There’s no evidence that anyone, human or machine, is reading your confidential messages.” It will then use that information to help determine whether that link is legit. He calls Heise’s suspicions “a pretty dramatic conclusion, based on very thin evidence.” He is reasonably certain, he says, that the Microsoft IP concerned “is part of Microsoft’s SmartScreen infrastructure, which the company uses to identify suspicious and dangerous URLs so that it can block malware, phishing sites, and spam in Internet Explorer,, and other Microsoft services.”īott suggests that, “If you share a URL in a Skype instant message, there’s a possibility (not a guarantee, just a chance) that a SmartScreen server will ask for more information about the server from which that URL originated. For more information about Skype’s privacy policy, please visit: ”Įd Bott, writing in ZDNet, concurs with Microsoft's statement. “Spam and phishing sites are not usually found on HTTPS pages,” it notes.Ī spokesperson from Skype at Microsoft told Infosecurity: “Skype uses automated scanning within Instant Messages and SMS to (a) identify suspected spam and/or (b) identify URLs that have been previously flagged as spam, fraud, or phishing links. Heise contacted Microsoft who said that the company scans messages to filter out spam and phishing websites. In visiting these pages, Microsoft made use of both the login information and the specially created URL for a private cloud-based file-sharing service.” “HTTP URLs, by contrast, were not accessed. “URLs pointing to encrypted web pages frequently contain unique session data or other confidential information,” says the blog posting. What concerned Heise was that only the ‘secure’ HTTPS URLs were visited – HTTP URLs were ignored. A few hours later Heise found that these URLs had also received visits from “from an IP address registered to Microsoft in Redmond.”
Heise ran a test for itself, including two HTTPS URLs within a Skype session. Heise goes on to explain that a reader “had observed some unusual network traffic following a Skype instant messaging conversation.” When he looked into it, he found that an IP belonging to Microsoft had accessed the HTTPS URLs that had just been transmitted in his Skype conversation. The Skype terms of use state that the company can do this, but “The H's associates in Germany at Heise Security have now discovered that the Microsoft subsidiary does in fact make use of this privilege in practice.” Yesterday Heise Security (an English language blog linked to the German Heise Online) published a suggestion that Microsoft is reading users’ Skype messages.
0 kommentar(er)
