Vulnerability Development: Re: Skype 2.0.0.97 Major BUG

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: Skype 2.0.0.97 Major BUG

From: Dalibor Straka <dast () panelnet cz>
Date: Fri, 19 May 2006 02:56:34 +0200

On Thu, May 18, 2006 at 10:46:47PM +0000, Eliah Kagan wrote:

Why is this a security problem at all? This seems to be an intended
behavior that doesn't carry any security risk.

If an untrusted person is able to sign on with my Skype account, or
access my Skype sessions once logged on, then my security is already
compromised. And if such a person is *not* able to do this, then they
cannot exploit the "bug" of which you speak.

It seems that it would be a useful feature for Skype to provide alerts
in both simultaneous sessions telling of what is going on, but I
wouldn't call the absence of that feature a "security hole."


A warning message would be very appreciated and appropriate solution.

-- Dalibor Straka

By Date By Thread

Current thread:

Skype 2.0.0.97 Major BUG Burak ŞEKERCİOĞLU (May 18)
- Re: Skype 2.0.0.97 Major BUG Eliah Kagan (May 18)
  - Re: Skype 2.0.0.97 Major BUG Dalibor Straka (May 18)
    - Re: Skype 2.0.0.97 Major BUG Eliah Kagan (May 18)
- Re: Skype 2.0.0.97 Major BUG Alice Bryson (May 18)