Somebody noticed that Skype Reads Your BIOS and Motherboard Serial Number. But is it really that big an issue ?

Important enough to mention it here. Read this entry by myria.

If this is all true (we will know once it is better documented, I guess) this then means that too many “confidential data” are located on one spot. Phonenumber, email-address, skype ID, bios-info and Motherboard number. Really. Talking about breach of privacy… if this data would be send to the Skype server. Now we have a situation whereby skype add-on could be made that can read this information and tunnel it somewhere. 

On the other hand I think this does not mean a lot. Listen to this :

“ Every piece of software written for the last 10 years that needs to identify a session with better granularity than just the password (i.e. multiple logins) has done the same and nobody is getting a hard-on about them. It is also common to use nonrandom numbers present in your system to augment your passwords. Not a big deal. Somebody just wants to become famous.

Now the thing that I would get my feathres ruffled about would be the sporadic existence of the mysterious 1.com file! You could use probably some hair brained algorithm using the time stamps etc but would you not agree that it would be a lot easier to use a number that is fixed to your hardware and publicly available? Which component changes least often on your machine? Motherboard. :et's use the mobo serial number. Why not?

I'm not saying that this is how Skype uses it, but it could be. I am not a conspiratory theorist. I leave that to those who are more interested in it. I'm just looking at it as a programmer. It really is not a big deal.

Let's assume that there is a sinister purpose for this... Can you tell me what on earth would Skype do with 150million motherboard serial numbers either for fun or for profit?”

So let’s wrap up the counterhype on the Skype hype.

and here the original link/posting :

“ Users of Skype that run 64-bit versions of Windows like me probably have noticed that when starting Skype, the following dialog box appears:

The program or feature “\??\C:\Documents and Settings\Myria\Local Settings\Temp\12\1.com” cannot start or run due to incompatibility with 64-bit versions of Windows. Please contact the software vendor to ask if a 64-bit Windows compatible version is available.

Well, that’s weird. Skype’s trying to run a .com file, which won’t work on Win64 because there’s no NTVDM. Let’s try opening it in Hex Workshop. Access denied? OK, I’ll terminate Skype to read it. Still can’t?! This thing is really starting to annoy me. I’ll use WinDbg to terminate winlogon.exe to force a kernel panic. I reboot and NOW I can read the damn file.

An unreadable executable file coming from Skype sounds interesting, so I look at it. It’s 46 bytes long. For copyright reasons I can’t post the file or a complete disassembly. However, I can describe the program in terms of 16-bit DOS C:

int main(void)
{
fwrite((const void far*) 0xF0000000, 1, 0xFFFF, stdout);
fwrite((const void far*) 0xF000FFFF, 1, 1, stdout);
return 0;
}

It’s dumping your system BIOS, which usually includes your motherboard’s serial number, and pipes it to the Skype application. I have no idea what they’re using it for, or whether they send anything to their servers, but I bet whatever they’re doing is no good given their track record.

In 32-bit Windows NT, including Vista, the kernel permits NTVDM to make a read-only mapping of the BIOS at address 000F0000. This allows DOS programs running under NTVDM to make use of the BIOS. That’s how this 46-byte program is capable of sending the BIOS to the Skype application, and also explains why they use this mechanism to begin with.

If they hadn’t been ignorant of Win64’s lack of NTVDM, nobody would’ve noticed this happening. “

source