Major Skype Vulnerability Found

One day companies have got to get hold of security. Stuff like this happens too often.

It won't happen.

Anyone know the URL to that website?

As long as they have humans programming the computers, or even robot programmers who were programmed by humans (and so on and so on), this won't happen.

Security has to be perfect to be absolute. The attackers only need to find one vector.

Disclaimer: I am a human who programs computers.

And perfect security can never be done even if you had perfect programmers assisted by perfect robot programmers.

As lets face it, the #1 hole is still the the meat bag in the chair. Get a user to click yes on something and the hacker just infected their PC and sniffed their passwords.

They say it is fixed.

»thenextweb.com/microsoft ··· ffected/

What the most frustrating part is, it's been reported to them months ago. Response? None. Support staff reading off of scripts. Email reports being ignored.

And as soon as a couple of big news/blog sites reported it -- immediate swift reaction and a fix in a few hours. So, it didn't even take long to fix this. Horrible

quote:

---

Security has to be perfect to be absolute. The attackers only need to find one vector.

---

disagree. Security has to be "good enough" or sufficiently secure proportional to what is being protected.

That is obviously not happening here, and in most of the cases where we see "security fails"

There is no "absolute security" - anyone who starts talking that way is trying to sell you anti-virus software, or some "enterprise class security system that will keep the hackers out!".

The only absolute perfect security that can be obtained is for something which absolutely does not perfectly exist.

Good title you need to add "and picking boogers". The super dooper app version of Skype M$ has for Windows 8 sucks so bad I deleted it and installed a version from earlier in the year problem solved. What is one suppose to expect from a company that repackages a netbook and calls it the "Microsoft Surface" M$ both Apple and the Android world are laughing at you.

This site is a God Send: »www.oldapps.com/

"What one man can do, another man can undo."

As Microsoft would say "Working as intended", and swept it under the rug until it was exploited. This pretty much is par for Microsoft.

I looked at the images you posted. Maybe it's fixed, we can all hope. But look at the change in size. From a bit over 1 mb to almost 30 mb.

Skype grew almost 3,000% for a fix?

surprising they don't write compilers that check for buffer overflow conditions before they'll compile an exe or dll

You bring up an interesting point.

I am one who will save older versions of applications, just in case I need to go back a version or two. It also helps when I rebuild my machine (or a friend/family's machine) so I don't have to go re-download all the applications.

So, I went and looked to see what I had for Skype. I have 6 versions, and they are all pictured above. It is interesting that the last one I downloaded grew from just around 1 MB to just under 30 MB.

By the way, the filenames that I have listed are modified when I downloaded them. I believe they were all called "SkypeSetup.exe" when I originally downloaded them. I then renamed them to be SkypeSetup_versionumber.exe so I could tell them apart.

However, the current exe name is called "SkypeSetupFull.exe" when you go to download it.

It appears that Skype may have changed their install method. Before it could have been a shell that you would launch, and it would pull the rest of the install down from the web at that time. It looks now that when you download skype, you get the full install package.

--Brian