It allows to keep PV going, with more focus towards AI, but keeping be one of the few truly independent places.
-
Anyone who uses Skype has consented to the company reading everything they write. The H's associates in Germany at heise Security have now discovered that the Microsoft subsidiary does in fact make use of this privilege in practice. Shortly after sending HTTPS URLs over the instant messaging service, those URLs receive an unannounced visit from Microsoft HQ in Redmond.
A reader informed heise Security that he had observed some unusual network traffic following a Skype instant messaging conversation. The server indicated a potential replay attack. It turned out that an IP address which traced back to Microsoft had accessed the HTTPS URLs previously transmitted over Skype. Heise Security then reproduced the events by sending two test HTTPS URLs, one containing login information and one pointing to a private cloud-based file-sharing service. A few hours after their Skype messages, they observed the following in the server log:
65.52.100.214 - - [30/Apr/2013:19:28:32 +0200]"HEAD /.../login.html?user=tbtest&password=geheim HTTP/1.1"
They too had received visits to each of the HTTPS URLs transmitted over Skype from an IP address registered to Microsoft in Redmond. URLs pointing to encrypted web pages frequently contain unique session data or other confidential information. HTTP URLs, by contrast, were not accessed. In visiting these pages, Microsoft made use of both the login information and the specially created URL for a private cloud-based file-sharing service.
In response to an enquiry from heise Security, Skype referred them to a passage from its data protection policy:
"Skype may use automated scanning within Instant Messages and SMS to (a) identify suspected spam and/or (b) identify URLs that have been previously flagged as spam, fraud, or phishing links."
This explanation does not appear to fit the facts, however. Spam and phishing sites are not usually found on HTTPS pages. By contrast, Skype leaves the more commonly affected HTTP URLs, containing no information on ownership, untouched
Via:
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Categories
- Topics List23,911
- Blog5,718
- General and News1,330
- Hacks and Patches1,148
- ↳ Top Settings33
- ↳ Beginners254
- ↳ Archives402
- ↳ Hacks News and Development56
- Cameras2,342
- ↳ Panasonic984
- ↳ Canon118
- ↳ Sony154
- ↳ Nikon95
- ↳ Pentax and Samsung70
- ↳ Olympus and Fujifilm98
- ↳ Compacts and Camcorders295
- ↳ Smartphones for video96
- ↳ Pro Video Cameras191
- ↳ BlackMagic and other raw cameras116
- Skill1,959
- ↳ Business and distribution66
- ↳ Preparation, scripts and legal38
- ↳ Art149
- ↳ Import, Convert, Exporting291
- ↳ Editors190
- ↳ Effects and stunts115
- ↳ Color grading197
- ↳ Sound and Music280
- ↳ Lighting96
- ↳ Software and storage tips266
- Gear5,407
- ↳ Filters, Adapters, Matte boxes344
- ↳ Lenses1,577
- ↳ Follow focus and gears93
- ↳ Sound496
- ↳ Lighting gear313
- ↳ Camera movement230
- ↳ Gimbals and copters302
- ↳ Rigs and related stuff271
- ↳ Power solutions83
- ↳ Monitors and viewfinders339
- ↳ Tripods and fluid heads139
- ↳ Storage286
- ↳ Computers and studio gear559
- ↳ VR and 3D248
- Showcase1,859
- Marketplace2,834
- Offtopic1,314
