Skype Security Problems Multiply

 
 
By Ryan Naraine  |  Posted 2008-01-24 Print this article Print
 
 
 
 
 
 
 

Skype Security Problems Multiply The Skype security problem I wrote about here and here is much more serious than originally reported, according to the hacker who found and reported the vulnerability.

Aviv Raff showed me proof-of-concept code that fired a code execution exploit whenever I visited a booby-trapped Web page. The exploit worked even if Skype was not running--visiting the Web page automatically opened Skype, attempted to load a video, and then launched the executable code.

After Raff's second discovery--which is a combination of a cross-site scripting bug in Metacafe and a cross-zone scripting vulnerability in Skype--the eBay-owned company completely removed the Add a Video feature until a patch is ready.

 
 
 
 
del.icio.us | digg.com
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel