active-technologies.com - Network Computer Services - Web Page Design and Hosting - QuickBooks & Bookkeeping Services            
  • Login

Network & Computer Services

  • Network Maintenance and Computer Repair
  • New Equipment Roll-outs
  • System Upgrade - Lifecycle Management
  • Backup Systems
  • Windows - Linux
  • Servers & Desktops
  • WiFI & Barcode
  • Security - AntiVirus - Malware
  • System Design - Planning - Training
  • Purchase Equipment At Cost Through Us
  • On-site and On-line Service Service



Web Page Design & Optimization

  1. Drive Customers To Your Business
  2. Web Maintenance
  3. Mobile Web Sites
  4. Wordpress Customization
  5. Drupal CMS Customization
  6. Organic Search Engine Optimization (SEO)
  7. Local Search Engine Optimization (SEO)
  8. Website Re-Design and Intranets
  9. Online Shopping Carts & Catalogs
  10. Web Analytics and Reporting

QuickBooks & Bookkeeping Services

  • Install Upgrade Restore Multiuser
  • Point of Sale - Custom Reporting
  • Sales Invoicing Posting Reports
  • Purchases Payables Posting Reports
  • eMail and Security
  • Inventory
  • Payroll
  • Job Cost
  • Custom Reporting

  • Home
  • About Us
  • Projects
  • Legalease
  • Green Policy
  • Recommendations
  • CIM Manufacturing Demo
  • Contact Us

You are here

Home | Stop annoying Internet videos from autoplaying

Services

  • What We Do
  • Web Page Design
  • Mobile Web
  • Web Hosting
  • Identity Management
  • Search Optimization
  • Content Manager
  • Computer Repair
  • Network Service
  • Backup System
  • Network Assessment
  • Disaster Recovery
  • Data Recovery
  • Technology Planning
  • Technology Partner
  • AntiVirus

Navigation

  • Chaos Tools AJAX Demo
  • Forums
  • Recent content

Skype Hackers Hijack Passwords

Submitted by gma on Mon, 11/19/2012 - 04:54

(Mathew Schwartz InformationWeek) Months after being notified of a vulnerability described as "child's play" to exploit, Skype has temporarily addressed the issue by disabling password resets.Despite Microsoft having been warned of the issue, for more than two months Skype has been vulnerable to a bug that enabled attackers to easily hijack any user's Skype account.

Details of the vulnerability were first published in August on an online Russian-language hacking forum. Tuesday, the same Russian hacking forum user posted an update, reporting that the flaw still hadn't been fixed

That finally led Skype Wednesday to acknowledge the security vulnerability and begin working on a fix. "Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address," wrote Skype Web quality assurance engineer Leonas Sendrauskas in a blog post. "We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience."

[ For more on Skype's security bugs, see Skype Bug Divulges IP Addresses. ]

Before Skype made that fix, using the vulnerability to hack into a Skype account was "child's play," according to Rik Ferguson, director of security research and communication at Trend Micro, writing in a blog post.

"The procedure is so simple it could be carried out by even the most inexperienced of computer users. All that was necessary was to create a new Skype ID, and associate it with the email address of your victim," he said. "Once this procedure is complete, a flaw in the password reset procedure allowed the attacker to assume control over the victim account by using the online password reset form. This would lock the victim out of their Skype account and allow the hacker to receive and respond to all messages destined for that victim until further notice. I tested the vulnerability and the entire process took only a matter of minutes."

Before Skype disabled password resets, Mikko Hypponen, chief research officer at F-Secure, noted that the only way to mitigate the vulnerability was to not use a known email address. "If you think somebody would be interested in hijacking your Skype account, change your email address to something the attacker can't guess," he said via Twitter.

But that fix would also have been only temporary. "This is not only security by obscurity, it could theoretically leave you more open to attacks as you are less likely to investigate regularly the inbox of such little-used addresses," said Trend Micro's Ferguson.

The time Microsoft took before issuing a Skype fix has drawn criticism, especially given Microsoft's very vocal campaigning for better sharing of vulnerability information. "I can't believe that it took Microsoft 2-3 months to figure out how to 'solve' the problem by temporarily disabling the reset functionality," tweeted The Grugq, who acts as a broker between vulnerability buyers and sellers.

This isn't the first Skype bug to come to light thanks to the attentions of Russian hackers. In April 2012, a Pastebin post revealed that with a few tweaks to the Skype application's registry keys, an attacker could use the Skype client to reveal the real name and IP address associated with any Skype username. While Skype quickly said that it would be preparing a patch, it had reportedly first been alerted to the bug in November 2010.

Read More - Click Here!

‹ Shred or Keep by Cena Block Sane up Smart Phone with XRAY Vision Can See Through Walls ›
  • Printer-friendly version
  • Log in to post comments
  • 1088 reads

News

  • News

References

  • Thunderbird
  • Outlook
  • Excel
  • Word
  • Access
  • General
  • Open Source
  • Mobile
  • Security
  • ShareWare
  • Site map
  • SEO News/Tips
  • Social Media

Search form

Copyright © 2004-2018 Active Technologies, LLC
Network Computer and Web Services provider
(Powered by active-technologies.com)

Tsection - Great places to visit on the net!

Viesearch - Life powered search

Search engine optimization