skype outage blamed on windows reboots…yeah right

Skype was down late last week for about 3 days or so. And not just every single user, but also downloads of the software on their site. This was supposedly due to a software algorithm update or something like that. Today I read this was due to the massive reboot of Microsoft Windows computers the night previous. TheRegister also has some info up, and is a little more cohesive.

I call bullshit. This is curiously close to poc code released that supposedly (I say that because I’ve not tested it, nor could anyone else since the servers were down) would freeze a Skype server, then move to the next one, and so on. It was posted to SecurityLabs.ru. If true, that is certainly a critical, fatal, flaw.

1. A security issue to Skype would be a very, very big deal. One of the biggest contention points with Skype use is its security. I’d do everything in my power as well to protect that, such as shut off all servers and all users and all downloads in an effort to hide the insecurity issue.

2. The Windows reboot shouldn’t have occured as late as it seemed like Skype was down. The reboot should occur Tuesday evenings in the dead of night, for automatic users, and at various times. I don’t think Skype was down until Thursday…

3. Why now? Why this month? Why not the last few months?

4. And Skype is going to tell us that a mass reboot of users exposed a vulnerability in the availability of their world class system? You have really got to be kidding me… But as much as that can be egg on their face, I would weigh that less than a security incident. Nonetheless, I can’t imagine the overhead of reconnecting to Skype truly caused such a showstopping event on the service’s login servers. I wonder how many Skypes get turned on every morning anyway?

Ever informative, the Internet Storm Center has an ongoing post which raises similar questions and more. I really like the thought that Skype needs Windows users to log in, so that means all these millions of users all had their machine auto-login? Again, right.