[40484] in cryptography@c2.net mail archive
Re: skype not so anonymous...
daemon@ATHENA.MIT.EDU (Marcos el Ruptor)
Mon Sep 4 14:54:54 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Marcos el Ruptor" <Ruptor@cryptolib.com>
To: <cryptography@metzdowd.com>
Date: Mon, 4 Sep 2006 01:04:05 -0500
One thing is possible with Skype: any user can easily obtain any other
user's IP address (actually both internal and external IPs). Those users
don't even need to be on his contact list. Of course one would need cracking
tools or a decrypted patched Skype executable with all the 288 integrity
checks removed to make Skype spit out its debugging logs, unless one knows
the right values for the HKCU\Software\Skype\Phone\UI\General\Logging and
Logging2 registry keys that Skype checks comparing their MD5 hashes. There
is not much else that can be done, but that is one possibility. Of course,
if a direct connection is established, any TCP/IP monitoring tool would show
all the contacted IPs.
Although in this case it's obviously the man's stupidity using an instant
messenger with his old virtual identity that got him tracked down. No one
stopped him from registering a different Skype account to contact whoever he
trusted if he didn't want to be found. But I have to agree that Skype could
be made anonymous and is not anonymous at all. It's much harder to obtain
someone's IP address in other instant messengers where users can disallow
direct connections and thus remain anonymous at least to other users.
Ruptor
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
