Skype blames downtime on Patch Tuesday re-start, not hackers

Share this article:

"The high number of re-starts affected Skype’s network resources," the company said on its Heartbeat blog. "This caused a flood of login requests, which, combined with the lack of peer-to-peer network resources, prompted a chain reaction that had a critical impact."

The company said normally the service can withstand this type of event through an "inbuilt ability to self-heal." However, the incident, which began Thursday, unearthed a vulnerability in the services’ network resource allocation algorithm, which prevented the self-healing component from working.

Skype’s announcement today dispelled rumors that hackers were responsible for the DoS attack. A poster on a Russian forum claimed the crash was caused by exploiting a buffer overflow vulnerability by sending malformed requests to Skype’s authorization server. The exploit code was posted on a Romanian website.

"We can confirm categorically that no malicious activities were attributed or that our users’ security was not, at any point, at risk," the company said, adding that it has instituted software improvements to prevent a similar incident from happening in the future.

Peter Thermos, chief technology officer of Palindrome Technologies and a VoIP expert, told SCMagazine.com that he finds it odd that a buffer overflow exploit was revealed, but the outage was blamed on Microsoft security updates.

"If [a crash due to patch updates] happened, I’d assume it would happen when Skype was taking off, when they were beginning to become well-known as a peer-to-peer communications company," he said.

Since its launch about four years ago, Skype has faced its fair share of criticism from security experts. Last year, the Burton Group recommended enterprises should evaluate whether the closed-source Skype fits into their information protection posture.

In March, variants of the Stration worm used Skype as a vector to spread.

Experts have warned internet telephony is at risk to such threats as toll fraud, eavesdropping and phishing.

"This disruption was unprecedented in terms of its impact and scope," Skype said. "We would like to point out that very few technologies or communications networks today are guaranteed to operate without disruptions."

Skype, owned by eBay, reportedly has more than 200 million registered users.

 

Click here to email reporter Dan Kaplan.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Researchers observe more than a hundred connections to 'Backoff' sinkhole

Researchers with Kaspersky Lab were able to sinkhole two command-and-control servers used by certain Backoff point-of-sale malware samples.

Judge lifts stay but Microsoft won't hand over emails during appeal

A judge has lifted a suspension of a previous order compelling Microsoft to hand over customer emails stored on a server in Ireland.

Home Depot investigates possible payment card breach

Home Depot investigates possible payment card breach

Home Depot said on Tuesday that it is working with its banking partners and law enforcement to investigate a possible data breach.