Skype has closed the possibility of “hijacking” of user accounts

Posted: November 14, 2012 in IT Security News
Tags:

Skype

Skype has closed the critical vulnerability

Internet phone system Skype just hours has reported to eliminate a serious bug, the use of which are possible reset the user password and data theft legitimate user.

Skype today disclosed vulnerability allows a potential attacker to create Skype-account with the same address email, and that the victim and then from the same session, to request a password reset, leading, therefore, account of this person.

After this vulnerability became known, initially just block Skype password reset page, but later, the company sold a permanent fix for the vulnerability.

Also in Skype reported that, in practice, this vulnerability has used a number of algorithmic weaknesses opportunities for users with multiple Skype-accounts and working with them through the specified single inbox. The company did not report how many people could suffer from exploitation, but the claim that a bug “was affected by a small number of users.”

Skype now offers the ability to reset the password only through the page, which is available in the personal profile is an authorized user.

Initially, the vulnerability was reported at https://malwarelist.wordpress.com/2012/11/14/vulnerability-in-skype/

Comments
  1. Robert Luand says:

    Thanks for the article. We all need to be more proactive about our personal account security. One thing you failed to mention is taking advantage of the 2FA (2-Factor Authentication). Although it’s been around for a while, more and more sites are starting to offer and promote this option. 2-Factor Authentication to complete a transaction while shopping online wins every day. I feel suspicious when I am not asked to telesign into my account by way of 2FA, it just feels as if they are not offering me enough protection. I know some will claim this make things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your info is secure. This should be a prerequisite to any system that wants to promote itself as being secure.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s