[LACNIC/Seguridad] Fwd: Think your Skype messages get end-to-end encryption? Think again
fernando en gont.com.ar
Lun Mayo 20 23:03:23 BRT 2013
-------- Original Message --------
Subject: Think your Skype messages get end-to-end encryption? Think again
Date: Mon, 20 May 2013 16:17:01 +0000
From: <Dan Goodin>
Think your Skype messages get end-to-end encryption? Think agai
If you think the private messages you send over Skype are protected by
end-to-end encryption, think again. The Microsoft-owned service
regularly scans message contents for signs of fraud, and company
managers may log the results indefinitely, Ars has confirmed. And this
can only happen if Microsoft can convert the messages into
human-readable form at will.
With the help of independent privacy and security researcher Ashkan
Soltani <http://ashkansoltani.org/bio.html>, Ars used Skype to send four
Web links that were created solely for purposes of this article. Two of
them were never clicked on, but the other two—one beginning in HTTP link
and the other HTTPS—were accessed by a machine at 188.8.131.52, an IP
address belonging to Microsoft
<http://www.whois.net/ip-address-lookup/184.108.40.206>. For those
interested in the technical details, the log line looked like this:
'220.127.116.11 - - [16/May/2013 11:30:10] "HEAD /index.html?test_never_clicked HTTP/1.1" 200 -'
The results—which were similar but not identical to those reported last
by The H Security—prove conclusively that Microsoft not only has ability
to peer at the plaintext sent from one Skype user to another, but that
the company regularly flexes that monitoring muscle.
Read 9 remaining paragraphs
e-mail: fernando en gont.com.ar || fgont en si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
Más información sobre la lista de distribución Seguridad