Any Skype account can be hijacked with just an email address, Microsoft already on the case

[nsane.forums]

Using a simple method it was possible to hijack any Skype account with just the email address of the account holder, causing serious security concerns. The Skype team are currently on the case.

File this under pretty damn serious: Russian hackers have found a way to access any Skype account and take full control using just an email address, and the methods used were confirmed to be still working by The Next Web when they tested the exploit for themselves. The method in question can lead to the hijacker changing the password on a Skype account which has been accessed, and then the original owner would no longer have control.

For the moment, Skype has disabled password resets, which was one of the major steps to full control of a hijacked account. If you are paranoid about your account anyway, you can follow these steps to change your email address:

• Go to skype.com and log in
• Go to your profile and add a new email address that a hacker wouldn't be able to guess
• Click Save, then click Edit again and set the address as Primary
• Click Save, enter your password, click (specifically) the Enter button
• Delete your old email address from Skype

One of the big issues with this security flaw is that Skype stores full conversation histories in the cloud, so a person with malicious intent could hijack an account to look through private and personal conversations. It appears as though the hacking method is being addressed as we type, with Microsoft releasing the following statement (via The Verge):

We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the inconvenience but user experience and safety is our first priority

Expect a full statement on the cause of the issue sometime soon.

View: Original Article

[DKT27]

Microsoft fixes Skype account hijack issue

Microsoft has announced it has now fixed a reported issue in its Skype service, which briefly allowed anyone to hijack a Skype account using a simple email method.

As we reported previously, a major security flaw was discovered earlier this morning on Microsoft's Skype VoIP service, which allowed anyone to obtain a Skype account password via email, and thus hijack any Skype account. Microsoft has now announced this issue has now been fixed.

In a post on the Skype Heartbeat blog, the company's Leonas Sendrauskas stated:

Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience.

Even though Skype and Microsoft have said they have fixed this particular exploit, we would definitely recommend that all Skype users change their passwords immediately just in case.

View: Original Article

[chlorophyll]

nice counter articel D

[DKT27]

nice counter articel D

I'll call it a follow up article. ;)

[liverpal]

I just sigh reading this! hmmm....