OnlySoftwareBlog

General discussion, news & views about Software

Posts Tagged ‘Skype’

Skype Finally Fixes Security Flaw In Its Software

November 15th, 2012

For over two months, there has existed a large security hole in video chatting and messaging service Skype. Until today, hackers could break into any Skype account with only the target’s email address.

Popular Website The Next Web first found mention of the flaw on Russian forums and have been able to replicate it on their own. The Next Web said it was shocking just how easy it was to break into one another’s accounts.

According to The Next Web, all they needed was the email address associated with the target’s account. With this email address in hand, a hacker could simply sign up for a new account with the target’s email address. After a few more “key steps,” the hacker could request a password change, thereby locking out the target from every account associated with that email address. Users could catch these hackers and prevent them from changing their passwords, but only if they acted very quickly. Once the hacker is in the account, they have access to the target’s user name, as well as their address book and contacts. Once the hacker changes the password for the account, these targets are then effectively locked out of their account.

Skype acknowledged the flaw this morning and said they were working to fix it.

“Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly,” said Skype in a statement to The Next Web.

Skype has also said they’ll be working with those users who were affected by the flaw.

Later in the day, Skype issued a new statement saying they had permanently fixed the security flaw. However, any Skype user concerned that their account may still be compromised is encouraged to change their email address associated with their account to a lesser-known, less frequently used address.

To change your email address, login to Skype. Then, click on the “Profile” link under the “account Details” heading, then scroll down to find “Contact Details.” From here, click “Add Email Address.” Add your new, relatively secret email address, then scroll to the bottom and click “Save.” Once this new email address is entered, scroll to the bottom once more and click “Edit.” Find your new email address and choose “Set As Primary Email” to set this address as the address associated with your account.

According to TG Daily, the Russian hackers who found this exploit warned Skype about it months ago. Yet, the company refused to make moves to fix the flaw until today.

Source:http://www.redorbit.com/news/technology/1112731845/skype-fixes-security-flaw-111412/

Comments Off »

Posted in Software News

Tags: Skype Software

Microsoft Unveils Skype Preview for Windows Phone 8

November 12th, 2012

Share

Software giant Microsoft on Sunday rolled out a preview version of the new Skype app for Windows Phone 8.

First announced on Oct 29 at the Windows 8 phone launch, the updated version of Skype is now available for free download from the Windows Phone website.

“Skype for Windows Phone 8 isn’t just about the design – we’ve built a completely new app from the ground up to be an important part of the Windows Phone experience,” Microsoft said on its official blog.

One of the main advantages of using the latest version is that the app will let users stay online without consuming the phone’s battery power phone through the cloud system. The user will be able to chat and receive notification of video calls even when the phone is locked.

“Skype notifications can be added to the lock screen to appear alongside missed calls, unread emails and text messages, so there’s no need to unlock your phone to check if you’ve missed a message or call in Skype,” Microsoft added.

The Windows Phone website said that all the features listed on Skype Preview for Windows Phone 8 may not function at the moment since Microsoft is still working on the app. The preview app can be downloaded only on Windows Phone 8. Apart from making video calls, Skype to Skype voice calls, users can also place calls to mobiles and landlines at a low cost.

Source:http://www.ibtimes.co.in/articles/403987/20121112/microsoft-skype-preview-windows-phone-8-free.htm

Comments Off »

Posted in Software News

Tags: Phone 8 Skype Software Windows

Skype slurping software threatens IP exposure

May 2nd, 2012

Share

Code posted online that can skim the last known IP address of users is being checked out by Skype as a possible security flaw.

The software, posted on Pastebin, works on a patched version of Skype 5.5 and involves adding a few registry keys that allow the attacker to check the IP address of users currently online without calling them. Services like Whois will then give some other details on the city, country, internet provider and/or the internal IP-address of the target.

“I’ve tested this and it does what it says on the tin,” blogged Nick Furneaux, MD of security researchers CSITech. “I was able to extract the external and internal IP’s of a friend in the US to within a few miles of his house, a buddy in Asia to within a few streets and my own to just a few miles down the road. More concerningly the internal IP combined with the internet facing address provides the basis for a direct probe and then attack of any individual on Skype’s global address book.”

He said a website had been set up to provide an easier way to exploit the IP tracking but that it hadn’t yet been checked out for malware. The site is down at present.

Before everyone panics, it is not clear if the problem affects the current corporate build of Skype or just the deobfuscated build mentioned in the posting. Skype, and presumably Microsoft given the amount of integration Redmond is planning with its code base, are no doubt hoping it’s the latter situation. In any case, simply turning off the software when you’re not using it minimizes any threat window.

“We are investigating reports of a new tool that captures a Skype user’s last known IP address,” Adrian Asher, director of product security at Skype told El Reg in an emailed statement. “This is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the safety and security of our customers and we are taking measures to help protect them.”