I'm trying to start server.py on Ubuntu 12.04 (Python 2.6.7) but I receive this error starting server.py:
Exception AttributeError: "SkypeKit instance has no attribute 'socket'" in <bound method SkypeKit.__del__ of <skypekit.SkypeKit instance at 0x117d7a0>> ignored
Unable to create Skype instance
I moved server.py already in the right place but is not clear for me which values I need to write into keypair.py could you please write a detailed readme on github?
Please don't downvote this. This is the actual developer asking for failure reports etc. English is not his first language, either, so please don't downvote because of brevity or poor grammar, either.
Skype is at its core a p2p idea, so this is expectable. That's sort of the same thing that was done for bittorent users, except with a single centralized authority.
The interesting thing is that they do this without making a call. They only request contact information. This could be avoided.
Skype can mitigate this, but in the end, there is little more to be done. If you want a p2p network where anyone can be reached, at some point, you will need ips.
What they could do is have contact requests go through Skype master servers, not p2p, that way you could only look up the IPs of people you are connected to. But is it a big enough issue that they will make such a big change? I doubt it - and I'm not sure they ought to have to do it, either.
Yes there would have to be master servers to close this hole, but I can't imagine how it can be done without everybody upgrading to the new client, so we can assume that every Skype user's ip is known or will soon be known. The current state will last for a while.
You don't have to be even logged in for this to work(!) according to some already published research.
Note that you are not always forced to be in someone's contact list to contact him. It's a user configurable setting. I wonder if call-blocking for incoming calls from persons not in contact list is done at server level or client level.
I wanted to see if i could find someone. Went onto twitch.tv. Picked a random stream. Got email. Looked up Skype id from email. Searched for skype id which gave me the IP and the small town where they currently reside.
Its worrying how easy this makes it to find someone.
My IP resolves to a location ~20 miles away. I don't see why having a Skype contact and knowing a 20 mile radius where they live is anything to worry about?
Most residential internet connections don't have any sort of DDOS protection, so privacy issues aside, at the very least you are open to a simple denial-of-service attack. This was a huge problem for the popular progamer "Destiny" in the Starcraft 2 community.
But is no different than just send them a link where you save their IP when they open it (and with little social engineering you can trick anyone into clicking a link)
Actually, it's very different because one can passively acquire contact info this way, as opposed to actively contacting each one. Not only is it faster than social-engineering each contact, it's more palatable to those who don't want to attempt such.
Sometimes you can get to the correct city in the US. Rarely can you get any further than that from an IP. In other countries you can only really be sure about the country.
Could you somehow scrape all users and get an IP address -> skype name mapping? You could then know the Skype usernames of all visitors to your website.
No this not possible. Only skypename -> IP, and only email -> skypename. You can parse whole skype network and store all IP's if you can handle so many data.
The geek part of me wants to do this / see this done, the part of me that oversees a few popular content sites thinks there isn't a huge amount of benefit to it. Even for malicious purposes, Skype is a very poor option for spamming.
So yeah, this has me more than a little perturbed. I generally don't have a problem sacrificing some privacy in return for functionality (the terms of service of several popular social networks come to mind), but this... is a bit of a different situation.
Does anybody have a good short-list of Skype alternatives? I don't know that its possible for me to stop using it altogether, but I'd certainly consider cutting back...
But, it doesn't support the Skype protocol, and it runs on Java, with which some people have an issue (but also allows for cross-platform compatibility).
should be easy to do file sharing over skype when you have the receiver's ip and an open udp port through the firewall. maybe someone will release an app. can the mpaa sue microsoft?
Any insights into the exploit? Obviously the bug here is that they got the IP without any confirmation from me; ideally Skype should be popping up the "new buddy request" dialog, but it's not.
So is this a fixable leak, or something core to the protocol (i.e. do you request a buddy P2P too?)
It's interesting that I can lookup people at my company who are behind the same connection that I am, but my account doesn't give away my IP. They also seem to get a lot more SPAM calls whereas I get fewer. I wonder if it's a privacy setting that I setup in the past or just the fact that my account is older.
Either way, it's great to know that this is possible.
This isn't exactly patchable by skype, is it? Obviously skype could turn off some printfs from the log, but the fact the client needs the IPs and Ports to attempt connecting locally, and then over WAN, makes me think that a tool like this can exist forever.
That's why Google didn't bought Skype, their P2P is not state of the art. Your client is also a server for someone else, they obviously need your IP address and a proxy would not reduce traffic for Skype.
That's scary if they really show the local IP. It becomes quite handy tool for hackers. If they have breached any computer in a company network and want to target the CEO's computer next they can just use Skype to get his IP.
this is not an "exploit". as the man says, your IP is being sent out to the network. others on the network are using your machine's resources. that's how skype works. he's just showing you this fact.
Fair point, but equally Skype was an independent company when it developed its protocol, and although Microsoft hasn't fixed it, its not really their fault.
I doubt it.. I brought this up on Skype forum and the thread was deleted 5 minutes later...
EDIT: I queried the deletion with a moderater. Was informed it had been moved to the forums admin area to be discussed at their next meeting. He said he agreed it looks like a serious problem so they are aware.
Now it is in hands of Microsoft but the problem was created early when skype was created, they never saw this as a big issue I guess. And honestly is it a big issue? I think it isn't worth sewing for, right now it's more of a face issue if anything. Im sure MS can handle this, if they want to/
Why is that? You get the same thing with emails / IRC / some IM protocols / VoIP. What's so "scary" about someone knowing your current IP?
I mean - it's one thing if Skype was advertising itself as a privacy protecting, identity hiding service... but they don't. They provide convenient A/V connections.
Let's say A wants to find B's IP address. In the case of email, A would need to trick B into replying to an email (and also use an email service that adds the client IP header). In the case of most IM servces, B would need to accept a friend request federated from a server. If I'm understanding this correctly, with Skype, A merely has to query B's status to get B's IP address.
I am firing our security consultant for not telling us about this. Our entire organization is exposed. We have just learned that the man behind Skype is the same person who was behind Kazaa. And he knew this all along.
I think you might be overreacting. The kazaa thing was kind of common knowledge. Unless your business is very unsavory, I don't think allowing skype to get in your office, like every other office in North America, is any great failing.
It based on deobfuscated Skypekit runtime that write clear debug log.
Wrapper just make vcard refresh from p2p skype network and then parse debug log.
Here is the sources of python wrapper https://github.com/zhovner/Skype-iplookup/