Network Security Notes: Network Security News: Be Aware of Dangerous vulnerability in Skype
Skype is a software application that allows users to make voice and video calls and chats over the Internet. Calls to other users within the Skype service are free, while calls to both traditional landline telephones and mobile phones can be made for a fee using a debit-based user account system. Skype has also become popular for its additional features which include instant messaging, file transfer, and video conferencing. Skype has 663 million registered users as of 2010. The network is operated by Skype Limited, which has its headquarters in Luxembourg. Most of the development team and 44% of the overall employees of Skype are situated in the offices of Tallinn and Tartu, Estonia.
Unlike other VoIP services, Skype is a peer-to-peer system rather than a client–server system, and makes use of background processing on computers running Skype software; the original name proposed – Sky peer-to-peer – reflects this.
Some network administrators have banned Skype on corporate, government, home, and education networks, citing reasons such as inappropriate usage of resources, excessive bandwidth usage, and security concerns.
On 10 May 2011, Microsoft Corporation agreed to acquire Skype Communications, S.à r.l for US$8.5 billion. The company is to be incorporated as a division of Microsoft, and Microsoft will acquire all of the company's technologies, including Skype, with the purchase.
Registered users of Skype are identified by a unique Skype Name, and may be listed in the Skype directory. Skype allows these registered users to communicate through both instant messaging and voice chat. Voice chat allows telephone calls between pairs of users and conference calling, and uses a proprietary audio codec. Skype's text chat client allows group chats, emoticons, storing chat history, offline messaging (since version 5) and editing of previous messages. The usual features familiar to instant messaging users — user profiles, online status indicators, and so on — are also included.
The Online Number, a.k.a. SkypeIn, service allows Skype users to receive calls on their computers dialled by conventional phone subscribers to a local Skype phone number; local numbers are available for Australia, Belgium, Brazil, Chile, Colombia, Denmark, the Dominican Republic, Estonia, Finland, France, Germany, Hong Kong, Hungary, Ireland, Italy, Japan, Mexico, New Zealand, Poland, Romania, South Africa, South Korea, Sweden, Switzerland, the Netherlands, the United Kingdom, and the United States. A Skype user can have local numbers in any of these countries, with calls to the number charged at the same rate as calls to fixed lines in the country.
Video conferencing between two users was introduced in January 2006 for the Windows and Mac OS X platform clients. Skype 2.0 for Linux, released on 13 March 2008, also features support for video conferencing. Version 5 beta 1 for Windows, released 13 May 2010, offers free video conferencing with up to five people.
Skype for Windows, starting with version 3.6.0.216, supports "High Quality Video" with quality and features, e.g., full-screen and screen-in-screen modes, similar to those of mid-range videoconferencing systems.[14] Skype audio conferences currently support up to 25 people at a time, including the host.
Skype does not provide the ability to call emergency numbers such as 911 in the United States and Canada, 999 in the United Kingdom and many other countries, 111 in New Zealand, 000 in Australia, or 112 in Europe. The U.S. Federal Communications Commission (FCC) has ruled that, for the purposes of section 255 of the Telecommunications Act, Skype is not an "interconnected VoIP provider". As a result, the U.S. National Emergency Number Association recommends that all VoIP users have an analog line available as a backup.
In 2011, Skype partnered with Comcast to bring its video chat service to Comcast subscribers via their HDTV sets.
Be Aware of Dangerous vulnerability in Skype
According to NetworkWorld posted on 15 July 2o11, Researcher found dangerous vulnerability in Skype. A security consultant has notified Skype of a cross-site scripting flaw that could be used to change the password on someone's account, according to details posted online.
The consultant, Levent Kayan, based in Berlin, posted details of the flaw on his blog on Wednesday and notified Skype a day later. He said on Friday he hasn't heard a response yet.
The problem lies in a field where a person can input their mobile phone number. Kayan wrote that a malicious user can insert JavaScript into the mobile phone field of their profile.
When one of their contacts comes online, the malicious user's profile will be updated, and the JavaScript will be executed when the other contact logs in. Kayan wrote that the other person's session could be hijacked, and it may be possible to gain control of that person's computer. An attacker could also change the password on someone's account.
There are some mitigating factors, such as that the attacker and victim must be friends on Skype. Also, the attack may not immediately execute when the victim logs in. Kayan said he noticed the behavior happened only after the victim logged in several times. But he said in an e-mail that once it happens the first time, "it happens with each re-login."
Skype should be checking the input into the mobile phone field and validating that it is indeed a phone number and not executable code. The problem affects the latest version of Skype, 5.3.0.120, on Windows XP, Vista and 7 as well as Mac OS X operating system.
Other sites you may want to see:
Entertainment on Flixya: http://visalittleboy.flixya.com/
WWE: http://visa-wwe.blogspot.com/
The Kingdom of Wonder: http://welcome2cambodia.blogspot.com/
Daily Blogging: http://visablogging.blogspot.com/
Love Sharing: http://visa-love.blogspot.com/
NetworkSecurity: http://networksecuritynotes.blogspot.com/
About Insurance:http://visa-insurance.blogspot.com
All about Love: http://visa-love.blogspot.com/
Learning English Online: http://visa-elb.blogspot.com/
Discovery Internet: http://visa-isp.blogspot.com/
0 comments:
Post a Comment