Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 05, 2016, 08:27:13 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Skype Ignores e-Bay Vulnerability In Client Software  (Read 1914 times)

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Skype Ignores e-Bay Vulnerability In Client Software
« on: September 04, 2008, 07:37:31 PM »
Skype refuses to acknowledge a vulnerability in their client software that can allow an attack to hijack the victims e-Bay account.

Screenshot - 5_09_2008 , 10_37_08 AM_thumb.png


Quote
One day last month, when Klaus Zimmerman tried to log into his Skype account, he got an error message indicating his username and password didn't match. Concerned something was awry, Zimmerman, a computer repairman living in Wexford County, Ireland, phoned his brother and asked him to check his online status.

"I saw you on earlier, but your picture was gone," the brother reported. "You're now listed as living in Germany." On top of that, the person logged in was no longer answering the brother's queries.

Full Story

Ehtyar.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 7,713
    • View Profile
    • The Blog of Deozaan
    • Read more about this member.
    • Donate to Member
Re: Skype Ignores e-Bay Vulnerability In Client Software
« Reply #1 on: September 15, 2008, 01:00:52 AM »
I don't understand how someone hijacking a Skype account will suddenly have access to eBay and PayPal accounts.


Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Skype Ignores e-Bay Vulnerability In Client Software
« Reply #2 on: September 15, 2008, 01:14:37 AM »
As eBay owns Skype, they allow you to use single-signon with Skype to access your eBay account. Thus if an attacker manages to steal your Skype identity, he effectively has control of your eBay ID aswell.

Ehtyar.

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 7,713
    • View Profile
    • The Blog of Deozaan
    • Read more about this member.
    • Donate to Member
Re: Skype Ignores e-Bay Vulnerability In Client Software
« Reply #3 on: September 15, 2008, 01:25:59 AM »
Thanks for that clarification. I've never used Skype so I didn't know. :Thmbsup:


Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: Skype Ignores e-Bay Vulnerability In Client Software
« Reply #4 on: September 15, 2008, 07:30:02 AM »
I've never used the feature myself, and it took quite some research to confirm this theory.

Ehtyar.