Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Skype: Outage prompted by Microsoft Update
Published: 2007-08-20

Last week's two-day outage of the Skype voice-over-IP network was not caused by an attack, but by a lack of resources available to the peer-to-peer messaging technology due to Microsoft's monthly update, the Luxembourg-based subsidiary of online auction giant eBay said on Monday.

On Thursday, August 16, Skype users had trouble connecting to the service, which uses a peer-to-peer network to provide instant messaging, voice-over-IP telephony and video chat capabilities. Skype identified the problem as a software bug that caused sign-on issues, but did not resolve the outages until Saturday, promising a full explanation of the issue after the weekend.

'The disruption was triggered by a massive restart of our users’ computers across the globe within a very short timeframe as they re-booted after receiving a routine set of patches through Windows Update," Skype spokesman Villu Arak said in a statement posted to the company's blog on Monday. "The high number of restarts affected Skype’s network resources. This caused a flood of log-in requests, which, combined with the lack of peer-to-peer network resources, prompted a chain reaction that had a critical impact."

While Skype has had its own share of security flaws, the service's infrastructure was thought to be resilient to attack or disruptions, given its distributed nature. Threats to voice-over-IP communications have been frequently talked about, but rarely realized, with the exception of caller ID spoofing attacks.

Skype did not comment on an apparent exploit for the voice-over-IP messaging client that appeared on a Russian security site on Friday, except to say that the outage was not a malicious attack. Nor did the company explain why Microsoft's update affected the client this time around while previous updates have not, only saying that a flaw caused its network-healing algorithm to fail to provide resources fast enough.

Microsoft did not immediately provide a comment on the outage.

If you have tips or insights on this topic, please contact SecurityFocus.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus