Skype XSS hole is harmless

Powered by SC Magazine
 

Exploit resembled another Skype attack.

Microsoft has squashed a claim by a German security researcher that Skype is vulnerable to cross site scripting (XSS) attacks.

The company said the exploit posted online in an advisory was benign.

Levent Kayan said the Skype client contained a persistent code injection vulnerability caused by a lack of input validation and output sanitisation of phone contact entry fields.

Kayan said it would allow an attacker to inject HTML or Javascript code into fields that were meant to contain names and phone numbers.

 

 

Skype said the attack was impossible because the vulnerable entry fields were not internet-accessible windows.

The vulnerability had credibility because Kayne last month released details of a similar high-profile exploit of the Skype client.

That attack allowed Skype contacts to be hijacked with a string of code injected into the mobile phone entry field. An attacker could run script on the victim’s machine and obtain their session ID and account details.

The flaw was fixed.

Copyright © SC Magazine, Australia


Skype XSS hole is harmless
 
 
 
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Pass on carbon tax savings, warns ACCC
Jul 24, 2014
The ACCC is warning businesses that supply "regulated goods" to pass on any cost savings ...
Have customers that won't pay debts?
Jul 10, 2014
The ACCC and ASIC have updated their advice when it comes to collecting debts.
Carpet cleaner faces court over online testimonials
Jul 4, 2014
The ACCC has initiated proceedings against A Whistle (1979) Pty Ltd, the franchisor of Electrodry...
You can now get 15GB of free online storage using Microsoft OneDrive
Jun 25, 2014
Cloud storage has reached both the capacity and price where it's a viable alternative to local ...
Another clever trick you can perform with Xero
Jun 25, 2014
Here is another way to reach out to particular subsets of your customers using Xero.
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  21%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1068

Vote