NEWS - May 02, 2012

by Carol~ Moderator - 5/2/12 4:37 AM

Skype IP Address Vulnerability May Not Be So New

A vulnerability in Skype that could expose members' IP addresses may have been known to Skype officials as far back as November 2010. A researcher who first discovered the flaw speculates it may have been left exposed perhaps because it was deeply embedded in the code and could cause other problems, according to a Wall Street Journal blog.

Last week someone posted a simple script on Pastebin to disclose Skype user locations in the patched version of Skype 5.5. After news media picked up the story, Microsoft issued an official statement.

"We are investigating reports of a new tool that captures a Skype user's last known IP address. This is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the safety and security of our customers and we are takings measures to help protect them," said Adrian Asher, director of product security for Skype.

Microsoft bought Skype for $8.5 billion in October 2011. But security researchers in France and New York said today they alerted Skype to the same vulnerability in November 2010. Their research on the flaw was published the same month Microsoft purchased the company.

Continued : http://threatpost.com/en_us/blogs/skype-ip-snooping-vulnerability-may-not-be-so-new-050112

Related : Skype divulges user IP addresses