Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Skype account hijack vulnerability fixed - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Skype account hijack vulnerability fixed

The folks over at Microsoft (who now owns Skype) fixed a bug earlier today that potentially would have allowed anyone to hijack a Skype account simply by knowing the e-mail address the account was associated with.  Apparently the vulnerability was found at least 3 months ago by a Russian researcher who claims that many users were affected.  I'm not aware of any procedures in place to reclaim a Skype ID that was hijacked, but if anyone knows of one please let us know either by leaving a comment or contacting us via the contact page.  Trend Micro[1] has a pretty good writeup, so I won't rehash the whole thing here and Microsoft has responded[2].

References:

[1] http://countermeasures.trendmicro.eu/skype-vulnerability/

[2] http://heartbeat.skype.com/2012/11/security_issue.html

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

Jim

402 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!