Difference between revisions of "DBSA:2013-0002"
(Created page with "'''DBSA ID:''' {{PAGENAME}} '''Regarding:''' Skype Chat Security '''Writeup:''' ~~~~ '''Date:''' 2013 05 21 '''Last Modified:''' {{REVISIONTIMESTAMP}} by {{REVISIONUSER}} ...") |
|||
(2 intermediate revisions by the same user not shown) | |||
Line 36: | Line 36: | ||
<nowiki> | <nowiki> | ||
<domain> 65.52.100.214 - - [20/May/2013:02:57:49 -0400] "HEAD / HTTP/1.1" 200 - "-" "-" | <domain> 65.52.100.214 - - [20/May/2013:02:57:49 -0400] "HEAD / HTTP/1.1" 200 - "-" "-" | ||
+ | </nowiki> | ||
+ | |||
+ | Which the address has the whois: | ||
+ | |||
<nowiki> | <nowiki> | ||
+ | NetRange: 65.52.0.0 - 65.55.255.255 | ||
+ | CIDR: 65.52.0.0/14 | ||
+ | OriginAS: | ||
+ | NetName: MICROSOFT-1BLK | ||
+ | NetHandle: NET-65-52-0-0-1 | ||
+ | Parent: NET-65-0-0-0-0 | ||
+ | NetType: Direct Assignment | ||
+ | RegDate: 2001-02-14 | ||
+ | Updated: 2012-03-20 | ||
+ | Ref: http://whois.arin.net/rest/net/NET-65-52-0-0-1 | ||
+ | |||
+ | |||
+ | OrgName: Microsoft Corp | ||
+ | OrgId: MSFT | ||
+ | Address: One Microsoft Way | ||
+ | City: Redmond | ||
+ | StateProv: WA | ||
+ | PostalCode: 98052 | ||
+ | Country: US | ||
+ | RegDate: 1998-07-10 | ||
+ | Updated: 2011-04-26 | ||
+ | Ref: http://whois.arin.net/rest/org/MSFT | ||
+ | |||
+ | OrgAbuseHandle: MSNAB-ARIN | ||
+ | OrgAbuseName: MSN ABUSE | ||
+ | OrgAbusePhone: +1-425-882-8080 | ||
+ | OrgAbuseEmail: abuse@msn.com | ||
+ | OrgAbuseRef: http://whois.arin.net/rest/poc/MSNAB-ARIN | ||
+ | |||
+ | OrgNOCHandle: ZM23-ARIN | ||
+ | OrgNOCName: Microsoft Corporation | ||
+ | OrgNOCPhone: +1-425-882-8080 | ||
+ | OrgNOCEmail: noc@microsoft.com | ||
+ | OrgNOCRef: http://whois.arin.net/rest/poc/ZM23-ARIN | ||
+ | |||
+ | OrgTechHandle: MSFTP-ARIN | ||
+ | OrgTechName: MSFT-POC | ||
+ | OrgTechPhone: +1-425-882-8080 | ||
+ | OrgTechEmail: iprrms@microsoft.com | ||
+ | OrgTechRef: http://whois.arin.net/rest/poc/MSFTP-ARIN | ||
+ | |||
+ | OrgAbuseHandle: HOTMA-ARIN | ||
+ | OrgAbuseName: Hotmail Abuse | ||
+ | OrgAbusePhone: +1-425-882-8080 | ||
+ | OrgAbuseEmail: abuse@hotmail.com | ||
+ | OrgAbuseRef: http://whois.arin.net/rest/poc/HOTMA-ARIN | ||
+ | |||
+ | OrgAbuseHandle: ABUSE231-ARIN | ||
+ | OrgAbuseName: Abuse | ||
+ | OrgAbusePhone: +1-425-882-8080 | ||
+ | OrgAbuseEmail: abuse@msn.com | ||
+ | OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE231-ARIN | ||
+ | |||
+ | RTechHandle: ZM23-ARIN | ||
+ | RTechName: Microsoft Corporation | ||
+ | RTechPhone: +1-425-882-8080 | ||
+ | RTechEmail: noc@microsoft.com | ||
+ | RTechRef: http://whois.arin.net/rest/poc/ZM23-ARIN | ||
+ | </nowiki> | ||
==Mitigation/Solution== | ==Mitigation/Solution== |
Latest revision as of 01:36, 21 May 2013
DBSA ID: 2013-0002
Regarding: Skype Chat Security
Writeup: Kradorex Xeron (talk) 01:23, 21 May 2013 (EDT)
Date: 2013 05 21
Last Modified: 20130521013629 by Kradorex Xeron
Who should take note: All Skype users
Classification
Priority: URGENT
Rationale: Users must be able to take action to ensure their data is secure.
Severity: MEDIUM
Rationale: The skype protocol has been displayed to have a weakness whereas a third party may compromise data mid-communication.
Spread of Issue: CROSS-PLATFORM HIGH
Rationale: Millions of users use Skype across multiple platforms.
Description
Skype is a voice, video and text chat suite targeted toward users across the world, it is designed with simplicity in mind. The vendor (Microsoft) has been shown to be capable of intercepting the chat communication mid-transit between users.
Technical Details
The Skype protocol's security is able to be compromised by the vendor by means of decrypting chat messages at the Skype servers operated by the vendor. This has been discovered since the vendor probes websites linked in said chat messages.
Digibase has directly observed that vendor has been probing websites that are posted as links in Skype chats. These are performed as HEAD requests transmitted (as per RFC 2616) against the webserver for an unknown reason. the request is typically transmitted from the IP address 65.52.100.214.
An example of such a request is as follows as per Apache HTTPD logs:
<domain> 65.52.100.214 - - [20/May/2013:02:57:49 -0400] "HEAD / HTTP/1.1" 200 - "-" "-"
Which the address has the whois:
NetRange: 65.52.0.0 - 65.55.255.255 CIDR: 65.52.0.0/14 OriginAS: NetName: MICROSOFT-1BLK NetHandle: NET-65-52-0-0-1 Parent: NET-65-0-0-0-0 NetType: Direct Assignment RegDate: 2001-02-14 Updated: 2012-03-20 Ref: http://whois.arin.net/rest/net/NET-65-52-0-0-1 OrgName: Microsoft Corp OrgId: MSFT Address: One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country: US RegDate: 1998-07-10 Updated: 2011-04-26 Ref: http://whois.arin.net/rest/org/MSFT OrgAbuseHandle: MSNAB-ARIN OrgAbuseName: MSN ABUSE OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: abuse@msn.com OrgAbuseRef: http://whois.arin.net/rest/poc/MSNAB-ARIN OrgNOCHandle: ZM23-ARIN OrgNOCName: Microsoft Corporation OrgNOCPhone: +1-425-882-8080 OrgNOCEmail: noc@microsoft.com OrgNOCRef: http://whois.arin.net/rest/poc/ZM23-ARIN OrgTechHandle: MSFTP-ARIN OrgTechName: MSFT-POC OrgTechPhone: +1-425-882-8080 OrgTechEmail: iprrms@microsoft.com OrgTechRef: http://whois.arin.net/rest/poc/MSFTP-ARIN OrgAbuseHandle: HOTMA-ARIN OrgAbuseName: Hotmail Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: abuse@hotmail.com OrgAbuseRef: http://whois.arin.net/rest/poc/HOTMA-ARIN OrgAbuseHandle: ABUSE231-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-425-882-8080 OrgAbuseEmail: abuse@msn.com OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE231-ARIN RTechHandle: ZM23-ARIN RTechName: Microsoft Corporation RTechPhone: +1-425-882-8080 RTechEmail: noc@microsoft.com RTechRef: http://whois.arin.net/rest/poc/ZM23-ARIN
Mitigation/Solution
It is strongly advised that Skype users exchanging sensitive and/or confidential information utilize other means such as IRC over SSL or PGP encrypted email. If voice chat is required, it is advised that a solution like Teamspeak be set up and utilized.