Results 1 to 1 of 1
-
7th Jun 2014, 03:08 PM #1
Skype Users Face Security Risk Due to Unencrypted Data
Microsoft’s Skype is an extremely popular VoIP/video conferencing tool that is used by both individuals and business organizations, but with over 300 million users, the security risks affecting it have an even bigger impact.
According to Solutionary’s May Threat Report, the fact that Skype keeps personally identifiable information, alongside chat transcripts in an unencrypted file on the local system, makes users vulnerable.
What does this mean? It means that anyone that has the knowledge and skill to hack a Skype user can easily get access to personal information without actually having to hack into Microsoft’s servers.
The file that concerns Solutionary was named main.db, a clear indicator as to what the document holds. It can be found on:
- C:\Users\Username\AppData\Roaming\Skype\SkypeName on Windows
- /Users/user/Library/Application Support/Skype/SkypeName on Mac
- /home/user/.Skype/SkypeName on Linux.
As the IT security company points out, no one, especially not a company the size of Microsoft, should trust its users’ security in the hands of a system obscurity feature.
When the file is collected, it can be opened with SQLite since it is completely unencrypted. Inside, there’s a long list of tables such as Accounts, Alerts, Calls, ChatMmebers, Contact, DBMeta, Messages, Participants, SMSes, VideoMEssages, Videos and Voicemails, to name just a few.
Basically, it’s the main database file for Skype functions, which makes it pretty easy to infer what kind of information is stored in most of the tables. Hackers can gain access to the users’ full name, birth date, country, city, email address, phone numbers and even the complete chat transcript.
“The details above are stored both about the direct user and any contacts that they may have in Skype. All of this could represent valuable information to an attacker. Additionally, the plain text and simple location make it an easy task for anyone, even without administrator access, to extract the database’s information. Of course, this does indicate a larger issue, such as that the file system is compromised in another fashion,” reads the security research.
Users are advised to use an alternate, more secure program, such as Citrix. There’s also the option of using full-disk encryption to make sure the data remains secure. Deleting the database each time the program is closed should work as well, but it’s a process that takes time and it can be quite annoying. Furthermore, while the program is running, users are still vulnerable.Kepler Reviewed by Kepler on . Skype Users Face Security Risk Due to Unencrypted Data http://i1-news.softpedia-static.com/images/news-700/Skype-Users-Face-Security-Risk-Due-to-Unencrypted-Data.jpg Microsoft’s Skype is an extremely popular VoIP/video conferencing tool that is used by both individuals and business organizations, but with over 300 million users, the security risks affecting it have an even bigger impact. According to Solutionary’s May Threat Report, the fact that Skype keeps personally identifiable information, alongside chat transcripts in an unencrypted Rating: 5
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
Microsoft abandons WebGL plans due to security concerns
By ShareShiz in forum News & Current EventsReplies: 0Last Post: 18th Jun 2011, 02:23 AM -
Google Blocking URL's Due to DMCA Complaint?
By bxflow in forum General DiscussionReplies: 12Last Post: 28th Jun 2010, 03:49 PM -
Setting up FTP server on ubuntu so user XXXX has only acess to /var/www/
By jessepure in forum Server ManagementReplies: 9Last Post: 29th Apr 2010, 02:27 PM -
Rapidshare Account Disabling, due to Sharing
By EvilGenius in forum General DiscussionReplies: 7Last Post: 8th Oct 2009, 07:13 AM -
Suspended due to high CPU load
By Neokenzo in forum Hosting DiscussionReplies: 12Last Post: 12th Sep 2009, 12:54 AM
themaCreator - create posts from...
Version 3.22 released. Open older version (or...