[Infowarrior] - Skype outage....a weird explaination?
Richard Forno
rforno at infowarrior.org
Mon Aug 20 21:08:36 UTC 2007
Doesn't Windows reboot monthly when the new updates are installed? So
doesn't Skype have to deal with a monthly "flood of login requests" to its
services? While I've not looked into the matter that much, I find their
statement about what happened to be a bit.....weak. At least Securityfocus
called 'em on it in the last paragraph of the article below.
Thoughts? --rf
Skype: Outage prompted by Microsoft Update
Published: 2007-08-20
http://www.securityfocus.com/brief/572?ref=rss
Last week's two-day outage of the Skype voice-over-IP network was not caused
by an attack, but by a lack of resources available to the peer-to-peer
messaging technology due to Microsoft's monthly update, the Luxembourg-based
subsidiary of online auction giant eBay said on Monday.
On Thursday, August 16, Skype users had trouble connecting to the service,
which uses a peer-to-peer network to provide instant messaging,
voice-over-IP telephony and video chat capabilities. Skype identified the
problem as a software bug that caused sign-on issues, but did not resolve
the outages until Saturday, promising a full explanation of the issue after
the weekend.
'The disruption was triggered by a massive restart of our users¹ computers
across the globe within a very short timeframe as they re-booted after
receiving a routine set of patches through Windows Update," Skype spokesman
Villu Arak said in a statement posted to the company's blog on Monday. "The
high number of restarts affected Skype¹s network resources. This caused a
flood of log-in requests, which, combined with the lack of peer-to-peer
network resources, prompted a chain reaction that had a critical impact."
While Skype has had its own share of security flaws, the service's
infrastructure was thought to be resilient to attack or disruptions, given
its distributed nature. Threats to voice-over-IP communications have been
frequently talked about, but rarely realized, with the exception of caller
ID spoofing attacks.
Skype did not comment on an apparent exploit for the voice-over-IP messaging
client that appeared on a Russian security site on Friday, except to say
that the outage was not a malicious attack. Nor did the company explain why
Microsoft's update affected the client this time around while previous
updates have not, only saying that a flaw caused its network-healing
algorithm to fail to provide resources fast enough.
Microsoft did not immediately provide a comment on the outage.
More information about the Infowarrior
mailing list