Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Microsoft Accesses Skype Chats

Eugen Leitl eugen at leitl.org
Fri May 17 05:01:10 PDT 2013


On Fri, May 17, 2013 at 07:31:24AM -0400, Rich Kulawiec wrote:

> Everyone who thinks that's the *only* thing that Microsoft is quietly
> doing behind everyone's back, raise your hand.
> 
> And incidentally, the proffered rationale for this doesn't fly, given
> that (a) they're only sending HEAD: actually scanning destination URLs
> for malware et.al. would require fetching the whole page and (b) they're
> only retrieving HTTPS URLs (per Heise) which is not what someone actually
> looking for malware would do.  Moreover (c) even if they classified
> a URL as malicious, let's say https://example.net/blah, the recipient
> of said URL is likely to access it via a data path outside their control,
> thus -- unless they blocked it *inside* Skype -- they have no way to
> prevent access to it and delivery of whatever malware payload awaits.

PR meltdown was eventually detected by the mothership Borgcube:

http://www.heise.de/newsticker/meldung/Skypes-ominoeser-Link-Check-stillgelegt-1865275.html

http://www.heise.de/security/artikel/Mehr-Fakten-und-Spekulationen-zu-Skypes-ominoesen-Link-Checks-1865370.html
 
> Source code is truth; all the rest is smoke and mirrors, hype and PR.
> If Microsoft had the *slightest* interest in telling y'all the truth,
> then they would have answered the group letter earlier this spring with
> code, not with glib prose crafted by a committee of talented spokesliars.
> 
> ---rsk
> 
> p.s. Heise's discovery is an existence proof that it's possible to
> intercept the contents.  Therefore we must presume that other entities
> besides Microsoft may have this capability -- doubly so given that some
> of those entities have not only the resources, but the motivation.



More information about the liberationtech mailing list