On Wed, Nov 14, 2012 at 2:02 AM, Eric S Johnson <cra...@oneotaslopes.org> wrote: > Alternatively, since (like OTR) no Skype communication is known to have ever > been successfully in-line-intercepted […]
I guess it depends on your definition of “in-line interception”, but there is a topic making rounds in Russian blogosphere today about hijacking Skype accounts based on knowledge of victim's email. You can download chat history from conversation partners (or possibly even from the victim who is logged in elsewhere) after that. Apparently, Skype was vulnerable to the method for at least several months (with many users hijacked), and ignored reports by the blogger in question. It seems that they put in some crude temporary fix today, partially disabling users' ability to reset passwords. http://habrahabr.ru/post/158545/ (Russian, with details and noise) http://en.ria.ru/world/20121114/177453756.html (English, summary) -- Maxim Kammerer Liberté Linux: http://dee.su/liberte -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech