Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Microsoft has squashed a claim by a German security researcher that Skype is vulnerable to cross site scripting (XSS) attacks.
The company said the exploit posted online in an advisory was benign.
Levent Kayan said the Skype client contained a persistent code injection vulnerability caused by a lack of input validation and output sanitisation of phone contact entry fields.
Kayan said it would allow an attacker to inject HTML or Javascript code into fields that were meant to contain names and phone numbers.
Skype said the attack was impossible because the vulnerable entry fields were not internet-accessible windows.
The vulnerability had credibility because Kayne last month released details of a similar high-profile exploit of the Skype client.
That attack allowed Skype contacts to be hijacked with a string of code injected into the mobile phone entry field. An attacker could run script on the victim’s machine and obtain their session ID and account details.
The flaw was fixed.
Copyright © SC Magazine, Australia
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.
