Skype 泄露你的IP地址和地理位置
lihlii
这个网站使得查在线 skype 用户的IP地址极为便利,不需要什么技术知识就可以做到了。但这个查询还不够强,是只能查在线用户地址的,但如果带一个存档功能,就可以积累很多用户的位 置历史信息了,那就对隐私的威胁更大了。
Skype 是 P2P 协议类型软件,不用代理就会泄露 IP 地址。即使没有这个网站,在和对方联系时,用 tcpview 软件查看 skype 所连接的对方IP 地址往往也可判断对方 IP 地址,除非双方都没有外部端口,经过第三方节点接力。
用代理隐藏 Skype 的 IP 地址时需要注意, 经过测试发现,skype 设置选项中的代理可能不起作用!它会先尝试直接连接,不成功才会使用你所设置的代理。所以应当用 freecap 设置好本机加密代理入口地址,将 skype 放入 freecap 中运行。[8]
gmail chat 如果不传送文件或者语音对话,不会泄露 IP 地址。
- Skype 对话记录怎么删除? http://lihlii.blogspot.com/2011/12/skype.html
- Skype 涉及隐私的数据文件 安全问题参考资料
http://lihlii.posterous.com/skype-952
https://plus.google.com/111763901051622023220/posts/DJeAbJj5kdd - 网狗无处不在 skype 聊天安全指南
- skype 聊天安全指南 如何鉴别网狗
https://www.google.com/buzz/changsimeng/QSVPTpzQRaA/
https://www.google.com/buzz/changsimeng/1QpbkvsPkwX/
https://www.google.com/buzz/changsimeng/awwTeecMAee/ - 利用聊天历史记录取证/抓人 https://www.google.com/buzz/williamlone/RJi3JLdh5Gd/
- 网络安全指南 一个好的密码策略 http://lihlii.blogspot.com/2011/12/blog-post_5002.html
- 查询 Skype 帐号的 IP 地址相关技术参考
http://news.ycombinator.com/item?id=3899829
https://github.com/zhovner/Skype-iplookup/
http://skype-open-source.blogspot.de/2012/04/skype-user-ip-address-disclosure.html
How To Get Someone's IP Through Skype http://www.youtube.com/watch?v=ro_zrbBsgBk - 立里:网狗无处不
在 skype 聊天安全指南 1/2
https://profiles.google.com/111763901051622023220/buzz/1QpbkvsPkwX
喜欢这篇文章吗?欢迎发空信给 lihlii+s...@googlegroups.com 订阅《童言无忌》邮件组 发空信给 jrzl+su...@googlegroups.com 订阅《今日知录邮件组》。
lihlii
这个网站的好处是提醒人们注意 skype 隐私安全问题,以及方便检查隐身多重登录的安全问题[1]-[3],即自己的 skype 帐号被人窃取密码后隐身登录窃听。经过测试,如果同时有多个地址登录,也会显示出来的。
因为病毒木马欺诈横行网络,所以在 Skype 等即时通软件接受文件传送前,最好通过语音对话确认对方真实身份。即便是自己熟悉信任的朋友,他也可能因为误判而上当,向你推荐有木马病毒的文档、软件 等。因此即便自己熟悉信任的亲朋通过 email, Skype 等即时通发来的文件,也必须上传到 http://virustotal.com 做病毒扫描检查为妥。且注意,少数并非木马病毒的文件也会被 virustotal 误判为恶意或可疑病毒木马,而有些经过改造的木马也可能通过检测而报告无毒。所以经过检测的文件,依然需要谨慎打开。
参考:
- 关于Skype 隐身多重登录的安全问题,请参考: 网狗无处不在 skype 聊天安全指南 1/2
https://profiles.google.com/111763901051622023220/buzz/1QpbkvsPkwX
http://lihlii.posterous.com/skype#002 - Skype 对话记录怎么删除? http://lihlii.blogspot.com/2011/12/skype.html
- 一个发现 Skype “影子登录”的方法 http://lihlii.posterous.com/87285130
- Skype 泄露你的IP地址和地理位置 http://lihlii.blogspot.com/2012/04/skype-ip.html
lihlii
30 April 2012, 17:53
Skype divulges user IP addresses - Update
According to a blog post, a modified version of the Skype VoIP software can be used to easily find out the IP address of any valid Skype user. No contact has to be made with the user in order to get the information. This IP could then be used to find out other personal details about the user, such as their location or even their employer.
With a certain registry key, the manipulated version of Skype will create a log file with information including other users' external and internal IP addresses. These IPs can be retrieved simply by opening up a user's profile with the Skype client. In a test conducted by The H's associates at heise Security, the log file always showed the correct IPs – and when a user was logged in with multiple clients, the IP addresses for all the clients were visible.
The skype-ip-finder.tk web service
reliably finds out Skype users' IP addresses 
Shortly after this was discovered, a hacker known as "Zhovner" put
together the skype-ip-finder.tk web service. After a CAPTCHA has
been submitted, the service can be used to find out IPs even
without the special Skype client, and therefore without having to
use a valid Skype account.
The service uses a modified version of Skype's SkypeKit SDK that is currently only available via BitTorrent, and Zhovner has put the necessary Python scripts on GitHub. In a post on Hacker News, Zhovner says that Skype has already banned his account, likely because of his experiments.
Update 03-05-12: According to Sophos, Skype, now owned by Microsoft, has known about the IP address security flaw since November 2010, when it was first disclosed to the company by researchers from the French Inria institute and the Polytechnic Institute of New York University.
(crve)
Skype 泄露你的IP地址和地理位置 http://lihlii.blogspot.com/2012/04/skype-ip.html