Threat Level: Infocon green

ISC Diary

Refresh Latest Diaries



advertisement
Diary Advertisement
Use Discount Code SANSFIREISC10 when registering to get a 10% discount!!

Skype account hijack vulnerability fixed

Published: 2012-11-14,
Last Updated: 2012-11-14 21:33:31 UTC
by Jim Clausing (Version: 1)

0 comment(s)

The folks over at Microsoft (who now owns Skype) fixed a bug earlier today that potentially would have allowed anyone to hijack a Skype account simply by knowing the e-mail address the account was associated with.  Apparently the vulnerability was found at least 3 months ago by a Russian researcher who claims that many users were affected.  I'm not aware of any procedures in place to reclaim a Skype ID that was hijacked, but if anyone knows of one please let us know either by leaving a comment or contacting us via the contact page.  Trend Micro[1] has a pretty good writeup, so I won't rehash the whole thing here and Microsoft has responded[2].

References:

[1] http://countermeasures.trendmicro.eu/skype-vulnerability/

[2] http://heartbeat.skype.com/2012/11/security_issue.html

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

Keywords: hijack Skype
0 comment(s)
Top of page
November 2012 OUCH! - Two-Factor Authentication http://www.securingthehuman.org/resources/newsletters/ouch#2012
ISC StormCast for Wednesday, November 14th 2012 http://isc.sans.edu/podcastdetail.html?id=2941

Comments

Please choose a specific diary above to comment

Diary Archives

Top of page
site/port/ip search:

Announcement!

IPv6 Support Added

Our iptables client now supports submitting IPv6 firewall logs.

Get ISC Swag!!

Advertisement

Security News Feeds

InternetStormCenter
SANS Newsbites
SANS @Risk

Diary Archives

Privilege escalation, why should I care? - by: Adrien de Beaupre (2013-05-22)

Moore, Oklahoma tornado charitable organization scams, malware, and phishing - by: Adrien de Beaupre (2013-05-21)

Ubuntu Package available to submit firewall logs to DShield - by: Johannes Ullrich (2013-05-20)

View Diary Archives

Search Diaries:

SANS Institute

View our Privacy Policy

Contact Us

Phone: (757) SANS-ISC (726-7472) - Voice Mail Only
Web Contact: handlers@isc.sans.edu
Report Bugs: Sourceforge Project
Debug Info: Browser Debug Info

"The experiences gained in the SANS Technology Institute program have helped me advance in IBM, taking a more public facing role."
- Jerome Radcliffe, SANS Technology Institute Student

"SANS is a 'giving back to the community factory.' SANS encourages and fosters growing security awareness and growing the security community."
- Rob VandenBrink, Alumni of SANS Technology Institute