Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Did Russian Hackers Crash Skype?

kdawson posted more than 6 years ago | from the flicking-a-domino dept.

Security 108

An anonymous reader sends us to the www.xakep.ru forum where a poster claims that the worldwide Skype crash was caused by Russian hackers (in Russian). The claim is that they found a local buffer overflow vulnerability caused by sending a long string to the Skype authorization server. You can try Google's beta Russian-to-English translation, but the interesting part is the exploit code, and that's more readable in the original. The Washington Post reports that Skype has denied this rumor.

cancel ×

108 comments

First post! (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#20281057)

First post!

IN SOVIET RUSSIA (0, Redundant)

Dragoonkain (704719) | more than 6 years ago | (#20281105)

skype Hacks You!!!!!!!!

Re:IN SOVIET RUSSIA (4, Funny)

Arthur Grumbine (1086397) | more than 6 years ago | (#20281249)

And the long string was... "In Soviet Russia we are tired of all the mindless obligatory comments about the beloved Motherland."

In Soviet Russia... (-1, Offtopic)

computerman413 (1122419) | more than 6 years ago | (#20281097)

Phones crash you!

Re:In Soviet Russia... (5, Funny)

r00b (923145) | more than 6 years ago | (#20281119)

In America you crash when using the phone.

The Russian hackers were unavailable for comment (0, Offtopic)

Anonymous Coward | more than 6 years ago | (#20281111)

Because they use Skype.

Russia (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#20281121)

Do they even have phones in Russia?

The code snippet seems to be wrong (4, Informative)

ghost4096 (661448) | more than 6 years ago | (#20281129)

The loop body will never execute....

Re:The code snippet seems to be wrong (5, Funny)

tftp (111690) | more than 6 years ago | (#20281229)

It actually executes, I tried the loop just now.

Re:The code snippet seems to be wrong (2, Funny)

Daimanta (1140543) | more than 6 years ago | (#20285147)

It actually executes, I tried the loop just now.

Re:The code snippet seems to be wrong (1)

Stormx2 (1003260) | more than 6 years ago | (#20281343)

Just expanding here. Disclaimer: I don't know perl.

for ($i=256; $i>xCCCCC; $i=$i+256) { ... }
$i is set to 256, however the loop only iterates when $i is greater than xCCCCC (Which I assume is a hex notation of a number greater than 256). Hence, this condition returns false the first time it is tested and the loop body is never processed.

Re:The code snippet seems to be wrong (4, Informative)

eggnoglatte (1047660) | more than 6 years ago | (#20281417)

Hex constants in Perl, like C/C++ have to start with "0", so the correct syntax for what you describe would be 0xCCCCC. Without the leading 0, the expression gets interpreted as a variable name.

Re:The code snippet seems to be wrong (1)

eneville (745111) | more than 6 years ago | (#20284347)

Hex constants in Perl, like C/C++ have to start with "0", so the correct syntax for what you describe would be 0xCCCCC. Without the leading 0, the expression gets interpreted as a variable name.
no, octal numbers start with 0. hex numbers start with x.

Re:The code snippet seems to be wrong (4, Informative)

eneville (745111) | more than 6 years ago | (#20284497)

Hex constants in Perl, like C/C++ have to start with "0", so the correct syntax for what you describe would be 0xCCCCC. Without the leading 0, the expression gets interpreted as a variable name.
no, octal numbers start with 0. hex numbers start with x.
typo: no, octal numbers start with 0. hex numbers start with 0x.

Re:The code snippet seems to be wrong (3, Informative)

lgftsa (617184) | more than 6 years ago | (#20281433)

It's the other way around. xCCCC is not a valid number in perl, so the loop will never exit.

Re:The code snippet seems to be wrong (5, Funny)

svallarian (43156) | more than 6 years ago | (#20282157)

It's obviously a typo. Since it was Russian code, it was supposed to be xCCCP

Re:The code snippet seems to be wrong (1, Redundant)

crispin_bollocks (1144567) | more than 6 years ago | (#20282201)

Maybe you should try CCCP

Re:The code snippet seems to be wrong (0)

Anonymous Coward | more than 6 years ago | (#20281983)

How about a little reversal?

In Soviet Russia, you crash Skype

In America, Skype crash you! [nytimes.com]

Re:The code snippet seems to be wrong (4, Informative)

ThePhilips (752041) | more than 6 years ago | (#20284011)

Well, this is very very very old Russian hacker tradition: introduce flaw in the crack/exploit to prevent it from being (ab)used by idiots.

Re:The code snippet seems to be wrong (2, Funny)

ultranova (717540) | more than 6 years ago | (#20285455)

Well, this is very very very old Russian hacker tradition: introduce flaw in the crack/exploit to prevent it from being (ab)used by idiots.

In Soviet Russia idiots abuse you !

Russians ? They don't have good education (-1)

Anonymous Coward | more than 6 years ago | (#20281135)

This poor country can no longer afford to educate their people
Only our great american school system is capable of high quality education needed to perform such a analysis and eventual attack.
So don't believe these stories in russian hackers anymore

Re:Russians ? They don't have good education (0, Offtopic)

ScrewMaster (602015) | more than 6 years ago | (#20282841)

That's funny. I know way too many highly-educated Russians to believe that. Nice try though.

Re:Russians ? They don't have good education (1)

LanceUppercut (766964) | more than 6 years ago | (#20283479)

He's joking all right. In the modern world "education" is a chiefly Russian word. Not only Russinas have good education, they are just about the only ones who still do. That's why USA is crawling across former USSR territories on its knees tearfully begging people to come to work for the USA.

Re:Russians ? They don't have good education (-1)

Anonymous Coward | more than 6 years ago | (#20286357)

Uh, no you dipshit. Pretty much every county != america is doing it.

Re:Russians ? They don't have good education (1)

raju1kabir (251972) | more than 6 years ago | (#20287727)

In the modern world "education" is a chiefly Russian word. Not only Russinas have good education, they are just about the only ones who still do. That's why USA is crawling across former USSR territories on its knees tearfully begging people to come to work for the USA.

And it's also why all the jobs are in the USA?

Re:Russians ? They don't have good education (2, Funny)

LanceUppercut (766964) | more than 6 years ago | (#20283461)

LOL. "American school system". What is it, an oxymoron contest? :)

Hey, it might work (0)

Anonymous Coward | more than 6 years ago | (#20281189)

If 500,000 clients were to try that trick on the Auth server at the same time, over and over again.

Look (3, Interesting)

TheRealMindChild (743925) | more than 6 years ago | (#20281203)

strncpy

Re:Look (2, Informative)

Traa (158207) | more than 6 years ago | (#20281393)

You think that strncpy is safe??

The following code snippets assume pszSrc is smaller or equal to 50 chars

// Example #1

#define MAX (50)
char *pszDest = malloc(sizeof(pszSrc));
strncpy(pszDest,pszSrc,MA X);

// Example #2

#define MAX (50)
char szDest[MAX];
strncpy(szDest,pszSrc,MAX);

// Example #3

#define MAX (50)
char szDest[MAX];
strncpy(szDest,pszSrc,MAX);
pszDest [MAX] = '\0';

// Example #4

#define MAX (50)
char szDest[MAX];
strncpy(szDest,pszSrc,MAX-1);
strnc at(szDest,pszSrc,MAX-1);

// Example #5

char szDest[50];
_snprintf(szDest, strlen(szDest), "%s",szSrc);
Which of the above is safe?

Not a single one!

#1: sizeof(pszSrc) is 4 if pszSrc is a pointer, not a staticly-allocated array.
#2: szDest is left unterminated if strlen(pszSrc) equals MAX
#3: Writing "szDest[MAX]" overruns the array
#4: Misuse of the size parameter to strncat, it should be the space left, not the total space in the array.
#5: Author of that code doesn't understand strlen ;)

Sorry, you didn't get the job.

The above snippet was taken from here [msdn.com]

Re:Look (1)

TheRealMindChild (743925) | more than 6 years ago | (#20281491)

Are you actually arguing with me, buy providing idiot code examples? What good is strncpy and its brothers if you use strlen()? Is it MY fault the person writing your code doesn't understand sizeof()? You may as well teach me how to fill up a car by siphoning gas from another car while smoking a blunt.

Re:Look (0)

Traa (158207) | more than 6 years ago | (#20281591)

How to siphon gasoline [misterfixit.com]

oh, lighten up (no pun intended).

Re:Look (2, Insightful)

nevali (942731) | more than 6 years ago | (#20281579)

If you use strncpy(), you make sure the string has a terminator if you're going to need one.

It's really that simple. Every specification which explains strncpy() says as much.

Using strncpy() as specified is infinitely safer than using a function which blindly copies characters forever irrespective of your buffer size.

Posting five examples of "the author doesn't understand C arrays or strncpy()" isn't an argument for strncpy() being horrifically unsafe, it's an argument that for every single programming construct, there are five programmers out there who are guaranteed to fuck them up.

The worst thing is, this is first-grade C programming. If you don't understand this stuff, you need to go back and learn how arrays and strings work.

Next week: why memcpy() on overlapping buffer regions can eat your cat!

Re:Look (1, Troll)

obarel (670863) | more than 6 years ago | (#20281635)

You don't even need strncpy to write unsafe code. Look:

int *p;

*p = 5;

Amazing, isn't it?

Yes, it does make sense to learn how to use a programming language before using it. It's possible to use most <string.h> functions in an unsafe way - so what? The point is that some functions are inherently unsafe (strlen, strcpy) whereas some can actually be safe, if one knows how to use them, of course.

What do you mean "safety pin"? I just pricked myself!

Re:Look (0)

Anonymous Coward | more than 6 years ago | (#20281997)

You think that strncpy is safe??
The strn functions aren't safe, just convenient. You can use the plain old str functions safely - it just takes a certain amount of checking and discipline, the strn functions remove the necessity for you to do *some* of those checks.

But lets face it, the entire notion of c-style strings is fairly dangerous and error prone, powerful tools often are - it's up to you to be careful.

Re:Look (1)

jlarocco (851450) | more than 6 years ago | (#20283187)

The problem with those examples isn't strncat. It's that whoever wrote them had a very poor understanding of C.

Tards who don't learn the language they're writing in are going to write buggy code no matter what language they use. You're complaining about the wrong thing.

Re:Look (3, Insightful)

PhrostyMcByte (589271) | more than 6 years ago | (#20281621)

It's very rare for it to be okay to not write a trailing 0 terminator, or need unused buffer space padded with 0's. and that's exactly what the 'n' functions can do - the number of coders who don't know this and choose to blindly assume the functions protect them is astounding.

Really, though. If you need the buffer space, you need the buffer space. Truncation is usually not an option. This is sloppy coding, but not due to lack of using 'n' functions. Resize as needed or reject the request if it gets too big.

Re:Look (1)

TheRaven64 (641858) | more than 6 years ago | (#20281889)

Strncpy and friends can truncate, and worse they can silently truncate. That is why it is recommended to you strlcpy. Sadly, the idiots who maintain glibc, refused to accept the patches because it's 'inefficient BSD crap,' making it very hard to write secure code that also works on GNU/Linux.

Re:Look (1)

QuoteMstr (55051) | more than 6 years ago | (#20283141)

If you really want to silently truncate data, go ahead:

#define strlcat(dst, src, size) snprintf(size, dest, "%s", src)

Aren't you usually better off dynamically allocating these things anyway? asprintf works well. Python works better yet. :-)

Re:Look (1)

QuoteMstr (55051) | more than 6 years ago | (#20283147)

err, strlcpy.

#define strlcpy(dst, src, size) snprintf((size), (dst), "%s", (src))
#define strlcat(dst, src, size) snprintf((size) - strlen(dst), (dst) + strlen(dst), "%s", (src))

Re:Look (1)

LanceUppercut (766964) | more than 6 years ago | (#20283509)

'strncpy' is an obsolete function that no longer has any uses. If you think it can be used for safe 0-terminated string copying, think again.

Re:Look (1)

eneville (745111) | more than 6 years ago | (#20286241)

'strncpy' is an obsolete function that no longer has any uses. If you think it can be used for safe 0-terminated string copying, think again.
I disagree, it's still got uses, but personally snprintf can be used for most purposes. snprintf is not standard.

Translation (5, Informative)

ACS Solver (1068112) | more than 6 years ago | (#20281217)

Here's the article's introductory part properly translated.

"The reason for yesterday's downtime of the Skype network is research of Russian crackers, as reported by one of our readers.

While searching for a local buffer overflow, a possibility was found to send a long string to the server, overflowing its buffer and causing the server to go down. Its place is taken by another server from the P2P network, the error arises on it in the same way, and so on. As a result, the entire Skype network refused service for several hours and the developer team was forced to turn off authentication.

Here's the exploit code:"

Re:Translation (4, Informative)

mobby_6kl (668092) | more than 6 years ago | (#20281427)

You've got to be kidding, I was about to submit my own translation! :)

Anyway, your version is probably a little better, so I'll contribute with something else. The script is very short too, so here it is:

#!/usr/bin/perl
# Simle Code by Maranax Porex ;D
# Ya Skaypeg!!
 
for ($i=256; $i>xCCCCC; $i=$i+256)
{
$eot='AAAA' x $i;
call_sp();
}
exit;
 
sub call_sp()
{
$str="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" \"/uri:$eot\"";
system("$str");
}
The first page of comments seems to be just the usual bunch of trolls, assholes, and simply useless posts, except for one that claims the code has been shown not to do anything on a dedicated security site [securitylab.ru] . The Skype article on the front page doesn't contain any additional information. The attack looks almost too simple to work, but I wasn't able to find any strong evidence that would suggest that it doesn't, at least not with a few quick searches.

Skype has to change for eavesdropping law (3, Interesting)

Burz (138833) | more than 6 years ago | (#20282621)

It probably has more to do with Skype retooling for eavesdropping requirements under the new wiretap law. Skype handles a lot of international traffic, encrypted and often in a P2P fashion, so a major change is necessary in order to comply.

From what little I know about Skype, the network can cause both parties in a Skype-Skype call to route through a third party, a supernode (this is done to defeat firewall complications). So perhaps they would be able to start routing all USA-international traffic through in-house supernodes where the stream could be tapped. (Anyone want to correct me? Clarify?)

Re:Skype has to change for eavesdropping law (1)

arivanov (12034) | more than 6 years ago | (#20284013)

Why USA-international? International-international is more interesting.

This approach allows picking up traffic between two ids of interest to someone with a suitable request. If some unspecified USA institution wants to know all conversations between XXXZZZ in Russia and ZZZXCC in France they can do it and there is dickshit any of these can do about it besides stopping to use Skype.

By the way, personally, I think that Skype has had that for a very long time and it is indeed bogus coding of the auth module this time.

Re:Skype has to change for eavesdropping law (1)

Burz (138833) | more than 6 years ago | (#20284049)

The law says any traffic routed through USA can be eavesdropped, so I was being simplistic when I said USA-International.

AFAIK the surveillance Skype could do up to this point was only at a POTS interface (SkypeOut or SkypeIn). Otherwise, the P2P calls were 'secure' with only the source & dest identities and call length being known to 3rd parties.

Re:Skype has to change for eavesdropping law (1)

Doc Ri (900300) | more than 6 years ago | (#20287091)

Why USA-international? International-international is more interesting.

Not enough that my boiler leaks, now you made my head spin. International. I'd say.

Re:Skype has to change for eavesdropping law (1)

raju1kabir (251972) | more than 6 years ago | (#20284025)

It probably has more to do with Skype retooling for eavesdropping requirements under the new wiretap law. Skype handles a lot of international traffic, encrypted and often in a P2P fashion, so a major change is necessary in order to comply.

You remind me of my mother. Every time she hears a click on the phone, she thinks it's the CIA spying on her.

What she doesn't seem to get is that the CIA isn't some kid hanging from her drainpipe and fiddling with alligator clips. When they listen in on your phone, you don't know about it.

Same with Skype. If they were to install CALEA compliance software, it would certainly not result in two days of downtime. There would be no outside sign that it had ever happened.

Re:Skype has to change for eavesdropping law (2, Insightful)

ultranova (717540) | more than 6 years ago | (#20285521)

What she doesn't seem to get is that the CIA isn't some kid hanging from her drainpipe and fiddling with alligator clips. When they listen in on your phone, you don't know about it.

Unless, of course, they want her to know about it, in order to encourage self-censorship.

Same with Skype. If they were to install CALEA compliance software, it would certainly not result in two days of downtime. There would be no outside sign that it had ever happened.

Again, you're assuming that secrecy is desired. It isn't. If you make people think they are being watched at all times (which is simply impossible - there's no way to process that much data in any useful manner), they will soon start avoiding all behavior which, while legal, might be potentially embarassing or suspicious if brought to light. You don't need to remove all privacy, you just need to make people think that they have no privacy in order to reap the benefits.

Never attribute to incompetence that which is adequately explained by malice.

Re:Skype has to change for eavesdropping law (1)

Burz (138833) | more than 6 years ago | (#20287621)

One of the reasons the gov't is panicking over non-telephony (non-POTS) traffic is that much of it is encrypted and cannot be spied on without extremely complicated measures employed by all/any digital carriers involved.

So, of COURSE the NSA can tap POTS lines without callers having the slightest suspicion. But as soon as the connections become IP-IP (and P2P) with strong modern encryption, then they are sent flat on their asses. In Skype's case nothing will help them with that signal other than a significant re-working of the service which allows, say, a supernode to act as a man-in-the-middle between what would otherwise be an uncrackable P2P link.

Re:Skype has to change for eavesdropping law (1)

raju1kabir (251972) | more than 6 years ago | (#20287669)

In Skype's case nothing will help them with that signal other than a significant re-working of the service which allows, say, a supernode to act as a man-in-the-middle between what would otherwise be an uncrackable P2P link.

1) Uncrackable my ass.

2) What on earth makes you think that the only way to make these changes is to knock the whole system offline for two days? I cannot conceive of any situation in which that would be necessary or even helpful.

Re:Skype has to change for eavesdropping law (1)

Burz (138833) | more than 6 years ago | (#20288531)

1) No one has a shred of evidence that the NSA can crack freely-available crypto. And there is no theory that would make it plausible/practical.

2) Because nothing like it has been done before, and eBay (the parent company) has been knocked offline for nearly as long even after attempting far more trivial changes to their auction system.

Skype originally only had to provide access to the POTS interfaces because that's all that CALEA covered; and that was easy since POTS is unencrypted and its already been done for decades. But now the law applies to all international information that passes through the USA... POTS, VOIP or DATA.

Re:Skype has to change for eavesdropping law (1)

raju1kabir (251972) | more than 6 years ago | (#20288587)

1) No one has a shred of evidence that Skype is still using the crypto that they had audited years ago. Or, really, that they ever were.

2) Huh? Nothing like adding auditing and tapping to a data stream has ever been done before? I don't even know how you can say that.

Lost in translation (1)

dominious (1077089) | more than 6 years ago | (#20281253)

Did Russian Hackers Crash Skype?
No. According to the article they were burglars!

I dunno, but I wish they'd figure out how to crash (0)

Anonymous Coward | more than 6 years ago | (#20281261)

Cory Doctorow's stupid, stupid haircut.

They hired DoS specialists against their own users (4, Interesting)

rpp3po (641313) | more than 6 years ago | (#20281295)

Skype's login servers usually don't carry much load compared to the mass of traffic routed directly between all nodes via P2P. My guess is they just got overrun because they were not prepared for the worst case: ALL clients trying to connect AT THE SAME TIME to their master. I bet Slashdot wouldn't be prepared for all of its users connecting at the same time, either. But it needs not to. It is never going to happen (why should it? - well how about December 1st, 1AM UTC everybody?). With Skype it's different. They should have been prepared for the case, that whenever their network would be down for whatever reason all clients would try to connect concurrently! Obviously they weren't prepared. If you watched the aftermath closely you could see that they started filtering by IP on day two. Only a certain number of clients were allowed to connect per IP range. They probably hired super expensive DoS emergency contractors to get this back up. A hack is still possible, but I rather guess that it brought the network down, but did not keep it from coming back up. That was Skype's own fault.

Re:They hired DoS specialists against their own us (1, Funny)

Anonymous Coward | more than 6 years ago | (#20281561)

Sorry, I won't be awake at 0100 UTC on that date. Maybe a different time?

Re:They hired DoS specialists against their own us (1)

hobbes75 (245657) | more than 6 years ago | (#20284277)

Try (on windows)

schtasks /Create /TN slashdot /SC ONCE /SD 01/12/2007 /ST 01:00:00 /TR "wget -m http://slashdot.org/ [slashdot.org] "

adjust for timezone and make sure to have wget installed, then you can read it offline when you come back another time ;-)

Re:They hired DoS specialists against their own us (1)

normuser (1079315) | more than 6 years ago | (#20281799)

I bet Slashdot wouldn't be prepared for all of its users connecting at the same time,[...] how about December 1st, 1AM UTC everybody?).

I`ll be there.
*marks calander*

Re:They hired DoS specialists against their own us (1)

kebes (861706) | more than 6 years ago | (#20282703)

I find the "technical glitch" explanation quite a bit more plausible than the "Russian hacker" story. I use Skype a fair amount, and I find it rather flaky. Part of the problem is certainly on the user end (people with mediocre internet connections drop out frequently), but a large part is also the fault of Skype. For instance the Linux client lags significantly behind the Windows/Mac version, both in terms of features (e.g. video support) and bugfixes (e.g. random audio dropout). The network is also routinely flaky: sometimes users won't show up as online even though they are (hilariously, you can be in a conversation with a person who is marked offline!).

Now I don't mean to complain, since it is a very useful tool that has been a real help to me... and it is free-of-charge after all. However Skype network problems are, in my experience, not isolated but rather persistent.

(Note: If anyone has had good experiences with alternatives to Skype, that are multi-platform and support voice conferencing of 4-8 people, please let me know!)

Re:They hired DoS specialists against their own us (2, Informative)

FireFury03 (653718) | more than 6 years ago | (#20284435)

I use Skype a fair amount, and I find it rather flaky.

Why don't you switch to an open protocol which might not be so flakey?

If anyone has had good experiences with alternatives to Skype, that are multi-platform and support voice conferencing of 4-8 people, please let me know!

Set up a CallWeaver server. I use CallWeaver as my server and Ekiga as my softphone and it works fine (also a UTStarCom F1000G as a WiFi phone, but I have all sorts of problems with that owing to UTStarCom's flakey firmware which they won't fix). At my old job we found that SJPhone and X-Lite were reasonable alternatives to Ekiga for the Windows users (although there is a Windows version of Ekiga but my experience is that it's not entirely stable).

You can also use one of the many SIP/PSTN gateways, such as VoIPUser, to gateway calls in from the PSTN if not everyone is able to use VoIP.

Re:They hired DoS specialists against their own us (1)

Doc Ri (900300) | more than 6 years ago | (#20287133)

I use Skype a fair amount, and I find it rather flaky.

Agreed, odd things happen from time to time. However:

hilariously, you can be in a conversation with a person who is marked offline!

Never observed this -- maybe your contact was "invisible"?

Re:They hired DoS specialists against their own us (3, Funny)

Smauler (915644) | more than 6 years ago | (#20283441)

I bet Slashdot wouldn't be prepared for all of its users connecting at the same time, either. But it needs not to. It is never going to happen (why should it?)

I believe you are discounting the possibility of the actuality of Natalie Portman and Hot Grits.

Re:They hired DoS specialists against their own us (3, Insightful)

FireFury03 (653718) | more than 6 years ago | (#20284377)

My guess is they just got overrun because they were not prepared for the worst case: ALL clients trying to connect AT THE SAME TIME to their master.

This is a pretty good example of why centralised network topologies such as Skype, MSN, etc. are a really Bad Idea. It doesn't take much to take down the entire network.

SIP, XMPP, SMTP, etc are all examples of distributed topologies - there is centralised service required(*) for these networks - if one service provider's network falls over it only affects a small number of users rather than taking out *all* the users using that protocol.

(* Yes, they all require the root name servers, but these days the root name server architecture is pretty resillient through the use of technologies such as anycase. Certainly a lot more resillient than any one organisation could hope to achieve for their own propriatory protocols).

They should have been prepared for the case, that whenever their network would be down for whatever reason all clients would try to connect concurrently!

This is not really a question of preparation - it's a question of a sensible network design. The Skype network (and most other propriatory services) is a flawed design _because_ they want to have control of every aspect of the network. Open protocols are generally designed to allow interoperation of independent autonomous networks so an outage of this magnetude is pretty much impossible.

Typo... (1)

FireFury03 (653718) | more than 6 years ago | (#20284445)

Oops:

there is centralised service required

Clearly I meant *NO* centralised service required :)

Re:They hired DoS specialists against their own us (0)

Anonymous Coward | more than 6 years ago | (#20287041)

AFAIK Skype is as P2P as any other VoIP system and only uses a centralised system for authentication or how else are you going to do that? Super nodes then take over the load once they start to get up and running.

Getting the super nodes back up and running again with the millions of people trying to reconnect is like a mother of Monday mornings when everyone comes into the office and more or less logs in at the same time.

Now why the super nodes all went down is another matter that no-one is clear about.

interesting (-1, Troll)

Anonymous Coward | more than 6 years ago | (#20281321)

isn't skype that open source shitcode used for voip? if such a faggot system was to be dropped to it's knees by some hackers [no pun intended] i guess there would be a big drop in the new cases of aids.

you see, fags are the leading reason that we still need to deal with aids today. if all of these fudge packers would just kill themselves we'd have much less to worry about. fags are a plague on society and skype is part of that endless system of fags and their converting others to faggotness.

i don't know about god but i hate fags.

Re:interesting (0, Offtopic)

rpp3po (641313) | more than 6 years ago | (#20281357)

being afraid of fags is fag

Re:interesting (0, Flamebait)

yourmomisfasterthana (1097719) | more than 6 years ago | (#20283045)

shut up you flaming bundle of sticks.

Re:interesting (0)

Anonymous Coward | more than 6 years ago | (#20281565)

So, kick the habit--give up cigarettes. Learn to spell "its" properly in context, and capitalize. And stop leaving your butts at outside doors! (We hate the sin, not the sinner.)

Re:interesting (0, Offtopic)

fbartho (840012) | more than 6 years ago | (#20281851)

Speak for yourself! I hate the (cigarette dropping) sinners. I worked one summer at a small general store, and I hated the days I had to spend in the sun out front picking up people's dropped cigarette butts, pulling them out of mulch and bushes and from between the sidewalk cracks. Just to make the place look good. We did have ashtrays specifically for tossing them, but no, the smokers just dropped them wherever.

Re:interesting (0)

Anonymous Coward | more than 6 years ago | (#20282659)

the world is my ashtray!

Re:interesting (0)

Anonymous Coward | more than 6 years ago | (#20283207)

Your sig "Gravity Sucks, get used to it" seems applicable somehow.

Re:interesting (0, Offtopic)

Smauler (915644) | more than 6 years ago | (#20283577)

I don't know why I'm replying to someone completely OT who was replying to two trolling Anonymous cowards...

Firstly, don't feed the trolls.

Secondly, people who just drop cigarette butts sometimes have nowhere else to put them. I know that when I smoked, I didn't just drop them - I looked for a bin, or one of those smoking things, and would actively search out somewhere to get rid of my cigarette butt. Others thought me stupid, but I find littering in all it's forms offensive. I often ended up with butts in pockets so that I could throw them away later. More bins are very useful for people who just drop otherwise. Some people will be inconsiderate with litter whether they are smokers or not, it's just easy to blame smokers and categorise them all for their obvious debris, whereas it's not as easy to pinpoint the general litterer.

Re:interesting (0)

Anonymous Coward | more than 6 years ago | (#20287103)

Man, I'm just the same except for the butts in pockets??!!!

Re:interesting (1)

razpones (1077227) | more than 6 years ago | (#20287435)

Mr. troll FYI Skype is closed source.

fake? (5, Informative)

arghblubber (948051) | more than 6 years ago | (#20281381)

Re:fake? (1)

shird (566377) | more than 6 years ago | (#20283299)

They seem to be picking apart the perl script as not working. But whos to say they attacker didn't just run the command manually, then write the perl script afterwards (albeit with bugs) as a means of 'publishing' the exploit. It's a pretty common thing to do. Work out an exploit by hand and run it a few times, and then try and wrap it up nicely in a script for the kiddies and publishing etc.

Linus is right (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#20281385)

I am with Linus on this one. For the life of me I can't understand what this sucking up to RMS is about. Linus himself does not think GPLv3 is a good thing. So why do people keep adopting it.
Without Linus FOSS is tossed. Not following Linus is dangerous for the survival of FOSS.

Re:Linus is right (0)

Anonymous Coward | more than 6 years ago | (#20285207)

i blame it on the drugs

It's OK folks! (2, Funny)

goldspider (445116) | more than 6 years ago | (#20281431)

They were just expressing their frustration with the expanding influence of capitalism. In the future, we should try to react to protests like this with a little understanding.

it was Yetis! (1, Funny)

ILuvRamen (1026668) | more than 6 years ago | (#20281437)

Sunspot activity caused yetis to go crazy and attack several servers and that did it. Seriously, I saw it on a blog written in Swedish so it must be true! Seriously, lots of Russians are egotistical liars, keep it real, people. There's one thing they're good at and that's making fake documentation for stuff.

coincidence? (5, Informative)

TheSHAD0W (258774) | more than 6 years ago | (#20281477)

I bet people are trying exploits against Skype (and other popular servers and services) all the time. If someone tries something funny, and the system crashes a few seconds afterwards, they may assume they were the cause.

Another Soviet Russia comment (2, Funny)

kylehase (982334) | more than 6 years ago | (#20281691)

In Soviet Russia we crash Skype. Wait... that doesn't seem right.

Re:Another Soviet Russia comment (1)

erKURITA (1114707) | more than 6 years ago | (#20281821)

You just crapped yourself. The joke would have gone better if you would have said: "In Soviet Russia, Skype crashes YOU!". gb2/b/

Re:Another Soviet Russia comment (0)

Anonymous Coward | more than 6 years ago | (#20281917)

NO U

These coding arguments are funny (1)

nelsonen (126144) | more than 6 years ago | (#20281945)

Because unless both sides are right, which is unlikely, it means one side is wrong, and doesn't know how to code in very basic ways. Which is why so much software fails.

Re:These coding arguments are funny (1)

TheLink (130905) | more than 6 years ago | (#20283645)

Uh, both sides could be wrong.

You're not a coder are you? ;)

Don't know about russia (0)

Anonymous Coward | more than 6 years ago | (#20282601)

but reading this article is probably not allowed in Germany.

- a guy residing in Germany

What really happened !!! (2, Interesting)

Anonymous Coward | more than 6 years ago | (#20283199)

It wouldn't surprise me to learn that Skype shut down their OWN servers at the request of
a "big Brother" agency, for the purpose of installing "Big Brother" software on both the
server(s) and eventually the clients (because now a trojan is installed) into everyone's
system with a "knock knock" protocol that would activate a "wiretap" to capture your
voice, images, and text. That's why we had to DL that "new copy" they wanted us to have.

Now I know you folks think I'm full if shit... I hope the heck I am but there is now
something the "skype hackers" can check out to see if it's really true. I suppose a really
good reverse engineering effort would find something like that.

Why would the Russkies want to mess up Skype, they use it more then anyone else.

Re:What really happened !!! (0)

Anonymous Coward | more than 6 years ago | (#20285811)

That was my first idea as well. Skype simply became far to popular and usefull for ?o ?uch ?gency to ignore. I bet Skype is now fully integrated in whatever mechanisms exist to wiretap folk around the planet.

Re:What really happened !!! (1)

g-san (93038) | more than 6 years ago | (#20286769)

Interesting. You should be able to detect outbound traffic though. Since it is a p2p system, there is not central location to tap. If your call is being sent somewhere else, you will see additional traffic when making calls. Now taking a trace of skype while it is in hub mode is pretty messy, but there would be enough of a pattern to detect if you made a few calls. Like, hmmm, why does skype always connect to 198.81.129.100 in addition to the person I am calling, no matter who I call? Something like that would be quickly detected.

Name Change (1)

Soiden (1029534) | more than 6 years ago | (#20283397)

Maybe they just wanted to changed its name to Russkype.

Skype and Patriot act maybe not hackers? (1, Interesting)

goga_russian (544604) | more than 6 years ago | (#20283519)

Original author: Mathaba Skype Problems: Coincidence or Result of Architecture Fix for the U.S. State? Posted: 2007/08/17 From: Mathaba Is it considerable coincidence, or a sign of modifications which would inevitably be difficult to execute without significant disruption? Around 2 weeks ago the Bush administration pushed through Congress a law to bolster the government's ability to intercept electronic communications without a court order. The so-called Protect America Act, which passed both the House and Senate by wide margins just before Congress went on its August recess, allows the government to intercept the phone calls and e-mails of people in the United States who communicate with people overseas, and for the first time, allows the government to intercept communications between foreigners which are merely routed through the United States, as well as conversations of Americans traveling abroad. The new law expanding the government's spying powers gives the Bush Administration a six-month window to install possibly permanent back doors in the nation's communication networks. Prior to the law's passage, the nation's spy agencies, such as the National Security Agency and the Defense Intelligence Agency, didn't need any court approval to spy on foreigners so long as the wiretaps were outside the United States. Now, those agencies are free to order services like Skype, cell phone companies and arguably even search engines to comply with secret spy orders to create back doors in domestic communication networks for the nation's spooks. Other nations like Australia have similar legislation in place already or on the books. Skype presents a challenge to spooks, not so much because of its alleged encryption which could possibly be broken by backdoor access or weaknesses in a system that has not received much independent review and is updated almost daily, but because of its essential peer-to-peer (P2P) nature which makes monitoring of communications more difficult. To enable compliance with the new U.S. laws, which also include that the service providers such as Skype are not allowed to report these activities and are to be immune from prosecution claims for example for violation of the U.S. constitutional or legal rights to privacy, it would be necessary to ensure that the Skype super-nodes are upgraded with software modifications to ensure more centralised routing and easier access to monitoring. The fact that Skype has not had a serious outage in many years of operation until just two weeks after the passage of this new law could be mere coincidence, but otherwise could point to just such upgrades and modifications having been performed, and gone wrong. Messing with the Skype super nodes is no light matter, and the Skype P2P technology developed in Estonia was a closely guarded secret. U.S. company eBay, which owns also PayPal, faces allegations of compromise on security and privacy issues. It purchased Skype for some 5 billion dollars last year. Most of the original Skype programmers have since left the company and changing the P2P algorithms to allow compromise could be a tricky and risky business whilst around 8 million users are online, and may have simply gone wrong. The choice of words by Skype in revealing its problems - software and "algorithms" - also lends credence to this theory: algorithms are typically used in automated encryption systems. The original Skype protocol which had received an independent review and generally received the thumbs up for security implementation has long since been modified hundreds of times with automatic updates to most clients now being in force, thus there would be nothing to guarantee that those systems had not since been hopelessly compromised. Skype's C.E.O. had promised an interview with Kurt Sauer for Mathaba News last year, but the interview never materialised. Several attempts were made to establish communication, but were ignored. When it was brought to his direct attention that a company with significant Israeli involvement was compromising the security of Skype users passwords, no response to the concerns was given and the company in question progressed to be an integral part of the Skype extras included for download. http://www.skype-news.com/ [skype-news.com] http://mathaba.net/0_index.shtml?x=561193 [mathaba.net]

Re:Skype and Patriot act maybe not hackers? (2, Informative)

RAMMS+EIN (578166) | more than 6 years ago | (#20284631)

Man, you ever notice that return key on your keyboard? You should use it once in a while...

Re:Skype and Patriot act maybe not hackers? (0)

Anonymous Coward | more than 6 years ago | (#20285431)

copy-pasted off the website?

  some clients such as old IE do not handle copying
  paragraphs properly and give you one continous paragraph.

Impatient Conspiracy Theorist (0)

Anonymous Coward | more than 6 years ago | (#20284357)

This thread is just plain funny. Skype says on it's front page: "On Monday, well provide a more detailed explanation of what happened." (www.skype.com). You just couldn't wait to create this /. after that...

Just watch the Skype blogs... (2, Informative)

vistic (556838) | more than 6 years ago | (#20284363)

The Skype blog [skype.com] had info being posted all during the outage, and will have a summary of what happened soon. They never indicated it was anything related to any outside intrusion.

Re:Just watch the Skype blogs... (2, Insightful)

raju1kabir (251972) | more than 6 years ago | (#20287711)

The Skype blog had info being posted all during the outage, and will have a summary of what happened soon. They never indicated it was anything related to any outside intrusion.

Then you know it's true; nobody's ever lied on a blog before.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...