Skype's Huge, New Security Headaches
L33tdawg: Benjamin Kunz from Vulnerability Lab disclosed some pretty serious Skype flaws at HITB2011KUL - His slide deck can be downloaded from here.
A team of international researchers led by the Polytechnic Institute of New York University has detected flaws in Skype that puts the privacy of hundreds of millions of users at risk, they say.
The research shows that even when Skype users block callers, allow only calls from their contact list, and connect from behind a firewall, hackers can plumb their identities. The researchers confirmed that intruders can use Skype to discover which files call recipients are sharing, and track their whereabouts, too. The information can be collected without the Skype user even knowing that he or she has been contacted (and is at risk of exploitation).
Marketers could easily link a Skype user's data with other available data--including name, age, address, profession, and employer--gleaned from social media sites like Facebook and LinkedIn, to build a database of in-depth profiles, the study suggests. The research team calculated that it would cost a marketer who wanted to create such a database just $500 a week to track 10,000 users.