lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAJB2JzuxgSAGdtkzQtU85bjMoLGrGbaEAiMnW9Fjg3_VKK=1CQ@mail.gmail.com>
Date: Mon, 13 Feb 2012 14:21:21 +0100
From: Mario Vilas <mvilas@...il.com>
To: Osama Bin Error <oerror@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Skype v. 5.x.x - information disclosure

Good find. I think it should also be possible to disable the "delete
*" command with triggers, as a nice way to backdoor the database
(almost non intrusive compared with installing rogue plugins, and the
user isn't likely to ever find out).

On Mon, Feb 13, 2012 at 11:25 AM, Osama Bin Error <oerror@...il.com> wrote:
> Title:
> ======
> Skype v. 5.x.x - information disclosure
>
> Date:
> =====
> 2012-02-13
>
> Introduction:
> =============
> Skype is a proprietary voice-over-Internet Protocol service and
> software application.
>
> Abstract:
> =========
> We have discovered improper chat logs handling, which cause in logs
> accessibility even if user had enabled "no history" option in "Keep
> history for" settings or even destroy it manually with "Clear history"
> button.
>
> Report-Timeline:
> ================
> 2012-02-13:     Public Disclosure
>
> Status:
> ========
> Published
>
> Exploitation-Technique:
> =======================
> Local
>
> Severity:
> =========
> Low
>
> Details:
> ========
> As mentioned in the Skype FAQ
> (https://support.skype.com/en-gb/faq/FA140/Managing-your-privacy-settings-Windows):
> "You can choose how long to keep your conversation history for, or
> delete it altogether.
> 1. To change your history settings, in Skype from the menu bar click
> Skype > Privacy.
> 2. Below Keep history for, click on the drop-down list and select the
> amount of time you would like your history to be saved for.
> Choose from forever, 3 months, 1 month, 2 weeks or no history at all.
> 3. To delete your conversation history, click Clear history. This
> removes your entire history, including instant messages, calls,
> voicemails, text messages, sent and received files. If you delete your
> conversation history, you cannot recover it."
>
> This sounds safely, but in fact Skype stored all incoming and outgoing
> chat messages into local sqlite3 DB (file main.db, table Messages), in
> plain text. Even if "Keep history for"->"no history" option in
> Settings->Security is enabled, Skype write all your data into Messages
> table, but executes "delete * from Messages"  after program exit. This
> command will destroy messages at logical level in DB, but in fact, in
> physical level all messages data stay alive (blocks in the DB file
> only marks as destroyed), and simply can be recovered even with text
> editor (as mentioned above, it is stored in plain text).
>
> Proof of Concept:
> =================
> In Windows XP, go to "C:\Documents and Settings\%user
> name%\Application Data\Skype\%Skype user name%" and open file main.db
> with text editor. All the ducks inside.
>
> Credits:
> ========
> Anonymous
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/



-- 
“There's a reason we separate military and the police: one fights the
enemy of the state, the other serves and protects the people. When the
military becomes both, then the enemies of the state tend to become
the people.”

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ