skype not so anonymous...

Marcos el Ruptor Ruptor at cryptolib.com
Mon Sep 4 02:04:05 EDT 2006


One thing is possible with Skype: any user can easily obtain any other 
user's IP address (actually both internal and external IPs). Those users 
don't even need to be on his contact list. Of course one would need cracking 
tools or a decrypted patched Skype executable with all the 288 integrity 
checks removed to make Skype spit out its debugging logs, unless one knows 
the right values for the HKCU\Software\Skype\Phone\UI\General\Logging and 
Logging2 registry keys that Skype checks comparing their MD5 hashes. There 
is not much else that can be done, but that is one possibility. Of course, 
if a direct connection is established, any TCP/IP monitoring tool would show 
all the contacted IPs.

Although in this case it's obviously the man's stupidity using an instant 
messenger with his old virtual identity that got him tracked down. No one 
stopped him from registering a different Skype account to contact whoever he 
trusted if he didn't want to be found. But I have to agree that Skype could 
be made anonymous and is not anonymous at all. It's much harder to obtain 
someone's IP address in other instant messengers where users can disallow 
direct connections and thus remain anonymous at least to other users.

Ruptor 


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list