A security researcher has found it’s possible to reveal a Skype app user’s IP address without the target needing to even click a link. Microsoft said the vulnerability does not need immediate attention.

A security researcher has found it’s possible to reveal a Skype app user’s IP address without the target needing to even click a link. Microsoft said the vulnerability does not need immediate attention.

  • BradleyUffner@lemmy.worldEnglish
    394·
    1 year ago

    Ohh no, someone on the Internet might have my IP address! The horror! What if they try to ping me?!

    • RheingoldRiver@kbin.social
      111·
      1 year ago

      People used to use this attack in League of Legends a decade ago. If they’re losing, they guess someone might have Skype open; and moreover, that their Skype is the same as their summoner name. Then they get an ip address and ddos the entire lobby, causing the game to crash (I think it happened in one of my games maybe once, but I didn’t really play ranked other than team ranked).

      Also, since all pro & semipro players had each other added, this was possible to do at any time during online tournaments (which was most tournaments - TSM invitational etc). So there were always rules that ddossing was disallowed. But it did happen.

      Known ddossers were more hated in the community than known flamers, but a few people who did it “reformed” and went on to be pro players anyway.

      • SkyeStarfall@lemmy.blahaj.zoneEnglish
        21·
        1 year ago

        With just an IP? Then the system is broken. Because an IP is often easy to get, and everything that directly connects to you needs your IP, unless you use a VPN I guess.

        Every website knows your IP. Every internet application knows your IP. Everyone in a peer-to-to-peer network knows your IP. It’s not a secret, it’s just your internet address. It is designed to be known.

        • Sethayy@sh.itjust.worksEnglish
          4·
          1 year ago

          Yk I was on the others side of this til this comment, like I was gonna say there’s a difference between corporations and malicious individual actors, but nowadays I’d trust some random individual 1000x before a company.

          God I hope veilied becomes popular

  • jrest18n@lemm.eeEnglish
    22·
    1 year ago

    When Skype was still in common use, this was a very known issue. I’m in lots of gaming communities, and you had to be careful about who knew your username because you could have your IP exposed then get DDoS.

    Possibly they patched it and this is a new instance of this, but it was like this for years and years before.

  • Filipdaflippa@lemmy.mlEnglish
    222·
    1 year ago

    Wait you can still do this? I was booting people off games when they would use the same user as their Skype over 10 years as a script kiddie, how is it not patched by now

  • howrar@lemmy.caEnglish
    204·
    1 year ago

    If you connect to anything on the internet, you’re giving out your IP address. Why would this be any more of a concern?

      • Sethayy@sh.itjust.worksEnglish
        31·
        1 year ago

        At this point Microsoft is a suspicious server, and any data they could get from this they could just like… pay for from one of our overlords

  • Franzia@lemmy.blahaj.zoneEnglish
    131·
    1 year ago

    What the fuck. What percentage of people uses skype? I’d really rather see coverage of the exploits found in discord, zoom, slack, etc.

  • Swim@lemmy.caEnglish
    11·
    1 year ago

    This is soo old that’s how they would ddos clan leaders and shot callers back in the acheage days

  • AnonTwo@kbin.social
    4·
    1 year ago

    Pretty sure this was already known. Just even back when Skype was relevant it wasn’t fixed.