A security researcher has found it’s possible to reveal a Skype app user’s IP address without the target needing to even click a link. Microsoft said the vulnerability does not need immediate attention.

    • @SimplePhysics@sh.itjust.works
      link
      fedilink
      English
      8
      edit-2
      2 years ago

      Unfortunately, IP addresses are often MORE traceable on decentralized networks then centralized networks. How so? Lets say Alice and Bob each use their own PCs as nodes on a decentralized messaging network. None of them use a VPN or proxy. If Alice sends Bob a message directly, Bob can just grab her IP since she is using her own PC as a node. However, if they were using a centralized service, that message would’ve been routed through the service’s servers.

    • @Redditiscancer789@lemmy.world
      link
      fedilink
      English
      3
      edit-2
      2 years ago

      Lol I love how behind the times academics can be. This literally was a big thing used to ddos streamers back in the day like 2010s-2015s. All that needed to happen was they accepted a call and since Skypes peer to peer the hacker instantly got their IP. I remember Destiny being targeted for a while by it.

  • @jrest18n@lemm.ee
    link
    fedilink
    English
    342 years ago

    When Skype was still in common use, this was a very known issue. I’m in lots of gaming communities, and you had to be careful about who knew your username because you could have your IP exposed then get DDoS.

    Possibly they patched it and this is a new instance of this, but it was like this for years and years before.

  • @howrar@lemmy.ca
    link
    fedilink
    English
    242 years ago

    If you connect to anything on the internet, you’re giving out your IP address. Why would this be any more of a concern?

    • brianorca
      link
      fedilink
      English
      32 years ago

      Because this can happen without you connecting to any suspicious server.

      • @Sethayy@sh.itjust.works
        link
        fedilink
        English
        22 years ago

        At this point Microsoft is a suspicious server, and any data they could get from this they could just like… pay for from one of our overlords

    • @TORFdot0@lemmy.world
      link
      fedilink
      English
      152 years ago

      Users may consent to giving Microsoft their IP address but not to everyone who sends them a link

  • AnonTwo
    link
    fedilink
    32 years ago

    Pretty sure this was already known. Just even back when Skype was relevant it wasn’t fixed.

  • @RedditWanderer@lemmy.world
    link
    fedilink
    English
    642 years ago

    The attack could pose a serious risk to activists, political dissidents, journalists, those targeted by cybercriminals, and many more people.

    Lmao like they’re using Skype when trying to hide

      • @affiliate@lemmy.world
        link
        fedilink
        English
        32 years ago

        i did too. i’m genuinely not sure why it exists. microsoft is making teams into its favorite productivity app, and i can’t think of anything skype has that teams doesn’t. why does skype still exist?

        • lemmyvore
          link
          fedilink
          English
          32 years ago

          Because it sucks quite a bit less than Teams. I know I’ll be sad to see it go when companies eventually switch to Teams. They’re already running side by side in most places now while companies are migrating so it’s only a matter of time. Microsoft will probably announce end of life sometime this year.

          Skype basically bridged the time it took Microsoft to come up with their own conferencing solution so now that Teams is here to stay they can take Skype out back and shoot it.

          • @affiliate@lemmy.world
            link
            fedilink
            English
            02 years ago

            that makes a lot of sense. it is quite hard to make an app worse than teams, and it seems like the more time microsoft spends on their productivity apps the worse they get (ie word, which was pretty much finished in 2004). i haven’t used skype since finding out about mumble around 2013, but can definitely see why it might be nice to have an office meeting app that is (relatively) free from microsoft’s meddling.

            • lemmyvore
              link
              fedilink
              English
              22 years ago

              It’s possible it uses the same infrastructure in the background, but the interface is a lot simpler. It’s just on-on-one conversations and group conversations period. The equivalent in Teams would be the “Chat” tab – if it didn’t have all the added complexity that comes from Teams being so deeply integrated with the Microsoft online office suite (email, calendar, teams, sharepoint, onedrive and a billion other apps).

    • @Potatos_are_not_friends@lemmy.world
      link
      fedilink
      English
      232 years ago

      Hello. I am evil hacker cyber criminal.

      If you want to discuss terms, find me on Skype at EvilHackerCyberCriminalGuy69.

      Do not be fooled by the 69, as while it can be seen as a joke, it is my birth year as the original name was taken.

      Thank you.

      • @SkyeStarfall@lemmy.blahaj.zone
        link
        fedilink
        English
        27
        edit-2
        2 years ago

        With just an IP? Then the system is broken. Because an IP is often easy to get, and everything that directly connects to you needs your IP, unless you use a VPN I guess.

        Every website knows your IP. Every internet application knows your IP. Everyone in a peer-to-to-peer network knows your IP. It’s not a secret, it’s just your internet address. It is designed to be known.

        • @Sethayy@sh.itjust.works
          link
          fedilink
          English
          72 years ago

          Yk I was on the others side of this til this comment, like I was gonna say there’s a difference between corporations and malicious individual actors, but nowadays I’d trust some random individual 1000x before a company.

          God I hope veilied becomes popular

    • RheingoldRiver
      link
      fedilink
      62 years ago

      People used to use this attack in League of Legends a decade ago. If they’re losing, they guess someone might have Skype open; and moreover, that their Skype is the same as their summoner name. Then they get an ip address and ddos the entire lobby, causing the game to crash (I think it happened in one of my games maybe once, but I didn’t really play ranked other than team ranked).

      Also, since all pro & semipro players had each other added, this was possible to do at any time during online tournaments (which was most tournaments - TSM invitational etc). So there were always rules that ddossing was disallowed. But it did happen.

      Known ddossers were more hated in the community than known flamers, but a few people who did it “reformed” and went on to be pro players anyway.

  • @Swim@lemmy.ca
    link
    fedilink
    English
    162 years ago

    This is soo old that’s how they would ddos clan leaders and shot callers back in the acheage days