Skype XSS hole is harmless

Powered by SC Magazine
 

Exploit resembled another Skype attack.

Microsoft has squashed a claim by a German security researcher that Skype is vulnerable to cross site scripting (XSS) attacks.

The company said the exploit posted online in an advisory was benign.

Levent Kayan said the Skype client contained a persistent code injection vulnerability caused by a lack of input validation and output sanitisation of phone contact entry fields.

Kayan said it would allow an attacker to inject HTML or Javascript code into fields that were meant to contain names and phone numbers.

 

 

Skype said the attack was impossible because the vulnerable entry fields were not internet-accessible windows.

The vulnerability had credibility because Kayne last month released details of a similar high-profile exploit of the Skype client.

That attack allowed Skype contacts to be hijacked with a string of code injected into the mobile phone entry field. An attacker could run script on the victim’s machine and obtain their session ID and account details.

The flaw was fixed.

Copyright © SC Magazine, Australia


Skype XSS hole is harmless
 
 
 
Top Stories
ATO releases long-awaited Bitcoin guidance
Everyday investors escape the tax man.
 
Why the Weather Bureau’s new supercomputer is a 'gamechanger'
IT transformation starts to reap results.
 
Sydney Trains chief thinks beyond Opal
Plots app to help you find a seat on the train.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Run a small business in western Sydney?
Aug 15, 2014
This event might be of interest if you're looking to meet other people with a similar interest ...
Buying a tablet? Microsoft's Surface Pro 3 goes on sale this month
Aug 8, 2014
Microsoft has announced its Surface Pro 3 will go on sale in Australia on 28 August from ...
Apple's top MacBook Pro with Retina is now cheaper
Aug 1, 2014
Apple has updated its MacBook Pro range with faster processors and new pricing, including ...
Pass on carbon tax savings, warns ACCC
Jul 24, 2014
The ACCC is warning businesses that supply "regulated goods" to pass on any cost savings ...
Have customers that won't pay debts?
Jul 10, 2014
The ACCC and ASIC have updated their advice when it comes to collecting debts.
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  65%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  12%
 
Denial of service attacks
  8%
 
Insider threats
  12%
TOTAL VOTES: 400

Vote