• 21talks
• Telephony
• Over IP

Skype has a hole in its security system

The current Skype 2.0 and the newly released version 2.5 present a bug that could trigger file transfers from a website to a visitor. Automatically. A bug filed on yesterday (May 19) indicates that:

” An attacker who constructs a Skype URL that is malformed in a specific way can initiate the transfer of a single named file from one Skype user to another, provided that the sender follows the malicious link and that the recipient has previously authorized the sender.”

“The attack requires the targeted user to manually follow a specially crafted malformed link, such as on a web page.”

Only Windows users are on risk. But for Skype, the threat is only medium. “If a file transfer is started, it will be visible to the user and may be cancelled by the sender by selecting ‘Cancel’ in the normal way.” Everything’s fine? Maybe, although a virus could take less one millisecond to be downloaded.

May 20, 2006 | By Nuno

Tags: voip, voice+over+ip, voip+news, voice, voip+phone, tech, technology, broadband, dsl, adsl, internet, internet+telephony, broadband+telephony, voip+service, 3G, gsm, mobile, mobile+phone, cell+phone, cellphone, phone, messenger, softphone, im, instant+messaging, instant+messenger, ip, sip, internet+phone, software, network, wifi, wireless, wlan, wimax, wi-fi, hotspot, gtalk, google+talk, jabber, msn, skype, open+source, yahoo, skypeout, gizmo, business, security, bug, hack, hacking, hacker, virus,

- comments

• 
  • Stay in sync'
  • Full content
  • Content tagged VoIP
• 
  • Start a discussion ( * = required input)
  • * Your Text (be creative)
  • * Your Name
  • * Your Email
  • Your Website (if any)
• 
  • Share this post
  • Save it to Del.icio.us
  • Post it on Digg
  • Post it on StumbleUpon
  • Post it on Windows Live
  • Post it on TailRank

21talksTracking the telecoms evolution

• Home
• Internet telephony
• Voice over WLAN
• Email us