Sunday, April 15, 2012
Skype 5.5 update contains Facebook Integration Vulnerability.
Now a days,Skype 5.5 is famous due to its direct integration with Facebook.Skype users having account on facebook use some of its functionality.This includes post on wall,comments,status updates or seeing which friend is online on the social networking websites.
Skype integration with facebook allows a serious vulnerability known as session hijacking and various other types of vulnerability founded by David Vieira-Kurz a famous Security-Researcher.
This type of attack uses wall posts which is actually a snippets of code.So,when normal user check its wall post and click on link,their Session has been hijacked.This attack is persistent b/z logging off and on doesn't invalidated the facebook session period.
User's who want this update should wait until skype latest release remove this vulnerability.If you already installed this update,Just remove skype integration from Facebook privacy settings.
David Vieira-Kurz has demonstrated a proof in his video:
http://www.youtube.com/watch?feature=player_embedded&v=IrOyCEdqBOg
Now a days,Skype 5.5 is famous due to its direct integration with Facebook.Skype users having account on facebook use some of its functionality.This includes post on wall,comments,status updates or seeing which friend is online on the social networking websites.
Skype integration with facebook allows a serious vulnerability known as session hijacking and various other types of vulnerability founded by David Vieira-Kurz a famous Security-Researcher.
This type of attack uses wall posts which is actually a snippets of code.So,when normal user check its wall post and click on link,their Session has been hijacked.This attack is persistent b/z logging off and on doesn't invalidated the facebook session period.
User's who want this update should wait until skype latest release remove this vulnerability.If you already installed this update,Just remove skype integration from Facebook privacy settings.
David Vieira-Kurz has demonstrated a proof in his video:
http://www.youtube.com/watch?feature=player_embedded&v=IrOyCEdqBOg
