skype not so anonymous...
Marcos el Ruptor
Ruptor at cryptolib.com
Mon Sep 4 02:04:05 EDT 2006
One thing is possible with Skype: any user can easily obtain any other
user's IP address (actually both internal and external IPs). Those users
don't even need to be on his contact list. Of course one would need cracking
tools or a decrypted patched Skype executable with all the 288 integrity
checks removed to make Skype spit out its debugging logs, unless one knows
the right values for the HKCU\Software\Skype\Phone\UI\General\Logging and
Logging2 registry keys that Skype checks comparing their MD5 hashes. There
is not much else that can be done, but that is one possibility. Of course,
if a direct connection is established, any TCP/IP monitoring tool would show
all the contacted IPs.
Although in this case it's obviously the man's stupidity using an instant
messenger with his old virtual identity that got him tracked down. No one
stopped him from registering a different Skype account to contact whoever he
trusted if he didn't want to be found. But I have to agree that Skype could
be made anonymous and is not anonymous at all. It's much harder to obtain
someone's IP address in other instant messengers where users can disallow
direct connections and thus remain anonymous at least to other users.
Ruptor
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list