An exploit on Skype has been highlighted in a blog post by SkypeOpenSource and it runs through a process through which users might be able to obtain another user’s local and remote IP address. The IP address reveals a particular user’s city or country of origin but not other personal information like a name or a specific address. Nevertheless according to the blog post, it can be used to potential track down a user if a need such as a lawsuit arises. To start the process, you have to add the contact of a specific user with their exact name.
As opposed to sending contact information, you can click on the information card that will give you access to the user’s IP address. The process of getting another user’s IP address can only work if the intended user is also online. The only ways to protect against this process is by logging off your Skype when it isn’t in use or by applying a virtual private network which effectively cloaks your IP address. For a full list of the process you can click here to access the original blog post. Skype has been contacted for comment over this exploit and when they release a statement, we will let you know.
Update 4/30, 12:13PT – Skype has contacted Ubergizmo with this statement:
“We are investigating reports of a new tool that allegedly captures a Skype user’s last known IP address. This is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the safety and security of our customers and we are takings measures to help protect them.”