- cross-posted to:
- technews@radiation.party
- cross-posted to:
- technews@radiation.party
A security researcher has found it’s possible to reveal a Skype app user’s IP address without the target needing to even click a link. Microsoft said the vulnerability does not need immediate attention.
People still use Skype?
Ohh no, someone on the Internet might have my IP address! The horror! What if they try to ping me?!
People used to use this attack in League of Legends a decade ago. If they’re losing, they guess someone might have Skype open; and moreover, that their Skype is the same as their summoner name. Then they get an ip address and ddos the entire lobby, causing the game to crash (I think it happened in one of my games maybe once, but I didn’t really play ranked other than team ranked).
Also, since all pro & semipro players had each other added, this was possible to do at any time during online tournaments (which was most tournaments - TSM invitational etc). So there were always rules that ddossing was disallowed. But it did happen.
Known ddossers were more hated in the community than known flamers, but a few people who did it “reformed” and went on to be pro players anyway.
What if they leave an anonymous tip that you’re distributing CSAM?
With just an IP? Then the system is broken. Because an IP is often easy to get, and everything that directly connects to you needs your IP, unless you use a VPN I guess.
Every website knows your IP. Every internet application knows your IP. Everyone in a peer-to-to-peer network knows your IP. It’s not a secret, it’s just your internet address. It is designed to be known.
Yk I was on the others side of this til this comment, like I was gonna say there’s a difference between corporations and malicious individual actors, but nowadays I’d trust some random individual 1000x before a company.
God I hope veilied becomes popular
When Skype was still in common use, this was a very known issue. I’m in lots of gaming communities, and you had to be careful about who knew your username because you could have your IP exposed then get DDoS.
Possibly they patched it and this is a new instance of this, but it was like this for years and years before.
Wait you can still do this? I was booting people off games when they would use the same user as their Skype over 10 years as a script kiddie, how is it not patched by now
If you connect to anything on the internet, you’re giving out your IP address. Why would this be any more of a concern?
Because this can happen without you connecting to any suspicious server.
At this point Microsoft is a suspicious server, and any data they could get from this they could just like… pay for from one of our overlords
What the fuck. What percentage of people uses skype? I’d really rather see coverage of the exploits found in discord, zoom, slack, etc.
This is soo old that’s how they would ddos clan leaders and shot callers back in the acheage days
There ia Very Probably No solution to this
Man, Justin Bieber is such a fa-- wait. We aren’t in the 00’s anymore?
Who is using Skype these days!
Me who hasn’t used Skype in like 15 years: Oh no
Pretty sure this was already known. Just even back when Skype was relevant it wasn’t fixed.
Always on VPN is a good idea, or a VPN just for apps you don’t trust (like skype). https://github.com/Safing/portmaster is a nice visual firewall configurator that can do things like, this app, must use the firewall. (easy to configure split firewall)
deleted by creator
Because nobody cares. At all. The only people who might are streamers and over zealous nerds.
Even an overzealous nerd would understand knowing an IP address is pretty much worthless.
You underestimate how much privacy advocates bitch over the dumbest shit ensuring that nobody ever actually listens when it’s important.