Microsoft has today plugged a simply exploitable flaw in Skype’s password reset facility. The password recovery flaw was discussed on a Russian security forum two or three months ago but it has taken until today, as the story was picked up by many western media, for Microsoft to pull out its finger and fix the issue.
Microsoft's instant messaging and video chat are set for a major shake-up, with Microsoft announcing today that the Windows Live Messenger brand and client will be retired in the first quarter of 2013. They'll be replaced by the Skype client and Skype name everywhere, except for China, which will retain the Messenger naming.
Skype has denied reports it is changing its architecture to facilitate easier surveillance of communications over the company's voice and video calling service by US authorities.
The fears were prompted after Skype unveiled plans to move its 'supernodes' — which act as relay stations and proxies for users on the peer-to-peer communications network — to Amazon Web Services infrastructure and ultimately to data centres operated by its new parent company, Microsoft.
Skype, once a feisty startup, now a wholly owned subsidiary of Microsoft, has been taking a beating in the press for the past week or so. Most of the negative press has been based on innuendo, partly driven by the company’s boilerplate responses to inquiries by tech reporters.
The media pressure started last Friday at Slate, where Ryan Gallagher wasn’t satisfied with the stock answers and wrote this speculative post:
As governments around the world finally get around to updating surveillance laws to let them 'snoop' through your online correspondence, Skype is keeping its cards close to its chest.
Hackers have reported that Skype has made some changes to its architecture that will allow it to be more easily jacked into for nefarious purposes or monitoring crime suspects' communications.
Skype, a division of Microsoft, confirmed on Monday that a glitch in its software has led to instant messages being shared with unintended parties.
The company said it will deliver an update to fix the problem in "the next few days."
Nokia has responded to a recent ZDNet Mobile News article that pointed out the partnership with Microsoft, the owner of Skype, is causing trouble with the carriers affecting sales of the Lumia phones. In that article Nokia watcher Tomi Ahonen used comments by Nokia CEO Stephen Elop to gather he was claiming sales were lost due to the Skype deal.
A major change in the Skype network architecture has occurred two or three weeks ago (at the time I wrote this), and has gone unnoticed as far as I know. The number of supernodes has dropped from 48k+ to 10k+, and all the supernodes are now hosted by Microsoft/Skype. Promotion of random eligible nodes to supernodes has stopped (through the setting of the global boolean 33h).
Ironically, those remaining supernodes run on grsec'ed Linux boxes (I hope Spender gets a sizeable donation from Microsoft). They can host a considerable amount of clients, ~100000.
Skype said Tuesday it is investigating a new tool that collects a person's last known IP address, a potential privacy-compromising issue.
Instructions posted on Pastebin on Thursday showed how a person's IP address could be shown without adding the targeted user as a contact by looking at the person's general information and log files.
At long last, Skype for Windows is now available a couple of months after the beta version was announced at Mobile World Congress, and launched a short while after that. The official Skype for Windows is now available over at the Windows Phone Marketplace, where you can also opt to retrieve the app straight from your Windows Phone itself, although it might take up to two days (48 hours) for Skype for Windows to propagate in all local Windows Phone Marketplaces.
