A program used by eBay Inc.’s Skype Internet phone service collected identifying information from users’ computers running a 64-bit version of Microsoft’s Windows operating system, the software’s developer said.
It is reported that an older version of software - when running a PC with the 64-bit version of Windows - collected the serial number of the PC’s main circuit board and settings stored in the PC’s BIOS, which contains code for controlling keyboard, display, disk drives and other important functions.
“The collection of such data is not unusual, particularly by digital rights management software that is used to enforce copyrights and ensure programs are being used in legitimate ways by customers. But the information is supposed to be converted to a string of numbers that uniquely identifies a system but can’t be reverse-engineered to reveal specific details of the PC,” Associated Press reports adding that the identifying information, if it isn’t scrambled, could give a savvy hacker a glimpse into the heart of any computer.
However, the software was upgraded last week, Skype Chief Security Officer Kurt Sauer said. The new version correctly generates the numbers - called a hash - on all versions of Windows, said Lars Jolstad, EasyBits’ vice president of business development.
Sauer and Jolstad said Skype never used the data collected.
Other reports say that this security issue was caused by Skype’s component called Extras Manager. It offers access to a number of partly non-free add-ons, for collaboration, data transfer, and games between callers.
Links: Mercury News | Heise Security
