Practical Technology

for practical people.

Skype Holes

f you really know how Skype works, you know it’s about as safe as juggling firecrackers. Skype, the popular VoIP program, relies on every PC running Skype between you and who you’re calling to serve as stepping stones for your conversation. That’s bad. What’s worse is when Skype doesn’t check to see if Skype calls are actually sent, or received, by the right people.

Or, to quote Levent “Noptrix” Kayan, the security researcher that uncovered this hole, “Skype suffers from a persistent Cross-Site Scripting [XSS] vulnerability due to a lack of input validation and output sanitization of the ‘mobile phone’ profile entry. Other input fields may also be affected.”

What does that mean for you? Noptrix explained, “An attacker could trivially hijack session IDs of remote users and leverage the vulnerability to increase the attack vector to the underlying software and operating system of the victim.”

In plain English, it’s simple for a hacker to take over your Skype session as you login to Skype. From there it’s not much of a trick to take over your Windows PC or Mac and start causing real trouble.

More >

Comments are closed.