Confirmed: Microsoft Visits Links You Send In Skype
I have independently verified The H's claim that Microsoft can read everything you send in Skype. Last night, me and a friend (@RedragonX) planned to have a fake conversation over Skype, discussing a nonexistent Internet Explorer 0day exploit (I figured we might as well trip some DHS keywords). Halfway through the conversation, I shared a URL.
Here's what we said:
1 [9:36:33 PM] Winston Smith: Hey man 2 [9:37:00 PM] RedragonX: hey, hat is up 3 [9:37:07 PM] RedragonX: lol 4 [9:37:13 PM] Winston Smith: i found an IE8 0day want it? 5 [9:37:27 PM] RedragonX: hmm. ya right ..... 6 [9:37:34 PM] Winston Smith: seriously look her: https://defuse.ca/zvpebfbsg.htm 7 [9:39:08 PM] RedragonX: u didnt bypass aslr tho? 8 [9:39:25 PM] Winston Smith: that's only part of it, i have a rop exploit, ill email the whole thing to you 1sec 9 [9:39:34 PM] RedragonX: hmm ok 10 [9:39:38 PM] RedragonX: ty 11 [9:40:17 PM] Winston Smith: np i gtg now but have a look at it and tell me what you think.. try running it on some of your bots to see how reliable it is plz 12 [9:40:22 PM] Winston Smith: ttyl 13 [9:40:46 PM] RedragonX: ttyl
This morning, I checked my logs and found this:
1 220.127.116.11 - - [15/May/2013:23:03:54 -0600] "HEAD /zvpebfbsg.htm HTTP/1.1" 200 3930 "-" "-"
Someone ran a HEAD query on the URL 1 hour and 26 minutes after I sent it through Skype. Running a reverse DNS on this IP reveals that it does indeed have something to do with Microsoft:
1 52.65.in-addr.arpa. 3600 IN SOA ns1.msft.net. msnhst.microsoft.com. 2013051301 1800 900 7200000 3600
This shows that Microsoft has the ability to read Skype messages, and the hour of delay between the sending of the URL and Microsoft's request shows that they are (at least) storing some messages for over an hour.
I am running Skype version 18.104.22.168 (Linux). My friend is running Skype version 4.1 (Linux).