lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 20 Aug 2007 14:05:32 -0700
From: "Marc Maiffret" <mmaiffret@...e.com>
To: "Steven M. Christey" <coley@...re.org>,
	<bugtraq@...urityfocus.com>
Subject: RE: Skype Network Remote DoS Exploit

Apologies if someone already posted the obvious question but:

How come this Patch Tuesday was different for Skype? 

Why didn't the last Patch Tuesday, which had the same rebooting
requirements as any other Patch Tuesday, cause the same problem with
Skype? What was different about this Patch Tuesday? Anyone seen Skype
give an explanation of that yet, as I'm assuming someone already asked
that question, hopefully.

-Marc

> -----Original Message-----
> From: Steven M. Christey [mailto:coley@...re.org] 
> Sent: Monday, August 20, 2007 10:39 AM
> To: tecklord@...ocom.cv.ua; bugtraq@...urityfocus.com
> Subject: Re: Skype Network Remote DoS Exploit
> 
> 
> The outage being experienced by Skype was apparently due to 
> massive simultaneous reboots and reconnects after systems 
> installed their Windows patches.
> 
> from 
> http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html:
> 
>    The disruption was triggered by a massive restart of our users'
>    computers across the globe within a very short timeframe as they
>    re-booted after receiving a routine set of patches through Windows
>    Update.
> 
>    The high number of restarts affected Skype's network resources.
>    This caused a flood of log-in requests, which, combined with the
>    lack of peer-to-peer network resources, prompted a chain reaction
>    that had a critical impact.
> 
> I wonder how many other services are impacted by simultaneous 
> Windows scheduled updates.
> 
> Anyway... given that this was going on at the time the 
> SecurityLab.ru exploit was released, and the exploit only 
> claims a DoS (and only seems to make a series of requests to 
> long URIs), was the exploit actually effective, or was the 
> "DoS" just part of the larger outage?
> 
> - Steve
> 
> 

Powered by blists - more mailing lists