eWeek Security Watch
Advertisement
Advertisement
January 24, 2008 7:58 AM

Skype Security Problems Multiply



Skype Security Problems Multiply The Skype security problem I wrote about here and here is much more serious than originally reported, according to the hacker who found and reported the vulnerability.

Aviv Raff showed me proof-of-concept code that fired a code execution exploit whenever I visited a booby-trapped Web page. The exploit worked even if Skype was not running--visiting the Web page automatically opened Skype, attempted to load a video, and then launched the executable code.

After Raff's second discovery--which is a combination of a cross-site scripting bug in Metacafe and a cross-zone scripting vulnerability in Skype--the eBay-owned company completely removed the Add a Video feature until a patch is ready.

Posted by Ryan Naraine on January 24, 2008 7:58 AM

| Comments (3) | del.icio.us | digg.com | Trackback | Post a Comment
TrackBack

TrackBack

http://securitywatch.eweek.com/cgi-bin/mte/mt-tb.cgi/12551

Comments (3)

jonmca :

This additional warning is appreciated. However to clarify this situation you may want to state specifically when the vulnerabilty is active. Is it (1) with Skype showing in the taskbar "Offline" and in other taskbar modes, or (2) is there's some unusual feature in Skype that allows it to be started and "run" remotely even after someone "Quits" Skype and it's not showing in the taskbar. Thanks!

Posted by jonmca | January 28, 2008 2:05 PM

Lawrence D'Oliveiro :

That's one ef the many troubles with using a closed, proprietary system like Skype: you are forced to put up with the software they provide, you can't switch to anything else.

Whereas if you were using open, standards-based VOIP, if one client had a security hole in it that the vendor was being tardy about fixing, you could switch to another client.

Posted by Lawrence D'Oliveiro | January 29, 2008 4:32 AM

canuckistani :

One such free and open source/open standards based service is "Wengophone"
http://wengo.org

Not only is it "open" but the computer to telephone rates are cheaper than Skype.

Posted by canuckistani | January 31, 2008 2:00 AM

Post a Comment

 
 


RSS Syndication

Breaking News

Advertisement

Apple

Browsers

Cisco

Corporate espionage

Disaster Planning

eBay

Exploits and Attacks

Flaws

Google

Identity Theft

Intrusion Detection/Prevention

Mergers and Acquisitions

Microsoft Windows

Open Source

Oracle

Patches

Phishing and Fraud

Privacy

Product Reviews

Rootkits

Spam

Virus and Spyware

Vulnerability Research

Advertisement
Security Watch     Contact Us | Advertise | Site Map
Ziff Davis Enterprise

Ziff Davis Enterprise Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters
RSS Feeds | White Papers | ROI Calculators | Tech Podcasts | Tech Video |

Baseline | Careers | Channel Insider | CIO Insight | DesktopLinux | DeviceForge | DevSource | eSeminars |
eWEEK | LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | Networking | PDF Zone |
Publish | eWeek Security | Strategic Partner | Web Buyer's Guide | Windows for Devices

Developer Shed | Dev Shed | ASP Free | Dev Articles | Dev Hardware | SEO Chat | Tutorialized | Scripts |
Code Walkers | Web Hosters | Dev Mechanic | Dev Archives | IT Marketplace | igrep

Use of this site is governed by our Terms of Use and Privacy Policy

Copyright ©1996-2007 Ziff Davis Enterprise, Inc. All Rights Reserved. Security Watch is a trademark of Ziff Davis Enterprise, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
Ziff Davis Enterprise