Skype disables password reset after security flaw exposed
- 14 November, 2012 20:31
Microsoft has disabled the option for users to reset their Skype passwords after security experts uncovered a serious flaw in the software that allowed anyone who knows your email address to hack your Skype account.
The vulnerability allowed people to sign up to Skype with email addresses already in use by others and then force password resets for accounts associated with that address in order to gain access to your account. Basically, anyone who knew your email address could sign up for a new Skype account with it and then reset the password for your current account, thus hacking in.
The exploit first appeared on several Russian forums, and has been actively exploited since, Costin Raiu, a senior security researcher at Kaspersky Lab, said in a blog post. To protect against this vulnerability, Raiu advises that users change the email address associated with their Skype account to a new, never-before-used address.
Rik Ferguson, director of security research & communication at Trend Micro, explainedhow easy it was to hack into someone's Skype account: "In essence the procedure is so simple it could be carried out by even the most inexperienced of computer users. [...]This would lock the victim out of their Skype account and allow the hacker to receive and respond to all messages destined for that victim until further notice. I tested the vulnerability and the entire process took only a matter of minutes."
Skype also said in a statement that it is aware of the new security vulnerability issue. "As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the inconvenience but user experience and safety is our first priority," the statement said.
- MSP Guides for effective Endpoint Management Solutions
- Smart Cloud: Move Beyond monitoring to Holistic Management of Application Performance
- McAfee Whitepaper: Building the Business Case for Privacy
- Cloud and Co-Location Solutions
- Modernizing Security for the Small and Mid-Sized Business – Recommendations for 2013 (Sponsored by McAfee)
- CITRIX SYNERGY ’13: Look beyond Cloud infrastructure, says Liang
- CITRIX SYNERGY ’13: Christiancen highlights the need for collaboration
- CITRIX SYNERGY ’13: Devices will change how people work, says Duursma
- Are we ready for a mobile-first world?
- Smartphone chips could replace server processors in HPC, researchers say
Attack on Telenor was part of large cyberespionage operation with Indian origins: report
Box buys iOS app to improve its own
Growing mobile malware threat swirls (mostly) around Android
Barracuda Networks raises free capacity of Copy.com to 15GB
Coke gives peace a chance ( +16 photos)