On Fri, May 17, 2013 at 07:31:24AM -0400, Rich Kulawiec wrote: > Everyone who thinks that's the *only* thing that Microsoft is quietly > doing behind everyone's back, raise your hand. > > And incidentally, the proffered rationale for this doesn't fly, given > that (a) they're only sending HEAD: actually scanning destination URLs > for malware et.al. would require fetching the whole page and (b) they're > only retrieving HTTPS URLs (per Heise) which is not what someone actually > looking for malware would do. Moreover (c) even if they classified > a URL as malicious, let's say https://example.net/blah, the recipient > of said URL is likely to access it via a data path outside their control, > thus -- unless they blocked it *inside* Skype -- they have no way to > prevent access to it and delivery of whatever malware payload awaits.
PR meltdown was eventually detected by the mothership Borgcube: http://www.heise.de/newsticker/meldung/Skypes-ominoeser-Link-Check-stillgelegt-1865275.html http://www.heise.de/security/artikel/Mehr-Fakten-und-Spekulationen-zu-Skypes-ominoesen-Link-Checks-1865370.html > Source code is truth; all the rest is smoke and mirrors, hype and PR. > If Microsoft had the *slightest* interest in telling y'all the truth, > then they would have answered the group letter earlier this spring with > code, not with glib prose crafted by a committee of talented spokesliars. > > ---rsk > > p.s. Heise's discovery is an existence proof that it's possible to > intercept the contents. Therefore we must presume that other entities > besides Microsoft may have this capability -- doubly so given that some > of those entities have not only the resources, but the motivation. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
