Feeds

back to article Skype fixes flaw that let anyone with your email address hijack you

Skype said it has resolved a password reset bug that made it possible to hijack accounts held with the VoIP service simply by knowing an email address. The vulnerability, which was simple to abuse, first surfaced on a Russian underground forum three months ago before going mainstream when it appeared on Reddit early on Wednesday …

COMMENTS

This topic is closed for new posts.
awn

1. habrahabr.ru is not a "underground forum", but very known Russian IT-related site.

2. The vulnerability was not "first surfaced on a Russian underground forum three months ago". It was posted to the Habrahabr at the late night 13 Nov (23:49).

3. "Three months" is the time, how long Skype/Microsoft know about this vulnerability.

Cite from original (http://habrahabr.ru/post/158545/ , Russian), just the very 1st sentence from article:

"Месяца три назад я писал об этой критической уязвимости в skype support, но она до сих пор не исправлена."

that means

"About three months ago I reported this critical vulnerability to skype support, bit it isn't fixed even now."

8
0
Silver badge
Unhappy

Skype's getting too annoying

As a precaution I tried to change my profile's e-mail address to an unknown disposable one, but it didn't allow me to (I suppose to stop this exploit).

Meanwhile Skype itself for the Mac auto-upbloated to version 6 and the main additions were allowing logins with Passport IDs and that god-awful flat icon design. It hasn't come out for Windows yet but when it does you might understand why I decided to go back to version 4.2 for Windows and version 2.8 for Mac.

0
0
Gold badge

Re: Skype's getting too annoying

I would be very interested in downgrading too - preferably to a version that does not include Skype Home or the support for the marketing crap you now see showing up occasionally. Time to research using SIP instead..

0
0
Silver badge

Re: Skype's getting too annoying

"I decided to go back to version 4.2 for Windows"

Skype v4.x stopped working for me some time back. It linked up and pretended to work, but calls wouldn't connect properly and was 'buggy' all round.

Skype v5.x worked normally. I presumed at the time they forceably stoped v4 from working due to its handling of advertisements, and ability to make them go away. With v5, you have no choice, you WILL get an ad of some flavour, one way or another.

0
1
Silver badge

Re: Skype's getting too annoying

I haven't called with Skype 4.2, if it doesn't work I'll have to go back to the latest (or maybe one of the earlier version 5s).

If anyone's interested they can find it on http://www.oldapps.com.

0
0
Anonymous Coward

Re: Skype's getting too annoying

or on filehippo which is excellent for prior versions of many softwares, go to this link and the old versions are available in the right side of the page... http://www.filehippo.com/download_skype/

0
0
Bronze badge
FAIL

"Skype FIXES flaw"?

Judging from what I've been reading lately, Skype is a flaw.

1
1
Anonymous Coward

Re: "Skype FIXES flaw"?

It was created by Estonians, bought by eBay and then sold to Microsoft. Not surprised by all of the flaws.

1
0
This topic is closed for new posts.