Difference between revisions of "DBSA:2013-0002"

From Digibase Knowledge Base
Jump to: navigation, search
(Created page with "'''DBSA ID:''' {{PAGENAME}} '''Regarding:''' Skype Chat Security '''Writeup:''' ~~~~ '''Date:''' 2013 05 21 '''Last Modified:''' {{REVISIONTIMESTAMP}} by {{REVISIONUSER}} ...")
 
Line 36: Line 36:
 
  <nowiki>
 
  <nowiki>
 
<domain> 65.52.100.214 - - [20/May/2013:02:57:49 -0400] "HEAD / HTTP/1.1" 200 - "-" "-"
 
<domain> 65.52.100.214 - - [20/May/2013:02:57:49 -0400] "HEAD / HTTP/1.1" 200 - "-" "-"
  <nowiki>
+
  </nowiki>
  
 
==Mitigation/Solution==
 
==Mitigation/Solution==

Revision as of 00:24, 21 May 2013

DBSA ID: 2013-0002

Regarding: Skype Chat Security

Writeup: Kradorex Xeron (talk) 01:23, 21 May 2013 (EDT)

Date: 2013 05 21

Last Modified: 20130521002447 by Kradorex Xeron

Who should take note: All Skype users

Classification

Priority: URGENT

Rationale: Users must be able to take action to ensure their data is secure.

Severity: MEDIUM

Rationale: The skype protocol has been displayed to have a weakness whereas a third party may compromise data mid-communication.

Spread of Issue: CROSS-PLATFORM HIGH

Rationale: Millions of users use Skype across multiple platforms.

Description

Skype is a voice, video and text chat suite targeted toward users across the world, it is designed with simplicity in mind. The vendor (Microsoft) has been shown to be capable of intercepting the chat communication mid-transit between users.

Technical Details

The Skype protocol's security is able to be compromised by the vendor by means of decrypting chat messages at the Skype servers operated by the vendor. This has been discovered since the vendor probes websites linked in said chat messages.

Digibase has directly observed that vendor has been probing websites that are posted as links in Skype chats. These are performed as HEAD requests transmitted (as per RFC 2616) against the webserver for an unknown reason. the request is typically transmitted from the IP address 65.52.100.214.

An example of such a request is as follows as per Apache HTTPD logs:

<domain> 65.52.100.214 - - [20/May/2013:02:57:49 -0400] "HEAD / HTTP/1.1" 200 - "-" "-"
 

Mitigation/Solution

It is strongly advised that Skype users exchanging sensitive and/or confidential information utilize other means such as IRC over SSL or PGP encrypted email. If voice chat is required, it is advised that a solution like Teamspeak be set up and utilized.

References