Skype blames downtime on Patch Tuesday re-start, not hackers

Share this article:

"The high number of re-starts affected Skype’s network resources," the company said on its Heartbeat blog. "This caused a flood of login requests, which, combined with the lack of peer-to-peer network resources, prompted a chain reaction that had a critical impact."

The company said normally the service can withstand this type of event through an "inbuilt ability to self-heal." However, the incident, which began Thursday, unearthed a vulnerability in the services’ network resource allocation algorithm, which prevented the self-healing component from working.

Skype’s announcement today dispelled rumors that hackers were responsible for the DoS attack. A poster on a Russian forum claimed the crash was caused by exploiting a buffer overflow vulnerability by sending malformed requests to Skype’s authorization server. The exploit code was posted on a Romanian website.

"We can confirm categorically that no malicious activities were attributed or that our users’ security was not, at any point, at risk," the company said, adding that it has instituted software improvements to prevent a similar incident from happening in the future.

Peter Thermos, chief technology officer of Palindrome Technologies and a VoIP expert, told that he finds it odd that a buffer overflow exploit was revealed, but the outage was blamed on Microsoft security updates.

"If [a crash due to patch updates] happened, I’d assume it would happen when Skype was taking off, when they were beginning to become well-known as a peer-to-peer communications company," he said.

Since its launch about four years ago, Skype has faced its fair share of criticism from security experts. Last year, the Burton Group recommended enterprises should evaluate whether the closed-source Skype fits into their information protection posture.

In March, variants of the Stration worm used Skype as a vector to spread.

Experts have warned internet telephony is at risk to such threats as toll fraud, eavesdropping and phishing.

"This disruption was unprecedented in terms of its impact and scope," Skype said. "We would like to point out that very few technologies or communications networks today are guaranteed to operate without disruptions."

Skype, owned by eBay, reportedly has more than 200 million registered users.


Click here to email reporter Dan Kaplan.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.