Skype Vulnerability, Now Blocked, Allowed Account Hijack
A security vulnerability in Skype, in use for 2 months, allowed an attacker to hijack a Skype account if they knew the email address of the user. Skype has temporarily disabled the feature which allowed the attack.
The problem was first publicized last night on Russian web forums. Skype now claims to have fixed the password reset so that it cannot be abused in this way.
Skype issued a statement on the issue:
Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.