Security Watch

Keeping Track of patches and hacks in the IT security world.

Skype Security Problems Multiply

Skype Security Problems Multiply

The Skype security problem I wrote about here and here is much more serious than originally reported, according to the hacker who found and reported the vulnerability.

Aviv Raff showed me proof-of-concept code that fired a code execution exploit whenever I visited a booby-trapped Web page. The exploit worked even if Skype was not running--visiting the Web page automatically opened Skype, attempted to load a video, and then launched the executable code.

After Raff's second discovery--which is a combination of a cross-site scripting bug in Metacafe and a cross-zone scripting vulnerability in Skype--the eBay-owned company completely removed the Add a Video feature until a patch is ready.