E

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I’m open-source, check me out at GitHub.

Blizzard@lemmy.zip on 28 Aug 2023 19:46 next collapse

How have I missed that 🤣

TurnItOff_OnAgain@lemmy.world on 29 Aug 2023 11:32 collapse

Look at all of his other Message from the CEO of ____ videos. They are amazing.

Lettuceeatlettuce@lemmy.ml on 28 Aug 2023 20:10 collapse

Lol!!

jet@hackertalks.com on 28 Aug 2023 18:48 next collapse

Always on VPN is a good idea, or a VPN just for apps you don’t trust (like skype). github.com/Safing/portmaster is a nice visual firewall configurator that can do things like, this app, must use the firewall. (easy to configure split firewall)

jrest18n@lemm.ee on 28 Aug 2023 19:05 next collapse

When Skype was still in common use, this was a very known issue. I’m in lots of gaming communities, and you had to be careful about who knew your username because you could have your IP exposed then get DDoS.

Possibly they patched it and this is a new instance of this, but it was like this for years and years before.

AnonTwo@kbin.social on 28 Aug 2023 19:12 next collapse

Pretty sure this was already known. Just even back when Skype was relevant it wasn't fixed.

howrar@lemmy.ca on 28 Aug 2023 19:12 next collapse

If you connect to anything on the internet, you’re giving out your IP address. Why would this be any more of a concern?

TORFdot0@lemmy.world on 28 Aug 2023 19:18 next collapse

Users may consent to giving Microsoft their IP address but not to everyone who sends them a link

brianorca@lemmy.world on 28 Aug 2023 21:15 collapse

Because this can happen without you connecting to any suspicious server.

Sethayy@sh.itjust.works on 28 Aug 2023 23:10 collapse

At this point Microsoft is a suspicious server, and any data they could get from this they could just like… pay for from one of our overlords

havokdj@lemmy.world on 28 Aug 2023 19:28 next collapse

Is this even news? Literally an exploit as old as time.

[deleted] on 28 Aug 2023 21:18 next collapse

.

Bearigator@ttrpg.network on 28 Aug 2023 22:37 collapse

I remember my friends and I doing this in 2008. This really is super old

NegativeLookBehind@kbin.social on 28 Aug 2023 19:32 next collapse

Me who hasn’t used Skype in like 15 years: Oh no

silvercove@lemdro.id on 28 Aug 2023 19:49 next collapse

Is anyone still using Skype? Or is this a danger just to the last 10 people using it?

BradleyUffner@lemmy.world on 28 Aug 2023 20:17 next collapse

Ohh no, someone on the Internet might have my IP address! The horror! What if they try to ping me?!

sugartits@lemmy.world on 28 Aug 2023 21:10 next collapse

What if they leave an anonymous tip that you’re distributing CSAM?

SkyeStarfall@lemmy.blahaj.zone on 28 Aug 2023 22:46 collapse

With just an IP? Then the system is broken. Because an IP is often easy to get, and everything that directly connects to you needs your IP, unless you use a VPN I guess.

Every website knows your IP. Every internet application knows your IP. Everyone in a peer-to-to-peer network knows your IP. It’s not a secret, it’s just your internet address. It is designed to be known.

Sethayy@sh.itjust.works on 28 Aug 2023 23:09 collapse

Yk I was on the others side of this til this comment, like I was gonna say there’s a difference between corporations and malicious individual actors, but nowadays I’d trust some random individual 1000x before a company.

God I hope veilied becomes popular

RheingoldRiver@kbin.social on 28 Aug 2023 23:34 collapse

People used to use this attack in League of Legends a decade ago. If they're losing, they guess someone might have Skype open; and moreover, that their Skype is the same as their summoner name. Then they get an ip address and ddos the entire lobby, causing the game to crash (I think it happened in one of my games maybe once, but I didn't really play ranked other than team ranked).

Also, since all pro & semipro players had each other added, this was possible to do at any time during online tournaments (which was most tournaments - TSM invitational etc). So there were always rules that ddossing was disallowed. But it did happen.

Known ddossers were more hated in the community than known flamers, but a few people who did it "reformed" and went on to be pro players anyway.

RedditWanderer@lemmy.world on 28 Aug 2023 20:37 next collapse

The attack could pose a serious risk to activists, political dissidents, journalists, those targeted by cybercriminals, and many more people.

Lmao like they’re using Skype when trying to hide

Potatos_are_not_friends@lemmy.world on 28 Aug 2023 21:45 next collapse

Hello. I am evil hacker cyber criminal.

If you want to discuss terms, find me on Skype at EvilHackerCyberCriminalGuy69.

Do not be fooled by the 69, as while it can be seen as a joke, it is my birth year as the original name was taken.

Thank you.

TurnItOff_OnAgain@lemmy.world on 29 Aug 2023 11:33 collapse

I use 88 in stuff as well. I didn’t realize until way to late that 88 is a nazi thing.

Edgelord_Of_Tomorrow@lemmy.world on 28 Aug 2023 23:15 next collapse

Have to be honest, I thought Skype was discontinued years ago.

RedditWanderer@lemmy.world on 28 Aug 2023 23:23 next collapse

It was but we forgot to tell our grandparents, and Microsoft

TonyTonyChopper@mander.xyz on 29 Aug 2023 02:53 next collapse

somehow Emperor Skype returned

no matter how many times you say no it keeps coming back, same with Edge

affiliate@lemmy.world on 29 Aug 2023 06:02 collapse

i did too. i’m genuinely not sure why it exists. microsoft is making teams into its favorite productivity app, and i can’t think of anything skype has that teams doesn’t. why does skype still exist?

lemmyvore@feddit.nl on 29 Aug 2023 07:12 collapse

Because it sucks quite a bit less than Teams. I know I’ll be sad to see it go when companies eventually switch to Teams. They’re already running side by side in most places now while companies are migrating so it’s only a matter of time. Microsoft will probably announce end of life sometime this year.

Skype basically bridged the time it took Microsoft to come up with their own conferencing solution so now that Teams is here to stay they can take Skype out back and shoot it.

affiliate@lemmy.world on 29 Aug 2023 08:01 next collapse

that makes a lot of sense. it is quite hard to make an app worse than teams, and it seems like the more time microsoft spends on their productivity apps the worse they get (ie word, which was pretty much finished in 2004). i haven’t used skype since finding out about mumble around 2013, but can definitely see why it might be nice to have an office meeting app that is (relatively) free from microsoft’s meddling.

vacuumflower@lemmy.sdf.org on 29 Aug 2023 10:03 collapse

Isn’t today’s Skype just camouflaged Teams?

lemmyvore@feddit.nl on 29 Aug 2023 17:19 collapse

It’s possible it uses the same infrastructure in the background, but the interface is a lot simpler. It’s just on-on-one conversations and group conversations period. The equivalent in Teams would be the “Chat” tab – if it didn’t have all the added complexity that comes from Teams being so deeply integrated with the Microsoft online office suite (email, calendar, teams, sharepoint, onedrive and a billion other apps).

rar@discuss.online on 29 Aug 2023 03:36 collapse

On a serious note, most of those people (activists, journalists, etc.) aren’t exactly the computer savvy types, nor have the time or resource to spend learning about matters they seldom know about, and yet they are the ones that desperately need this knowledge. They might have an important message to be sent. What would you use to spread the message in their shoes?

Sure, we the tech guys, especially subscribed to privacy related communities, can talk about Tor browser or threat modeling all day. But have you tried bring that up in social circles, if any?

Non tech minded activists will simply use the tools at their disposal: messaging apps? sure; social media apps, if looking for message amplification, whatever it runs on their cheap android phone. Metadata? IP? Profiling? Browser fingerprinting? Some are aware of it, as they also had to endure internet censorship growing up. It’s a trade they make knowingly or unknowingly between the cause and their physical and mental health.

We can laugh at their ignorance all we want, but this is how we become the Ivory tower that fuels resentment.

ShittyRedditWasBetter@lemmy.world on 28 Aug 2023 20:57 next collapse

Because nobody cares. At all. The only people who might are streamers and over zealous nerds.

Kolanaki@yiffit.net on 29 Aug 2023 03:12 collapse

Even an overzealous nerd would understand knowing an IP address is pretty much worthless.

ShittyRedditWasBetter@lemmy.world on 29 Aug 2023 09:42 collapse

You underestimate how much privacy advocates bitch over the dumbest shit ensuring that nobody ever actually listens when it’s important.

Swim@lemmy.ca on 28 Aug 2023 21:55 next collapse

This is soo old that’s how they would ddos clan leaders and shot callers back in the acheage days

GustavoM@lemmy.world on 28 Aug 2023 23:03 next collapse

Man, Justin Bieber is such a fa-- wait. We aren’t in the 00’s anymore?

Raptor_007@lemmy.world on 28 Aug 2023 23:40 next collapse

Silently? They don’t even tell you they’re doing it? 😕

Cheems@lemmy.world on 29 Aug 2023 00:14 next collapse

Now, that’s a name I’ve not heard in a long time.

Filipdaflippa@lemmy.ml on 29 Aug 2023 00:56 next collapse

Wait you can still do this? I was booting people off games when they would use the same user as their Skype over 10 years as a script kiddie, how is it not patched by now

nutsack@lemmy.world on 29 Aug 2023 12:08 collapse

nice

HawlSera@lemm.ee on 29 Aug 2023 01:00 next collapse

There ia Very Probably No solution to this

[deleted] on 29 Aug 2023 03:45 next collapse

.

SimplePhysics@sh.itjust.works on 29 Aug 2023 08:00 collapse

Unfortunately, IP addresses are often MORE traceable on decentralized networks then centralized networks. How so? Lets say Alice and Bob each use their own PCs as nodes on a decentralized messaging network. None of them use a VPN or proxy. If Alice sends Bob a message directly, Bob can just grab her IP since she is using her own PC as a node. However, if they were using a centralized service, that message would’ve been routed through the service’s servers.

Franzia@lemmy.blahaj.zone on 29 Aug 2023 03:15 next collapse

What the fuck. What percentage of people uses skype? I’d really rather see coverage of the exploits found in discord, zoom, slack, etc.

marmo7ade@lemmy.world on 29 Aug 2023 13:42 collapse

I’d really rather see coverage of the exploits found in discord, zoom, slack, etc.

You intentionally clicked on this link.

artvabas@lemmy.world on 29 Aug 2023 12:18 next collapse

Who is using Skype these days!

Redderthanmisty@lemmygrad.ml on 29 Aug 2023 13:28 next collapse

Still a thing for some enterprise users… and the elderly.

LinusSexTips@lemmy.world on 29 Aug 2023 13:42 collapse

Was common practice in procurement for me and my team, still have contacts at ASRock / Keychron / Logitech / SteelSeries / Beacn / HYTE / Maxsun and many more.

Was a platform that was used early on and has carried through. Factories in China will commonly use WeChat but many of the more mainstream western brands will default to Skype.

stillwater@lemm.ee on 29 Aug 2023 12:59 next collapse

Security research on Skype seems like durability testing a wet paper bag.

dyc3@lemmy.world on 29 Aug 2023 13:19 next collapse

This is not new. It’s literally always been like this.

Redditiscancer789@lemmy.world on 29 Aug 2023 22:38 collapse

Lol I love how behind the times academics can be. This literally was a big thing used to ddos streamers back in the day like 2010s-2015s. All that needed to happen was they accepted a call and since Skypes peer to peer the hacker instantly got their IP. I remember Destiny being targeted for a while by it.

Treczoks@lemmy.world on 29 Aug 2023 22:54 next collapse

They only fix bugs that otherwise would impact their earnings.

canis_majoris@lemmy.ca on 30 Aug 2023 17:30 next collapse

Huh, the time machine must be off. This was news from a decade ago.

It’s actually one of the main reasons we switched off Skype to Discord for most gaming socialization.

skymtf@lemmy.blahaj.zone on 30 Aug 2023 18:08 collapse

How exactly would you stop this on a peer to peer app exactly, wouldn’t you have to route traffic through a centralized proxy?