Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Bug Communications Security IT

Researcher Finds Dangerous Vulnerability In Skype 42

Posted by Soulskill from the so-we-blame-microsoft-right dept.
alphadogg writes "A security consultant has notified Skype of a cross-site scripting flaw that could be used to change the password on someone's account, according to details posted online. The consultant, Levent Kayan, based in Berlin, posted details of the flaw on his blog on Wednesday and notified Skype a day later. He said on Friday he hasn't heard a response yet. The problem lies in a field where a person can input their mobile phone number. Kayan wrote that a malicious user can insert JavaScript into the mobile phone field of their profile." Skype has confirmed the flaw, but calls it 'minor,' saying it only affects people who communicate with a potential attacker on a regular basis. A fix is planned for next week.
This discussion has been archived. No new comments can be posted.

Researcher Finds Dangerous Vulnerability In Skype More

Researcher Finds Dangerous Vulnerability In Skype

Comments Filter:

  • Skype doesn't care (Score:4, Insightful)

    by jtara ( 133429 ) on Friday July 15, 2011 @03:49PM (#36779330)

    Skype doesn't care. But maybe their new robot overlo.... er, Microsoft will.

    A friend of mine started harassing me with text messages after he "found" an iPhone on the floor of a bar (no, seriously! no, not a prototype...) and I wouldn't help him reset it. (Actually I did - I said "Google it, it's easy".

    I had to add a blocking service from ATT, but then he switched to bombing me SMS messages from Skype. So, I attempted to contact Skype to get it stopped. Ever try to contact Skype? Like, a live person on the phone? I never managed to figure that out, but at least I did manage to get some clueless person at Skype to email me.

    It turns out there is a standard for stopping unwanted SMS messages from 5-digit codes. (The messages came from Skype's 5-digit code). You text back STOP and they are supposed to stop sending you SMSs. Guess what? Skype doesn't bother.

    I went around and around with the clueless rep over email, and they basically told me "we can't do this, contact your carrier". I tried to explain that I'd already talked to a rep from the carrier, and they told it was Skype's responsibility to do this. I tried to tell them that their "STOP" system was broken/nonexistent. They just never "got it".

    Catch-22.

  • Re:Skype doesn't care (Score:3, Insightful)

    by mcmonkey ( 96054 ) on Friday July 15, 2011 @04:25PM (#36779694) Homepage

    Sounds the issue is your choice of "friends", not any technical issue with skype or SMS.

Slashdot Top Deals

On the eighth day, God created FORTRAN.

Close