About three months ago I wrote about this critical vulnerability in skype support, but it has not been fixed yet (Already fixed) .
At once I will say that I do not fully know the vulnerability, but recently massive hijackings of accounts began.
To implement an attack, you only need to know the e-mail of the victim.
Proof-of-Concept
We register a new Skype account for the soap of the victim (there will be written a type for this soap already someone zaregen). Do not pay attention - fill in further.
We pass on the link and see the soap of the victim and the lists of logins registered for this soap. We also see our login.
Select the victim's login and change the password
PROFIT
At the mail, the victims of the letter appear in about the same order (partners and acquaintances sent screenshots of their mailboxes after hacking):
And other examples:Tyz
| | | Tyz
| | | Tyz
| | | Tyz
| | | Tyz
If you came to such letters - an excuse to be on the alert!
The only way to protect at the moment is to register a new email address unknown to anyone and change it through Website skype
The main e-mail account for the new one.
Attention!
To change through the program skype the main e-mail it is impossible! Only through the site!
Over the last week 10 people only from my contact list have been hacked using this vulnerability.
I want to warn everyone as soon as possible to protect themselves, because so far, Microsoft does not take any action, take care of your own safety.
UPD
There was a way (PoC), how to use the vulnerability: http://forum.xeksec.com/f13/t68922/#post98725
UPD2
Official comment from a Skype representative:
We have received reports of vulnerabilities in the Skype security system. For the security of our users, we temporarily disabled the password reset function, and we continue to explore this issue further. We apologize for the inconvenience, the safety of our users is our first priority.
Liked? Subscribe to RSS news! You can also support shram.kiev.ua, press:
It will not be superfluous for your friends to learn this information, share their article with them!
Expand / Collapse
Comments
When commenting on, remember that the content and tone of your message can hurt the feelings of real people, show respect and tolerance to your interlocutors even if you do not share their opinion, your behavior in the conditions of freedom of expression and anonymity provided by the Internet, changes Not only virtual, but also the real world.All comments are hidden from the index, spam is controlled.
Comments
When commenting on, remember that the content and tone of your message can hurt the feelings of real people, show respect and tolerance to your interlocutors even if you do not share their opinion, your behavior in the conditions of freedom of expression and anonymity provided by the Internet, changes Not only virtual, but also the real world. All comments are hidden from the index, spam is controlled.