Skype tackles hack vulnerability that put accounts at risk
Page 1 of 1
Skype tackles hack vulnerability that put accounts at risk
wyatt1 Wed Nov 14, 2012 2:56 pm
Skype has suspended its password reset function after it emerged the facility could be used to hijack the video chat service's accounts.
The vulnerability was discussed on a Russian blog about three months ago, but was only tackled after details were shared on news site Reddit.
The issue could have exposed answerphone messages, old text message conversations and user details including date of birth.
Skype is looking into the problem.
"We have had reports of a new security vulnerability issue," wrote engineer Leonas Sendrauskas.
"As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologise for the inconvenience but user experience and safety is our first priority."
Easy-to-use attack
A how-to-guide was first shared on Russian forum Xeksec.
It involves using a victim's Skype-registered email address to create a new account which is also linked to an email account owned by the attacker.
If a password change is then requested using the target's username, the hijacker can access the resulting reset token via the Skype app itself using the newly-created bogus log-in.
This can then be used to lock out the account's owner and access their details.
Skype blanks all but the last four digits of stored credit card accounts preventing the hackers from being able to steal cash, however they could have used up spare credit.
The security hole was confirmed by The Next Web which subsequently brought it to Skype's attention.
It follows on from a revelation last month that the program could be used to distribute malware via its instant message tool.
The news comes amid a campaign by Microsoft to convince members of its Windows Live Messenger chat tool to switch to Skype.
It plans to retire WLM by March 2013 across the world, with the exception of China.
http://www.bbc.co.uk/news/technology-20325684
The vulnerability was discussed on a Russian blog about three months ago, but was only tackled after details were shared on news site Reddit.
The issue could have exposed answerphone messages, old text message conversations and user details including date of birth.
Skype is looking into the problem.
"We have had reports of a new security vulnerability issue," wrote engineer Leonas Sendrauskas.
"As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologise for the inconvenience but user experience and safety is our first priority."
Easy-to-use attack
A how-to-guide was first shared on Russian forum Xeksec.
It involves using a victim's Skype-registered email address to create a new account which is also linked to an email account owned by the attacker.
If a password change is then requested using the target's username, the hijacker can access the resulting reset token via the Skype app itself using the newly-created bogus log-in.
This can then be used to lock out the account's owner and access their details.
Skype blanks all but the last four digits of stored credit card accounts preventing the hackers from being able to steal cash, however they could have used up spare credit.
The security hole was confirmed by The Next Web which subsequently brought it to Skype's attention.
It follows on from a revelation last month that the program could be used to distribute malware via its instant message tool.
The news comes amid a campaign by Microsoft to convince members of its Windows Live Messenger chat tool to switch to Skype.
It plans to retire WLM by March 2013 across the world, with the exception of China.
http://www.bbc.co.uk/news/technology-20325684
wyatt1- ..........
- Posts : 10029
Similar topics» Real risk of a Maunder minimum 'Little Ice Age' says leading scientist
» Risk aversion in old age down to changes in brain structure, scans suggest
» Put down that drink! Men with beer bellies warned they are at risk of weaker bones
» Gym Rats Are at Risk of This Once-Obscure Kidney Injury
» Nooooooooooooooooooooo!!!!!!! Bacon Eaters Warned Of Deadly Cancer Risk
» Risk aversion in old age down to changes in brain structure, scans suggest
» Put down that drink! Men with beer bellies warned they are at risk of weaker bones
» Gym Rats Are at Risk of This Once-Obscure Kidney Injury
» Nooooooooooooooooooooo!!!!!!! Bacon Eaters Warned Of Deadly Cancer Risk
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
» Pork Markets
» Why Elon Musk Couldn't Save Free Speech
» so..............hows the freedom jab going??
» NOT GUILTY ON ALL COUNTS
» DEAN!!!!!
» Scams becoming more sophisticated
» An Interesting Tweet
» Have you seen...
» tories prepare for genocide
» PLANET OF THE HUMANS
» Blood is on bidens hands
» A list of joe Bidens accomplishments during his 47 years in politics
» Mickey Mouse has ruined my life
» Turkish Wildfires