Vulnerability Development: Re: Skype 2.0.0.97 Major BUG

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: Skype 2.0.0.97 Major BUG

From: "Eliah Kagan" <degeneracypressure () gmail com>
Date: Fri, 19 May 2006 00:59:49 +0000

On 5/19/06, Dalibor Straka <dast () panelnet cz> wrote:

On Thu, May 18, 2006 at 10:46:47PM +0000, Eliah Kagan wrote:
> Why is this a security problem at all? This seems to be an intended
> behavior that doesn't carry any security risk.
>
> If an untrusted person is able to sign on with my Skype account, or
> access my Skype sessions once logged on, then my security is already
> compromised. And if such a person is *not* able to do this, then they
> cannot exploit the "bug" of which you speak.
>
> It seems that it would be a useful feature for Skype to provide alerts
> in both simultaneous sessions telling of what is going on, but I
> wouldn't call the absence of that feature a "security hole."
>

A warning message would be very appreciated and appropriate solution.


With that, I agree.

-Eliah

By Date By Thread

Current thread:

Skype 2.0.0.97 Major BUG Burak ŞEKERCİOĞLU (May 18)
- Re: Skype 2.0.0.97 Major BUG Eliah Kagan (May 18)
  - Re: Skype 2.0.0.97 Major BUG Dalibor Straka (May 18)
    - Re: Skype 2.0.0.97 Major BUG Eliah Kagan (May 18)
- Re: Skype 2.0.0.97 Major BUG Alice Bryson (May 18)