Difference between revisions of "DBSA:2013-0002"

From Digibase Knowledge Base
Jump to: navigation, search
(Created page with "'''DBSA ID:''' {{PAGENAME}} '''Regarding:''' Skype Chat Security '''Writeup:''' ~~~~ '''Date:''' 2013 05 21 '''Last Modified:''' {{REVISIONTIMESTAMP}} by {{REVISIONUSER}} ...")
 
 
(2 intermediate revisions by the same user not shown)
Line 36: Line 36:
 
  <nowiki>
 
  <nowiki>
 
<domain> 65.52.100.214 - - [20/May/2013:02:57:49 -0400] "HEAD / HTTP/1.1" 200 - "-" "-"
 
<domain> 65.52.100.214 - - [20/May/2013:02:57:49 -0400] "HEAD / HTTP/1.1" 200 - "-" "-"
 +
</nowiki>
 +
 +
Which the address has the whois:
 +
 
  <nowiki>
 
  <nowiki>
 +
NetRange:      65.52.0.0 - 65.55.255.255
 +
CIDR:          65.52.0.0/14
 +
OriginAS:     
 +
NetName:        MICROSOFT-1BLK
 +
NetHandle:      NET-65-52-0-0-1
 +
Parent:        NET-65-0-0-0-0
 +
NetType:        Direct Assignment
 +
RegDate:        2001-02-14
 +
Updated:        2012-03-20
 +
Ref:            http://whois.arin.net/rest/net/NET-65-52-0-0-1
 +
 +
 +
OrgName:        Microsoft Corp
 +
OrgId:          MSFT
 +
Address:        One Microsoft Way
 +
City:          Redmond
 +
StateProv:      WA
 +
PostalCode:    98052
 +
Country:        US
 +
RegDate:        1998-07-10
 +
Updated:        2011-04-26
 +
Ref:            http://whois.arin.net/rest/org/MSFT
 +
 +
OrgAbuseHandle: MSNAB-ARIN
 +
OrgAbuseName:  MSN ABUSE
 +
OrgAbusePhone:  +1-425-882-8080
 +
OrgAbuseEmail:  abuse@msn.com
 +
OrgAbuseRef:    http://whois.arin.net/rest/poc/MSNAB-ARIN
 +
 +
OrgNOCHandle: ZM23-ARIN
 +
OrgNOCName:  Microsoft Corporation
 +
OrgNOCPhone:  +1-425-882-8080
 +
OrgNOCEmail:  noc@microsoft.com
 +
OrgNOCRef:    http://whois.arin.net/rest/poc/ZM23-ARIN
 +
 +
OrgTechHandle: MSFTP-ARIN
 +
OrgTechName:  MSFT-POC
 +
OrgTechPhone:  +1-425-882-8080
 +
OrgTechEmail:  iprrms@microsoft.com
 +
OrgTechRef:    http://whois.arin.net/rest/poc/MSFTP-ARIN
 +
 +
OrgAbuseHandle: HOTMA-ARIN
 +
OrgAbuseName:  Hotmail Abuse
 +
OrgAbusePhone:  +1-425-882-8080
 +
OrgAbuseEmail:  abuse@hotmail.com
 +
OrgAbuseRef:    http://whois.arin.net/rest/poc/HOTMA-ARIN
 +
 +
OrgAbuseHandle: ABUSE231-ARIN
 +
OrgAbuseName:  Abuse
 +
OrgAbusePhone:  +1-425-882-8080
 +
OrgAbuseEmail:  abuse@msn.com
 +
OrgAbuseRef:    http://whois.arin.net/rest/poc/ABUSE231-ARIN
 +
 +
RTechHandle: ZM23-ARIN
 +
RTechName:  Microsoft Corporation
 +
RTechPhone:  +1-425-882-8080
 +
RTechEmail:  noc@microsoft.com
 +
RTechRef:    http://whois.arin.net/rest/poc/ZM23-ARIN
 +
</nowiki>
  
 
==Mitigation/Solution==
 
==Mitigation/Solution==

Latest revision as of 02:36, 21 May 2013

DBSA ID: 2013-0002

Regarding: Skype Chat Security

Writeup: Kradorex Xeron (talk) 01:23, 21 May 2013 (EDT)

Date: 2013 05 21

Last Modified: 20130521023629 by Kradorex Xeron

Who should take note: All Skype users

Classification

Priority: URGENT

Rationale: Users must be able to take action to ensure their data is secure.

Severity: MEDIUM

Rationale: The skype protocol has been displayed to have a weakness whereas a third party may compromise data mid-communication.

Spread of Issue: CROSS-PLATFORM HIGH

Rationale: Millions of users use Skype across multiple platforms.

Description

Skype is a voice, video and text chat suite targeted toward users across the world, it is designed with simplicity in mind. The vendor (Microsoft) has been shown to be capable of intercepting the chat communication mid-transit between users.

Technical Details

The Skype protocol's security is able to be compromised by the vendor by means of decrypting chat messages at the Skype servers operated by the vendor. This has been discovered since the vendor probes websites linked in said chat messages.

Digibase has directly observed that vendor has been probing websites that are posted as links in Skype chats. These are performed as HEAD requests transmitted (as per RFC 2616) against the webserver for an unknown reason. the request is typically transmitted from the IP address 65.52.100.214.

An example of such a request is as follows as per Apache HTTPD logs:

<domain> 65.52.100.214 - - [20/May/2013:02:57:49 -0400] "HEAD / HTTP/1.1" 200 - "-" "-"
 

Which the address has the whois:

NetRange:       65.52.0.0 - 65.55.255.255
CIDR:           65.52.0.0/14
OriginAS:       
NetName:        MICROSOFT-1BLK
NetHandle:      NET-65-52-0-0-1
Parent:         NET-65-0-0-0-0
NetType:        Direct Assignment
RegDate:        2001-02-14
Updated:        2012-03-20
Ref:            http://whois.arin.net/rest/net/NET-65-52-0-0-1


OrgName:        Microsoft Corp
OrgId:          MSFT
Address:        One Microsoft Way
City:           Redmond
StateProv:      WA
PostalCode:     98052
Country:        US
RegDate:        1998-07-10
Updated:        2011-04-26
Ref:            http://whois.arin.net/rest/org/MSFT

OrgAbuseHandle: MSNAB-ARIN
OrgAbuseName:   MSN ABUSE
OrgAbusePhone:  +1-425-882-8080 
OrgAbuseEmail:  abuse@msn.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/MSNAB-ARIN

OrgNOCHandle: ZM23-ARIN
OrgNOCName:   Microsoft Corporation
OrgNOCPhone:  +1-425-882-8080 
OrgNOCEmail:  noc@microsoft.com
OrgNOCRef:    http://whois.arin.net/rest/poc/ZM23-ARIN

OrgTechHandle: MSFTP-ARIN
OrgTechName:   MSFT-POC
OrgTechPhone:  +1-425-882-8080 
OrgTechEmail:  iprrms@microsoft.com
OrgTechRef:    http://whois.arin.net/rest/poc/MSFTP-ARIN

OrgAbuseHandle: HOTMA-ARIN
OrgAbuseName:   Hotmail Abuse
OrgAbusePhone:  +1-425-882-8080 
OrgAbuseEmail:  abuse@hotmail.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/HOTMA-ARIN

OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1-425-882-8080 
OrgAbuseEmail:  abuse@msn.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/ABUSE231-ARIN

RTechHandle: ZM23-ARIN
RTechName:   Microsoft Corporation
RTechPhone:  +1-425-882-8080 
RTechEmail:  noc@microsoft.com
RTechRef:    http://whois.arin.net/rest/poc/ZM23-ARIN
 

Mitigation/Solution

It is strongly advised that Skype users exchanging sensitive and/or confidential information utilize other means such as IRC over SSL or PGP encrypted email. If voice chat is required, it is advised that a solution like Teamspeak be set up and utilized.

References