Skype security flaw found

By Derek Sooman on May 30, 2006, 3:35 PM
Security-Assessment.com, an Australian security firm, has revealed the existence of a flaw in a Skype URI (Uniform Resource Identifier) type that could potentially allow hackers to make file transfers on affected machines. In order to prevent malware writers from successfully exploiting this flaw, and creating relevant malware, Security-Assessment.com worked with Skype to find a solution to the problem first, before the flaw could be exploited; news was kept quiet until a solution was found. Skype seemingly have a patch now.

The flaw is not that easy to exploit. Seemingly, in order for an attack based on the flaw to be carried out, an attacker must authorise the target on his or her contact list, which doesn't require authorisation from the target, and then get the target to visit a website under the attacker’s control. Further to this, the attacker must also know the location of whatever files he or she wants from the victim's machine. Perhaps this might be used to read the user's Skype config file, or to gain access to some operating systems files that could facilitate further attacks.

More information may be found here.




User Comments: 3

Got something to say? Post a comment
DragonMaster said:
Mainstream = Flaws easily found. Either it's because it's poorly written OR there's a lot of people using it so it's easier to find flaws.
nathanskywalker said:
So, basically as long as you utilize common sense you should be ok. And scince the fixed it anyway, i guess it's not real big deal.
canadian said:
Still, runng Skype is safer than running windows.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.