> As long as you didn't use any of the original Skype code, you have nothing to fear (if you're based in Europe)
The original Skype code is clearly not available to anyone outside the original Skype team or some team inside Microsoft. What is publicly available is a binary that is produced from this code.
Just pointing out that even if your Skype password is random, secure and not shared with any other service, somebody could gain access via this mechanism.
Wow. I had a similar experience with Skype too. They couldn't care less that someone had got access to my account and made calls. The attacker even added his own mobile number (in a different country) but Skype wouldn't bother investigating or escalating...
> Skype is a standalone application where the only account you need is a Skype one, which is free, and isn't tied to any personal information other than an e-mail address.
When Microsoft bought Skype, I seem to recall them requiring all new users to use a Microsoft account instead of a Skype account. That isn't the case now, and it may have just been a confusing installer at the time, but it's a concern.
> It's inevitable people will reverse engineer the client, as was done with MSN, Y! Messenger, and AOL.
I hope you're right, but to my knowledge, this has never been done with Skype, and to this day you can only call a Skype-using friend/colleague if you use the official, closed-source Skype client. So let's not be sanguine.
This is fantastic news - Skype is a decent product, and fairly universal, but it also happens to be NSA spyware. I'll now use it, because it's sandboxed within a web page!
As is well known, Microsoft deliberately removed the encryption from Skype, making it just another insecure platform for communicating and vulnerable to censorship.
Pretty sure Microsoft never advertised Skype as something they couldn't intercept, so you probably shouldn't have been using it for anything you wouldn't say over the phone line in the first place.
And as a result you'd have missed out on Skype's tap dancing and sidestepping around the issue. This submission also promotes a key issue: your Skype account is for life, or at least until Skype becomes passé and irrelevant, and shuts down.
Before reading this thread, I was one of those unfortunate chaps who still assumed Skype was P2P. What's the preferred alternative that's actually secure?
Skype was never meaningfully secure; the code wasn't open and you had to trust their servers to handle authentication. (And IIRC the best-guess reverse engineering of the crypto looked to be RC4, which while not outright broken is not a massively secure cipher).
I never used Skype again after they stole my credit (about 9€). No excuse when they could have emailed or otherwise told me it was going to expire, I only found out when I needed to use it...
IANAL either, but as far as I know a clean-room reverse engineering (like the Samba guys did) should be pretty safe. Of course, other reverse engineering techniques (e.g. disassembling or decompiling) are pretty illegal.
Also, the ToS for Skype may forbid the use of inofficial clients, and users using these might be locked out of the service if Skype finds out and cares.
Skype is switching to use Microsoft Accounts, which have security questions and 2-factor auth. This vulnerability is only for people who haven't switched yet.
reply