ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Skype + Facebook = critical security vulnerability

By | August 1, 2011, 9:36am PDT

Summary: Skype’s integration with Facebook is being touted as “the best of both worlds” but the new Skype 5.5 for Windows update contains a highly-critical security flaw that allows Skype session hijacks or even full system compromise.

Skype’s integration with Facebook is being touted as “the best of both worlds” but the new Skype 5.5 for Windows update contains a highly-critical security flaw that allows Skype session hijacks or even full system compromise.

follow Ryan Naraine on twitter

According to an advisory posted at secalert.net, an attacker can exploit a system even if the victim is not a Facebook friend or a Skype contact.

Details on the vulnerability are being kept under wraps but The H Security says they were able to reproduce the issue. The Skype security blog has not yet acknowledged the flaw.

A video demo is available:

UPDATE (2:00 PM Eastern):  Here’s a statement from Skype CSO Adrian Asher:

“The newly reported Cross Site Scripting (XSS) vulnerability that allows your Facebook stream to pop-up messages or redirect you to other Web sites is actually an issue that was fixed recently by an update deployed to users. All affected users should already be protected. Skype users do not need to install any updates for this fix to take effect.”

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Skype Technologies S.A., Security Issue, Mobile Security, Security, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

25
Comments
Add Your Opinion

Join the conversation!

0 Votes
+ -
RE: Skype Facebook = critical security vulnerability
FuzzyBunnySlippers 1st Aug
Fixed. Good catch.
0 Votes
+ -
RE: Skype Facebook = critical security vulnerability
lovedong 13th Sep
snagging, thanks ! replica watches
0 Votes
+ -
RE: Skype Facebook = critical security vulnerability
reginebautista 7th Nov
freepuzzlegameonline.com / full-house-design.com

Free Puzzle Games
House Design
0 Votes
+ -
Message has been deleted.
FourLeaf1 Updated - 3rd Aug
0 Votes
+ -
RE: Skype Facebook = critical security vulnerability
user202 23rd Sep
Skype with Facebook integration seemed pretty awesome at the time of its release hotel
0 Votes
+ -
RE: Skype Facebook = critical security vulnerability
monstertricks 8th Oct
@FourLeaf1 skype should goon a HCG Diet Plan
0 Votes
+ -
RE: Skype Facebook = critical security vulnerability
AdanaLy 26th Aug
dasdfasdfdsa
0 Votes
+ -
RE: Skype Facebook = critical security vulnerability
321myuser 28th Aug
The more poplular software or website is, the more vulnerabilities it is going to have, simply because of the higher number of people spending their time to hack it, comparing to something less popular that presents a lesser prize.
Internet Marketing Services
0 Votes
+ -
RE: Skype Facebook = critical security vulnerability
toby juggles 7th Oct
@321myuser A top quality online search engine optimisation program could have several key components which get an individual/firm up to speed. Things such as link building, Meta tags and also the appropriate thickness involving keywords and phrases are all essential items that must be resolved. Although these are not since widespread right now, that they nonetheless constitute the basic foundation upon which just about any study course aimed at search engine marketing training needs to be based upon. The value of other has a bearing on for instance appropriate niche research, social media marketing, article marketing and utilizing the correct anchor text have all be crucial that you modern day marketer needs with seo experts academy course.
0 Votes
+ -
RE: Skype Facebook = critical security vulnerability
neo61322 7th Sep
This is an excellent article. The following publish supplies genuinely high quality info. My spouse and i?meters bound to check in it. Truly extremely helpful points are given listed here. Many thanks a great deal. Carry on favorable functions. vintage snapback hats best solid state drive
0 Votes
+ -
RE: Skype Facebook = critical security vulnerability
MAGENs 7th Sep
This is a really good read for me. Must admit that you are one of the best bloggers I have ever read. Thanks for posting this informative article. baby gifts for boys baby gifts for girls
0 Votes
+ -
RE: Skype Facebook = critical security vulnerability
LUCINDe 7th Sep
I like the article you wrote here; it is very informative and useful for the internet users like me. I will come back to read more blog posts on your website and I have bookmarked your website as well Thank You know style clothing store girls clothing stores online
0 Votes
+ -
RE: Skype Facebook = critical security vulnerability
MACKENZI 10th Sep
I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate! nccma cooler
0 Votes
+ -
RE: Skype Facebook = critical security vulnerability
MARAGARET 11th Sep
I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post. this thread is amazing i like your work and i appreciate you that you have share a useful stuff thanks for sharing the i shop abatwa
0 Votes
+ -
RE: Skype Facebook = critical security vulnerability
RHIANNONA 12th Sep
I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post.Bookmarking now thanks please consider a follow up post. power sa shop
0 Votes
+ -
RE: Skype Facebook = critical security vulnerability
SATURNINA 13th Sep
I think the representation of this article is actually superb one. This is my first visit to your site. Thanks a lot and keep sharing the information. Keep updating the information for all of us. Thanks ZDNet Government was launched as the brand's first industry vertical, with a mission to cater to IT professionals in the public secto I agree with your post. However, do you have any sources I can cite for my paper wheel car com bury
0 Votes
+ -
RE: Skype Facebook = critical security vulnerability
sirnem 20th Sep
m2 pvp serverlar tan??t??m?? pvp serverler mt2 private servers metin2 pvp serverler metin2 games metin2 pvp serverlar
mt2 pvp servers pvp metin2 online games mt2 pvp m2 games servers metin2
private servers mt2 private server m2 private online game metin 2
g??zel s??zler roms guzel sozler
face 100 ifadeleri yemek tarifleri yemek tarifleri face guncel news face t He Facebook land facebook
games hiller metin2 hile games dowland metin2 indir

chat
mynet
sex
sex hikayeleri
0 Votes
+ -
nice site
user202 23rd Sep
Skype with Facebook integration seemed pretty awesome at the time of its release hotel
0 Votes
+ -
RE: Skype Facebook = critical security vulnerability
TOCCAR 25th Sep
Well welcome, hopefully you can become a vital member of the community and really help to push far ahead of google. Which Im sure the development team would love. This will of course earn you alot points too and get you on the leaders board. z d n e t t h a n k Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas.
0 Votes
+ -
RE: Skype Facebook = critical security vulnerability
CLAUDET 25th Sep
This is my first visit to z d n e t site. Thanks a lot and keep sharing the information. Keep updating the information for all of us.how can i clean up, because i don???t know why it seems my skeen has to fat i get the glasses dirty every day.i search y a h o o Very good quality indeed. I surely recommend it. The template used in their site is also great.
0 Votes
+ -
RE: Skype Facebook = critical security vulnerability
MEJIAHA 29th Sep
Fantastic news about the new release.I positively enjoying each little bit of it and I have you b o o k m a r k e d to check out new stuff you weblog post.Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas
0 Votes
+ -
RE: Skype Facebook = critical security vulnerability
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.
0 Votes
+ -
try me
juvysan1234 14th Oct
best food for all |
cheap hotels near disneyland |
printable real estate forms |
free printable rental lease agreement |
0 Votes
+ -
RE: Skype Facebook = critical security vulnerability
Lavlas 4th Nov
Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage. You will also need BlackBerry Unlock Codes. I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix