Practically right after message sendings in Skype in which the link on certain https a resource contained, the given resource has been visited with IP, belonging Microsoft HQ in Redmond, the USA.
It has been noticed that after transfer to a body of the message of the link, the traffic unusual to it distinguished by the server as potential attack of repeated reproduction is generated. In too time IP the address from which "malefactor" tries to get access under the link, belongs Microsoft.
Attempt to confirm suspicion for what in a message body two have been sent test https links has been undertaken. One contained the information for authorisation in system (login/password), and another conducted on private service fajloobmena, based in a cloud. Some hours after message sending in a broad gull have been fixed later the following inquiry about the server:
220.127.116.11 - - [30/Apr/2013:19:28:32 +0200] "HEAD /.../login.html?user=tbtest&password;=geheim HTTP/1.1"
According to Utrace, IP the address belongs Microsoft.
Thus, after transfer https links through Skype the server actively receives inquiries from server Microsoft. Basically links conduct on the ciphered pages containing the identifier of session, or other private information. The most interesting that not ciphered http links have not been visited by the nice company.
In given example Microsoft used both receptions — the inquiry to the server contained both sent pair login-password, and specially generated url on personal fajloobmennik.
«Skype can use mechanisms of automatic recognition in instant and sms to identify (a) potential spam and-or (b) URL-addresses which have been marked earlier as spam web sites, fishinga or swindlers. In certain cases Skype can select and manually check up instant or sms for the purpose of spam prevention.»
The representative of the company has confirmed that Miсrosoft scans messages for the purpose of revealing of spam and fishingovyh pages. However the explanation is not entered in the facts confirmed with practice.
Spamovye and fishingovye sites usually do not use https the report, however these links have been visited by representatives of the company bypassing usual http the pages which are not containing the private data in links.
It is interesting to notice that Skype uses a method head for inquiry formation to the server which, as a matter of fact, simply takes the information on a link validity
However for check on spam or fishing Skype it is necessary to analyze a page content.
In January 2013 civil legal group in structure Electronic Frontier Foundation and Reporters without Borders have sent Microsoft the post card. In it the companies have expressed anxiety that after re-structuring Skype, last is compelled to follow a letter of the law of the USA and to give access to the state agencies and secret services to the private information of users.
In the conclusion it would be desirable to notice that Microsoft, illogically, uses transferred through Skype the information how it will take in head. It is necessary for all users Skype to reflect, in what it can result, for now the company does not intend to open at all the plans on use of the received private data.
As it has been confirmed earlier, the links transferred through Skype are visited from servers Microsoft. Today it became known a little more, writes H-Security, however the new information has only generated more questions, than answers.
Let's remind that the visiting fact only HTTPS links after their transfer through Skype by practical consideration has been confirmed a bit later. This supervision has allowed to draw a conclusion that Microsoft uses the handed over information, including session and user identifiers. The given fact is confirmed today by several The independent Experts. It is necessary to notice that contrary to promises Microsoft, usual HTTP never will mention.
To one of hypotheses became that the given activity from the company is caused by new product SmartScreen Filter. However is a little nestykovok, for example:
Why check of links occurs to a delay at some o'clock, instead of instantly? Time is always critical, if we speak about spam, or fishinge, and check of "out-of-date" links at the best can result only to their documenting.
How Microsoft is going to estimate page without content loading? Then it turns out that the company cannot create a rating database only by means of HEAD inquiries.
Probably that the given inquiry is directed on revealing of potential redirections on already known "malicious" pages. However such redirections can be as in a page code (meta http-equiv = «refresh»), and are built in through usual iFrame but only HEAD check will not reveal these threats.
Let's notice that use SmartScreen Filter is completely documentary for Internet Explorer and described as it to disconnect, but not for Skype. As a result there is no official information that the given technology is used in Skype chats, and the main thing, there is no information how to disconnect it.
Anyhow, current introduction Microsoft of mechanisms of "safety" leaves much to be desired and possesses huge negative potential in area are sewn up personal data. At least, Microsoft should zadokumentirovat this funktsional and give the chance to the user to disconnect it.
P.S. Since last check has not arrived any HEAD inquiries from the company, we will be naedjatsja that they have considered a lesson and have switched off this feature, at least temporarily.
Similar tests with Google, Facebook and ICQ have not revealed similar activity.