Re: Skype API Ap2Ap Stream Creation Flaw
- From: Stephen Samuel <samnospam@xxxxxxxxxxx>
- Date: Mon, 21 Aug 2006 13:28:46 -0700
Other than the fact that this takes advantage of skype's built-in encryption, I don't see how this is that much different than any other network-capable application being built with backdoors and call-home capability.
vizig0thblitz@xxxxxxxxx wrote:
An application-to-application stream can be created between two Skype clients without having established normal communications between them and both Skype client's contact lists are empty. With this ability any Skype enabled application can create a convert communication stream to a central server. This can only occur, of course, if the user voluntarily installs the application. Therefore, the main attack vector for this functionality is to create a legitimate Skype-enabled application, have the user install the application, and once the user starts the application make a covert connection to a central server. Once the connection to the central server is made, additional software can be downloaded and installed on the target computer via the application-to-application stream.. . . . .
Scenario Setup:
The following will be needed to recreate the scenario:
1.Two computers with Skype installed and two separate Skype Ids that have had no communication between them.
2.A copy of SkypeTracer installed on each computer.
Scenario Steps:
--
Stephen Samuel +1(778)861-7641 samnospam@xxxxxxxxxxx
http://www.bcgreen.com/
Powerful committed communication. Transformation touching
the jewel within each person and bringing it to light.
- References:
- Skype API Ap2Ap Stream Creation Flaw
- From: vizig0thblitz
- Skype API Ap2Ap Stream Creation Flaw
- Prev by Date: Skype API Ap2Ap Stream Creation Flaw
- Next by Date: Re: "Moving" Stack: my poor return address!
- Previous by thread: Skype API Ap2Ap Stream Creation Flaw
- Index(es):
Relevant Pages
|
|
