A new security vulnerability has been found in Skype that allows anyone to change your password and take control of your Skype account. First posted to a Russian Internet forum several months ago, The Next Web says they've tested the five step hack and have confirmed that it works. All attackers apparently need is the e-mail address tied to your Skype account, create a new Skype account with that e-mail address, then have the system generate a password reset token -- which is sent to the Skype app itself. Microsoft has frozen account resets while they work to resolve the issue.
Skype issued the following statement about the matter:
quote:"We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the inconvenience but user experience and safety is our first priority"
One day companies generally have got to get hold of security generally.
As long as they have humans programming the computers, or even robot programmers who were programmed by humans (and so on and so on), this won't happen.
Security has to be perfect to be absolute. The attackers only need to find one vector.
Disclaimer: I am a human who programs computers.
2012-Nov-14 11:21 am: ·
Kearnstd Elf Wizard Premium join:2002-01-22 Mullica Hill, NJ kudos:1
And perfect security can never be done even if you had perfect programmers assisted by perfect robot programmers.
As lets face it, the #1 hole is still the the meat bag in the chair. Get a user to click yes on something and the hacker just infected their PC and sniffed their passwords. -- [65 Arcanist]Filan(High Elf) Zone: Broadband Reports
I looked at the images you posted. Maybe it's fixed, we can all hope. But look at the change in size. From a bit over 1 mb to almost 30 mb.
Skype grew almost 3,000% for a fix? -- "If you put the federal government in charge of the Sahara Desert, in 5 years there'd be a shortage of sand." - Milton Friedman"
2012-Nov-15 2:54 am: ·
plencnerb Premium join:2000-09-25 Carpentersville, IL kudos:2
You bring up an interesting point.
I am one who will save older versions of applications, just in case I need to go back a version or two. It also helps when I rebuild my machine (or a friend/family's machine) so I don't have to go re-download all the applications.
So, I went and looked to see what I had for Skype. I have 6 versions, and they are all pictured above. It is interesting that the last one I downloaded grew from just around 1 MB to just under 30 MB.
By the way, the filenames that I have listed are modified when I downloaded them. I believe they were all called "SkypeSetup.exe" when I originally downloaded them. I then renamed them to be SkypeSetup_versionumber.exe so I could tell them apart.
However, the current exe name is called "SkypeSetupFull.exe" when you go to download it.
It appears that Skype may have changed their install method. Before it could have been a shell that you would launch, and it would pull the rest of the install down from the web at that time. It looks now that when you download skype, you get the full install package.
Re: Months to have someone scratch their behind to fix it
Good title you need to add "and picking boogers". The super dooper app version of Skype M$ has for Windows 8 sucks so bad I deleted it and installed a version from earlier in the year problem solved. What is one suppose to expect from a company that repackages a netbook and calls it the "Microsoft Surface" M$ both Apple and the Android world are laughing at you.
This site is a God Send: »www.oldapps.com/ -- I am quite sure now that often, very often, in matters concerning religion and politics a man's reasoning powers are not above the monkey's. - Mark Twain in Eruption
2012-Nov-14 4:03 pm: ·
BlitzenZeus Burnt Out Cynic Premium join:2000-01-13 kudos:3
As Microsoft would say "Working as intended", and swept it under the rug until it was exploited. This pretty much is par for Microsoft.
2012-Nov-14 10:05 pm: ·
KrK Heavy Artillery For The Little Guy Premium join:2000-01-17 Tulsa, OK