There’s an article in Swedish newspaper Aftonbladet titled “Your boss can spy on your Skype session“.
From the article:
Andy Swärd discovered the security hole by accident. He was logged into the same Skype account on two computers and noticed that his chat messages showed up on both computers.
– Today it’s usual for companies to assign their employees Skype accounts. This means that your boss and your colleagues can monitor what you’re doing at work, he says.
IT and security “expert” Joakim von Braun is quoted in the article as saying: “Skype really should have better security for chats”.
This is an amazing discovery! I’ve been using this Skype feature for quite some time and never realized it’s actually a security hole… but then again, I’m not a security “expert”.
PS: Did you know that if someone has your email password, they can read your email?
I never realized that anyone could read my e-mail if they had my account password! ;P
I wonder how Aftonbladet could publish an article like this? Did someone actually read trough it before they published it?
Well, Someone read it… it’s just that they don’t understand what they read!!
Well, I know that since long. I think this is a feature not a bug, too.
This is truly a useful feature not a security hole.
I hope they don’t plug it, but maybe there should be a force all other sessions to end (Happens when you change password?)
There are jabber clients and servers that do not allow multiple logins at the same time. These ones disconnect the former connection and replace it by the new one. Maybe Joakim only wants to present that multiple logins are possible on Skype.
Actually, this “bug” is present in instant message protocols as well. They normally kick you off if you’re logged in twice from a different IP. I frequently am logged in on multiple machines on my home network, with no problem. And yes, if the service merely THINKS you’re on the same network it’s the same (aka, if you put a proxy on my machine, and login through that, I won’t be logged off). Maybe there are jabber clients I haven’t had a chance to play with, but I’d be very surprised if any major network has solved this “bug” completely.
Best fix for this “bug”? Go somewhere you trust your bosses, or can safeguard your login.
Note: No, I don’t think its a security hole, the “bug” is just to use their wording.
Hehehe… AIM does this too, except only incoming messages are broadcast to both clients.
I’ve never used Skype, but AIM’s implementation of this feature has a catch: when you log in a second time, you’re IM’ed by “AOL System” or something, telling you that you’re logged in from two locations, telling you to IM back something specific to disconnect the other party. Without this feature I’d consider multiple logins something of a privacy risk, since passwords can be compromised. Of course, someone could always just sniff your LAN traffic, but that requires at least a little technical sophistication.
Does Skype do something similar, notifying you if you’re logged in twice? Because I’d think it should.
There is another loop hole in it when you talk on it they can stand in your office and hear what your saying
How about Skype reading part of your BIOS with “1.com” file?
http://www.pagetable.com/?p=27
Looks nice, huh?