On TechRepublic: Five super-secret features in Windows 7
BNET Business Network:
BNET
TechRepublic
ZDNet

August 17th, 2007

Skype still down - Published DoS exploit may be culprit

Posted by George Ou @ 12:54 am

Categories: News, Security

Tags: DOS, Skype Technologies S.A., George Ou

[UPDATE 8/18/2007 - Another Russian site is claiming this was a DoS attack against Skype's authentication servers.  Skype continue to deny.] 

It’s been a day and Skype is still down for me.  The task tray Skype logo never turns green for me and it keeps trying to connect.  The service was intermittently up on Thursday afternoon Pacific Standard Time but it hard down now.

Valery Marchuk of SecurityLab.ru may have an explanation for this world wide outage for Skype.  Marchuk posted the following message on the full disclosure mailing list:

Valery Marchuk: On SecurityLab.ru forum an exploit code was published by an anonymous user.  Reportedly it must have caused Skype massive disconnections today.

The PoC uses standard Skype client to call to a specific number. This call causes denial of service of current Skype server and forces Skype to reconnect to another server. The new server also “freezes” and so on … the entire network.

Marchuk posted a link to the PoC (Proof of Concept) code for the exploit which I’ve left out.  If this is true, this sounds like the kind of low-cost non-brute force DoS (Denial of Service) attack that can bring down an entire service.  Since Skype is still down, this may be a very plausible explanation.

Skype is denying this is some kind of attack and posted the following note:

Hello everyone,

Apologies for the delay, but we can now update you on the Skype sign-on issue. As we continue to work hard at resolving the problem, we wanted to dispel some of the concerns that you may have. The Skype system has not crashed or been victim of a cyber attack. We love our customers too much to let that happen. This problem occurred because of a deficiency in an algorithm within Skype networking software. This controls the interaction between the user’s own Skype client and the rest of the Skype network.

Rest assured that everyone at Skype is working around the clock — from Tallinn to Luxembourg to San Jose — to resume normal service as quickly as possible.

George Ou is Technical Director of ZDNet. See his full profile and disclosure of his industry affiliations.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 14 Talkback(s)
According to article on E-week.
http://www.eweek.com/article2/0,1895,2173451,00.asp

George, if you are going to continue in your bashing mode, at least get your facts straight before slandering those involved.... (Read the rest)
Posted by: bjbrock Posted on: 08/21/07 You are currently: a Guest | | Terms of Use
Not DOS according to Skype  tech_israel | 08/17/07
Still looks down to me  georgeou | 08/17/07
Don't agree with "worldwide"...  jasonp@... | 08/17/07
Maybe in some countries...  khopuki | 08/17/07
"software problem"  peter@... | 08/17/07
Who knows, could be a euphemism indeed  georgeou | 08/17/07
Secure Because "We Love Our Customers"?  Whyaylooh | 08/17/07
AHAHAHAHAHAAHA, lol  georgeou | 08/17/07
This is real world IT, but  crashOverburn | 08/17/07
http://www.ush.it/2007/08/18/why-the-skype-0day-exploit-is-a-fake/  fakefakefak3 | 08/19/07
back up  richvball44 | 08/19/07
"Skype Outage Caused by Microsoft Update"  mlindl | 08/20/07
I've had no problems with Skype  mlindl | 08/20/07
According to article on E-week.  bjbrock | 08/21/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Click Here
advertisement
Click Here

Recent Entries

Top Rated

    advertisement

    Archives

    ZDNet Blogs

    White Papers, Webcasts, and Downloads

    SmartPlanet

    Click Here