Arrow of time
Arrow of time
So my Skype account was hacked today

About an hour ago I got a message from a friend that my Skype account has sent a suspicious-looking link ...

About an hour ago I got a message from a friend that my Skype account has sent a suspicious-looking link to Baidu. As I wasn't signed into Skype, and I only use Skype a few times a year (when scheduled via e-mail), that sounded strange. But it was true - after logging in into Skype, I was greeted by an "unread messages" count of a few dozen. And that was doubly strange as, since I don't use Skype that often, my Skype contact list is very short - maybe 10-15 persons, max.

If you are one of those people who have received a Baidu link from me, I hope you've been suspicious enough not to click it. Generally, please don't click on strange links which you have not previously requested, anywhere, from anyone.

After reviewing "recent activities" on the Microsoft Live platform (because Microsoft bought Skype and made it shittier, and half-integrated the products), it looked like there was a suspicious login from an IP address that the platform recognized as being located in Cambodia. So, it looks like my password was possibly brute-forced from Cambodia, then a hacking client has logged in with the brute-forced password and sent spam messages. This spam was a link which was basically disguised as coming from Baidu. But that's not all: BEFORE sending all this spam, the hacking client has somehow added a few hundred people from my Google contacts to my Skype contacts - including some very recent people.

That's the real issue: how did my Google contacts end up in Skype? I don't think it's a sophisticated enough attack that it could browser-scrape contacts, so it seems like it should happen in server-to-server communication between Microsoft Live and Google. I had 2FA on Google but I've only just added it to Microsoft Live. I'm not sure if there's some kind of "Import contacts from Google" option in Microsoft Live, but even if there is, I sure haven't used it in years, and probably never, and still there were few very recent Google contacts there.

Update: just got another idea from a friend: this could have happened through the phone apps, if the Skype app has access to Google Contacts. Which I've now checked and it does - naughty Skype! Bad!

Skype's user interface is atrocious:

  • I've found out that Skype has sent a bunch of messages to people who had not yet accepted the (hacked) contact request. This means that people I have no intention to contact via Skype have received spam messages from my account without even accepting the contact request. Why is this possible?
  • Because this attack has added hundreds of people to my Skype contact list, I now had to go manually through each of them and notify the people not to click on the links.
  • Skype does not allow multiple-select on contacts or conversations, so I had to right-click every single one, and choose "Remove from Contacts" or "Hide conversation" from the pop-up menu. This is so sad.

All this has reminded me why, still, in 2017., I still avoid both Skype and Microsoft's products.

So to summarise, what to do about such vulnerabilities? At least the following things:

While this doesn't guarantee you won't be hacked in a different way, at least it prevents one way of doing it and minimizes the damage such a hack can do.

Here's an insightful link another friend has sent me about Skype's security. Very much worth reading!


How beautiful the PostgreSQL planner can be

Just wanted to share how beautiful the PostgreSQL query execution planner can be. Here is a query where I want ...

Just wanted to share how beautiful the PostgreSQL query execution planner can be. Here is a query where I want to find out both the minimum and the maximum of the id field, which is a sequential primary key: explorer2=# explain analyze select min(id), max(id) from expl_iocombined;...

Read More
Supercapacitor experiments #1: just a LED

When I was a young student (in a third world country, mind you), around Y2K, we learned about capacitors in ...

When I was a young student (in a third world country, mind you), around Y2K, we learned about capacitors in pF, nF and uF ranges, that's pico-, nano- and micro- Farads, i.e. 0.000000000001 F, 0.000000001 F and 0.000001 F. All these are useful and used in practically all existing electronics. They are also very small amounts of Farads. Consequently, one whole Farad was considered ginormous, an almost mythically high capacity. I remember one student...

Read More
Introduction to Go for Python / Django developers

This is a gentle introduction to Go for primarily meant for Django developers. Admittedly, it is in some ways like ...

This is a gentle introduction to Go for primarily meant for Django developers. Admittedly, it is in some ways like comparing apples and oranges. Since Go is a language (with a batteries-included standard library) and Django is a web application framework, this guide will make some choices on how to make Go useful for web application development. There is a very large number of Go libraries, frameworks and micro-frameworks out there, and more are developed...

Read More
C++ Atomic Types / Memory Barrier Performance (or: do we need CPU caches?)

A friend of mine, a computer scientist working on memory consistency models theory in C and C++, has relayed to ...

A friend of mine, a computer scientist working on memory consistency models theory in C and C++, has relayed to me an extraordinary claim, which boils down to this: "using memory barriers in code for each read and write does not have an impact on performance." Now, this claim is something he's heard second hand, and since he is an extreme example of a theory-oriented guy, the validity of this claim was not something he...

Read More
TIL: How do bicycles (and cars) turn?

It occured to me while driving a car that the act of turning direction is actually non-trivial. Reducing the case ...

It occured to me while driving a car that the act of turning direction is actually non-trivial. Reducing the case to a bicycle, consider this: You are pedaling your bike, and driving in the forward direction (of course). You now have certain speed and acceleration vectors pointing in front of you. You stop pedaling, and decide to turn left, 90 degrees to your current direction. You turn the wheel. Depending on the angle of the wheel and...

Read More
Bitcoin works exactly as intended, get over it

There have been some alarmist articles recently which basically boil down to "Bitcoin is doomed! Abandon ship!", and while I ...

There have been some alarmist articles recently which basically boil down to "Bitcoin is doomed! Abandon ship!", and while I agree with some of the points given, I think that almost all of them, together with most of the current users of Bitcoin, are a bit missing the point of its existence. Here's my take on it. Blockchain itself is independent from the networking part, and it works fine The blockchain is basically a way...

Read More
Why Oculus Rift is not the future of VR, and Cardboard is?

Because of availability. Thank you for reading, and good night, see you again sometimes, don't be a stranger! Explanation ...

Because of availability. Thank you for reading, and good night, see you again sometimes, don't be a stranger! Explanation I didn't think it needed an explanation util I talked with a collegue of mine who almost completely disagreed. Here are four reasons why I think that, unless corporate shenanigans fuck things up, a descendant of Google Cardboard will still exist in 5 years, while currently hyped darlings like Oculus Rift, Samsung Gear and others will be forgotten. #1: VR...

Read More
Using Go for web app development

Last year I've been considering and experimenting with learning another compiled programming language, which would supplement Python which I ...

Last year I've been considering and experimenting with learning another compiled programming language, which would supplement Python which I normally use for, well... almost everything nowadays. There's really only one objective reason for this: performance. With Python, it simply never gets better, and Python 3 is a mess, with basically non-existent PyPy support. Sure, I could write performance-sensitive parts in C (or C++) and use them from Python, but... no, just no. The things I...

Read More
Developing Bitcoin services - general notes

For some time now I've been developing back-end stuff with Bitcoin, and here are some things I wish I ...

For some time now I've been developing back-end stuff with Bitcoin, and here are some things I wish I could have learned the easy way: If analysing the blockchain (for whatever purposes), it's all fine and breezy until about block 200,000 - that's where the fun starts. Don't test your code with earlier blocks, since compared to the more recent ones they are trivially small. Python is fast enough, PyPy is faster. If you're using bitcoind RPC,...

Read More
Story: Court of the Red King

1946. On an almost black and white day in November, the plaza was full of solemn people. Tens of thousands ...

1946. On an almost black and white day in November, the plaza was full of solemn people. Tens of thousands of them, in fact, had gathered under the gray sky, in the semi-circular theater surrounding the huge podium, in the middle of the busy construction project of the Great Hall. It was said that, once completed, the monster building would take two hundred thousand people, all watching and enjoying the power of their Reich....

Read More
How are successful open source projects started and what keeps them going?

I've been thinking about what drives the core developers of successful open source projects, or in other words, what ...

I've been thinking about what drives the core developers of successful open source projects, or in other words, what keeps the projects going. These are just my own thoughts, they may or may not be correct or applicable for any purpose, YMMV. Being done by human beings, open source projects depend on those people being motivated. In general, people are motivated by similar things, and those, I think, are in open source projects...

Read More
Go: methods, receivers and benchmarking

One interesting feature of Go is how easy it is to write tests and microbenchmarks for it. In fact, tests ...

One interesting feature of Go is how easy it is to write tests and microbenchmarks for it. In fact, tests and microbenchmarks roughly folow the same syntax. Another interesting "feature" of Go is how it introduced subtleties in language which can be tarpits for beginners and those familiar with other languages. Take for example the Go equivalent of classes. There are no classical classes here, but a way of doing things which is similar to...

Read More
Trying out Nim, D, Go and Rust - part 1

Currently, if I want to describe myself as a developer, I say I'm a "C and Python guy." What ...

Currently, if I want to describe myself as a developer, I say I'm a "C and Python guy." What I mean by that is that I like to work best with C and Python, and seek such opportunities - but it didn't start like that. I basically grew up on BASIC and Pascal and counting by LOC I've probably written the most in PHP. I also have experience with C++, assembly, Java, C# and JavaScript,...

Read More
Why do you need an Encrypted Notepad?

If you are like me, you probably have dozens (or even hundreds) of passwords for various services and systems which ...

If you are like me, you probably have dozens (or even hundreds) of passwords for various services and systems which you either don't want to "remember" in your web browser, or the services are not (shockingly, I know!) browser-accessible. You have probably already remembered to search for an application for your mobile phone, or your desktop, a laptop, or whatever, which would to the job of remembering "7i48!fac3" for you. And then, like me, you've realised that there...

Read More
Why FreeBSD's pkg sucks

A not too long time ago I was a big FreeBSD user, with dozens of production installs. Gradually, I've ...

A not too long time ago I was a big FreeBSD user, with dozens of production installs. Gradually, I've been using it less and less and now I feel I must describe why, in a hopefully productive and positive fashion. In short: it's all about the packages and ports. An operating system is useless without its applications, and the currently blessed binary package management system, the pkg is seriously broken. I was very enthusiastic about pkg (then called Read More


Installing Django on Windows

Though it is obviously a blasphemy, sometimes it is actually necessary to run Django on Windows - mostly due to a ...

Though it is obviously a blasphemy, sometimes it is actually necessary to run Django on Windows - mostly due to a client having based its infrastructure around the Windows ecosystem. The "blasphemy" part comes from Django being a really nice framework which evolved on and for a Unix-like system, and it relies heavily on features like WSGI, FastCGI, and command-line tooling which are foreign to the Windows environment. Luckily, the compatibility is improving, by features...

Read More
Online.net physical ARM-powered cloud

Online.net is a French hosting company offering the usual range of services from simple web hosting for 1 € / mo ...

Online.net is a French hosting company offering the usual range of services from simple web hosting for 1 € / mo to dedicated servers, but with a twist I haven't seen before: their offer of dedicated servers is incredibly affordable! See this example: for 6 € / mo you can get yourself a dedicated VIA Nano x86 CPU powered server completely for your own usage. These CPU's performance is comparable Read More


Intel Atom vs Xeon performance

I recently got myself a small laptop, an Asus Transformer Book T100TA, and I'm surprisingly happy with it. The ...

I recently got myself a small laptop, an Asus Transformer Book T100TA, and I'm surprisingly happy with it. The current generation of these devices is what netbooks were supposed to be: very portable, with a very long battery life, but still powerful enough to be usable. In fact, I'm writing this blog post on it. Finally, both the hardware and the software (the device is running Windows 8.1 and I'd be crazy...

Read More
On (artificial) intelligence

Consider this armchair philosophising on the possibility of artificial intelligences. My stance on the existence of our biological intelligence is ...

Consider this armchair philosophising on the possibility of artificial intelligences. My stance on the existence of our biological intelligence is that it's a matter of accident, in the sense that all evolved traits are basically accidents: random mutations which get selected for over a large time span. It was very probably honed during that time, as individuals which had "more of it" had an advantage over the others. However, something singular must have happened some time ago, some...

Read More
  • 1
  • 2