Submission + - Skype update enables account theft (h-online.com)
suraj.sun writes: The recent update to Skype 5.5 for Windows contains a severe security vulnerability that allows attackers to get control of your Skype account, according to security expert David Vieira-Kurz. The update promises close integration with Facebook – for instance, you are to be able to track your Facebook friends' activities from your Skype client and even post wall messages from there. But it turns out that the process entails a real security risk, because the client executes JavaScript code in Facebook status messages without filtering.
Skype executes JavaScript code in Facebook comments without filtering Zoom In this way, an attackers can capture a Skype user's cookie, and hence that user's Skype session. The H's associates at heise Security were able to reproduce the problem.
H-online: http://www.h-online.com/security/news/item/Skype-update-enables-account-theft-1288403.html
Skype executes JavaScript code in Facebook comments without filtering Zoom In this way, an attackers can capture a Skype user's cookie, and hence that user's Skype session. The H's associates at heise Security were able to reproduce the problem.
H-online: http://www.h-online.com/security/news/item/Skype-update-enables-account-theft-1288403.html