ID: IRCNE2011121332
Date: 2011-12-03
According to "computerworld", A Skype vulnerability which can expose the location, identity and the content a user is downloading has been discovered by researchers. Microsoft, which owns Skype, said that they are working on the problem.
The researchers found several properties of Skype that can track not only users' locations over time, but also their peer-to-peer (P2P) file-sharing activity, according to a summary of the findings on the NYU-Poly web site. Earlier this year, a German researcher found a cross-site scripting flaw in Skype that could allow someone to change an account password without the user' consent.
The research team tracked the Skype accounts of about 20 volunteers as well as 10,000 random users over a two-week period and found that callers using VoIP systems can obtain the IP address of another user when establishing a call with that person. The caller can then use commercial geo-IP mapping services to determine the other user's location and internet Service Provider (ISP).The New York Times reported that Skype is aware of the issue.
Ross said until the issue has been addressed, he recommends that Skype account holders not leave their Skype application running and only have it on when in use. He also recommends screen names not be closely related to a person's actual name.
- 2