Quantcast
  Facebook Connect Twitter Connect RSS Feeds
  • Brands
  • Search
  • Contact
Skype Vulnerability Allows Intruders, Fix Coming Soon

The popular Voice Over IP service, Skype, has a serious security issue that can allow a hacker to gain access into a contact’s account. The guy who discovered the serious flaw is Levent Kayan, and he claims that the vulnerability can even make the computer itself prone to a cyber attack.

The problem is based off a cross-site scripting vulnerability that enables hackers to embed JavaScript in the mobile phone field of the victims profile description.

Skype then fails to adequately filter the field, allowing the attackers contact logs to execute the JavaScript. This can easily cause cookies to be stolen (and cookies often contain important data such as usernames and passwords).

The affected Skype version is 5.3.0.120 (the current version) and Skype has since claimed that they are working on a patch to fix this vulnerability. The patch is expected to roll out next week, and fortunately, in order for information to be stolen, the hacker must be in your contact list.

If there was ever a time to delete that awkward computer geek’s screen name who sits in the corner in your Physics class, now is the time. Just kidding, but jokes aside, definitely be careful with how you use the Internet!

Photo Courtesy of athos
Photo Courtesy of reality