Tuesday, March 19, 2024
Search
English
Optical Storage
Graphics Cards
General Computing
PC Parts
Digital Cameras
Consumer Electronics
Games
Mobiles
All News Categories
Older News
Optical Storage
Graphics Cards
General Computing
PC Parts
Digital Cameras
Consumer Electronics
Games
Cooling Systems
Mobiles
Software Reviews
Reviews Around the Web
Technology Previews
Essays
Interviews
Tech Views
Glossary
FAQ
Guides/How-To's
Firmware
Drivers
BIOS
Software
Media Tests
Drive Comparisons
DVD Media Formats
All Forums
Become Member
Today's Posts
Popular Topics
In-House
Optical Storage
Optical Storage Software
General
Consumer Electronics
Other
News Around The Web
Advertise
Links
Jobs
Site Map
News/Reviews Feed
Submit News
Polls
Competitions
Users' Privacy
Contact Us
About
Home
|
News
|
Reviews
|
Articles
|
Guides
|
Download
|
Expert Area
|
Forum
|
Site Info
Wednesday, November 14, 2012
Skype Tackles Hack Vulnerability (updated)
You are sending an email that contains the article
and a private message for your recipient(s).
Your Name:
Your e-mail:
* Required!
Recipient (e-mail):
*
Subject:
*
Introductory Message:
HTML/Text
(Photo: Yes/No)
(At the moment, only Text is allowed...)
Message Text:
Skype has suspended its password reset function after reports that the feature could be used to hijack the service's accounts.
The vulnerability, which emerged on a Russian blog about three months ago, could have exposed answerphone messages, old text message conversations and user details including date of birth.
Skype is looking into the problem.
"We have had reports of a new security vulnerability issue," said engineer Leonas Sendrauskas.
"As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologise for the inconvenience but user experience and safety is our first priority."
The hack involves using a victim's Skype-registered email address to create a new account which is also linked to an email account owned by the attacker.
If a password change is then requested using the target's username, the hijacker can access the resulting reset token via the Skype app itself using the newly-created bogus log-in.
The security hole was confirmed by The Next Web.
The news comes amid Microsoft's
efforts
to convince members of its Windows Live Messenger chat tool to switch to Skype.
Update
After temporarily removing the ability to reset passwords while it worked on a solution, Skype has now issued a fix for the security bug. The company also issued the following statement:
"Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience."
Home
|
News
|
All News
|
Reviews
|
Articles
|
Guides
|
Download
|
Expert Area
|
Forum
|
Site Info
Site best viewed at 1024x768+ -
CDRINFO.COM
1998-2024 - All rights reserved
-
Privacy policy
-
Contact Us
.