Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Skype vulnerability or feature

from [s-williams] Network Security [Permanent Link]
Subject: Re: Skype vulnerability or feature
Date: Sun, 30 Jul 2006 21:46:32 +0000 
That is some got finding I would hope the did'nt make this a faeture cause that 
is more of a flaw if any. Have you tried dearching to net to see if anyone has. 
The same finding if not try to contact them
Sent via BlackBerry from T-Mobile  

-----Original Message-----
From: Chroot <chrooted@gmail.com>
Date: Sun, 30 Jul 2006 12:17:01 
To:pen-test@securityfocus.com
Subject: Skype vulnerability or feature

Hi,

I was fiddling a little bit with Skype when I discovered that I could
login at the same time from two different terminals unlike other
messengers such as MSN. In such a scenario if someone gets hold of
your skype identity you would never know and he might just successfuly
abuse your account again and again.

Other things that I noticed were that an attacker would be able to
accept calls directed to the authentic user. For e.g. the ring comes
on both the terminals the user who accepts the call first get access
while the second one gets missed call notification.

I've not tested another issue thoroughly but once I was also able to
get the text communnications simultaneously on both the terminals.
This could be a serious issue if I could test that again.

Last thing, does Skype know about this? I'll be surprised if they
don't. What do people feel on the list about this? Did Skype introduce
this as a feature? If yes, then I would say probably its a bad
feature.

Looking forward to some discussion/light on this topic.

Thanx.

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE), Bob Foxworth
Next by Date:  Re[2]: What is being a pen tester really like?, Javier O. Augusto
Previous by Thread:  Skype vulnerability or feature, Chroot
Next by Thread:  Re: Skype vulnerability or feature, Shreyas Zare
Indexes:  [Date] [Thread] [Top] [All Lists]