Hi frenzz...
worlds knwn messenger site Skype is in XSS vulnerability..
A researcher from Georgia found that belonging to the Internet communications service Skype network resources - shop.skype.com and api.skype.com - exposed flaws that allows a potential attacker to use cross-site scripting execution (XSS).As follows from the above address, the dangers are especially numerous customers shop the official Skype, where you can buy as logical products (various additions to the software) and physical (headphones, microphones, webcams, etc.). For the site of application programming interfaces (API) such incidents and not particularly desirable. Due to the high attendance and notoriety is a fragile resource base identified a flaw classified as representing a high degree of risk.The purpose of a possible XSS-attack in this case may be the browser's cookies - cookie. If an attacker can somehow force the user to click on specially crafted link, and successfully exploit the vulnerability, the attacker can gain unauthorized access to the current session of the site and steal authentication information, account, thereby acquiring full control over someone else's account.It is reported that information about the flaw was transferred to the staff Skype, which, in turn, redirect the notification to the facility to counter security threats Microsoft. It is this division is now responsible for solving problems related to the popular communication service. At the moment the resource api.skype.com does not work (visitors are greeted by a 404 to be exact), while the Skype Shop Shop operates in normal mode. Perhaps, the site of application programming interfaces just being technical work to eliminate the vulnerability.Skype is one of the most popular instant messaging, audio and video calls. The size of his audience in the hundreds of thousands of users, of course, such a customer base is of interest to cybercriminals (even taking into account the fact that not all participants are ancillary services such as the official magazine).
News PartnerFilled Under:
vulnerability
0 comments:
Post a Comment