Archive for Skype

Android Phone Owners With Skype Installed Are Vulnerable To A Passcode Bypass Exploit

Posted in Commentary with tags , , on January 4, 2019 by itnerd

If you use Skype for Android, you should pay attention. Someone who is in possession of an Android phone with Skype installed on it simply has to to receive a Skype call and answer it without unlocking the handset. They can then view photos, look up contacts, send a message, and open the browser by tapping links in a sent message, all without ever unlocking the phone. The Register first reported this and I have a video below that demonstrates the exploit:

The vulnerability was reported to Microsoft and a fix is already out there via updating to the latest version of Skype. By doing so, you will ensure that you do not get pwned.

That Skype Bug That Microsoft Wasn’t Going To Fixed Is Actually Already Fixed

Posted in Commentary with tags on February 16, 2018 by itnerd

You might recall that I posted a story about a Skype bug that could lead to you getting pwned by hackers, and that Microsoft wasn’t gong to fix it. Well, it’s actually been fixed.

Confused? Yeah. So was I. Hang with me and I’ll explain.

According to Skype program manager Ellen Kilbourne via a support forum post, the vulnerability is present in Skype for Windows versions 7.40 and lower. Last October, Microsoft released version 8 without the flaw. Thus the fix is to upgrade to the latest version.

So, how did we end up with this becoming an issue?

The issue was discovered by German researcher Stefan Kanthak. In the paper where he disclosed this bug, he says this:

“The engineers provided me with an update on this case. They’ve reviewed the code and were able to reproduce the issue, but have determined that the fix will be implemented in a newer version of the product rather than a security update. The team is planning on shipping a newer version of the client, and this current version will slowly be deprecated. The installer would need a large code revision to prevent DLL injection, but all resources have been put toward development of the new client.”

Clearly version 8 was the new client that Microsoft was speaking of. Thus I have to assume that either he believed that Microsoft wasn’t going to do anything, or he mistook what Microsoft said. And as a result he waited three months and disclosed something that had already been fixed. In other words, it was an honest mistake.

And with that, you can go back to using Skype without worrying that you’re going to get pwned.

 

Skype Has A Bug That Would Be Hard To Fix Which Leaves You Open To Pwnage

Posted in Commentary with tags on February 13, 2018 by itnerd

ZDNet reports of a security flaw in Skype’s updater process that “can allow an attacker to gain system-level privileges to a vulnerable computer.” If the bug is exploited, it can escalate a local unprivileged user to the full ‘system’ level rights. Which means that a hacker can do anything they want.  What’s worse is that Microsoft, which owns Skype, won’t fix the flaw because it would require the updater to go through “a large code revision.” Instead, Microsoft is putting all its resources on building an altogether new client.

Microsoft has this really wrong. Now that this bug is public, it is only a matter of time before the pwnage begins. And what will Microsoft do then? Likely throw all its resources towards trying to stop the pwnage. So they might as well do that now and protect their user base in the process. But I guess the folks over in Redmond don’t see it that way. Thus, consider warned if you’re a Skype user.

 

Skype Punted From App Stores In China

Posted in Commentary with tags on November 22, 2017 by itnerd

It seems that China doesn’t like Skype. So much so that they’ve apparently banned the messaging app on all platforms that Skype is available on. Microsoft who owns Skype says that this is only “temporary”. But that’s just spin. What China likely wants is the ability snoop on calls and keep track of who’s using the app. I seriously doubt Microsoft will go for that. Thus don’t expect it back in the country anytime soon.

Skype and PayPal Team Up To Allow People To Transfer Money Seamlessly

Posted in Commentary with tags , on August 2, 2017 by itnerd

From big summer trips with friends to group dinners and patio afternoons, summer brings us together. As get-togethers pile up, Canadians are focused on fun and making memories. But who picks up the tab?

Today, Skype users in 22 countries including Canada can now send money with PayPal directly through the Skype mobile app. With over one billion Skype downloads to date globally, people can now seamlessly send money in the moment so nobody has the lingering worry that comes with an outstanding IOU.

By teaming up with Skype, PayPal is offering people yet another seamless and contextual way to send money online and on mobile, such as through voice command with Siri, in chat with Slack and in email via Microsoft’s Outlook.com.

Learn more about PayPal and Skype here.

Microsoft Putting A Social Media Spin On Skype

Posted in Commentary with tags on June 1, 2017 by itnerd

It seems that Microsoft wants to make Skype a whole lot more relevant to those who use social media a lot. Here’s some details from a press release from the folks in Redmond:

Rebuilt from the ground up, the new Skype vastly improves the ways you can connect with your favorite people and, of course, chatting is front and center. We’ve made group chats more lively, expressive, and—most importantly—personalized, so you can chat the way you want. With the new Skype, you’ll have countless ways to share life’s moments together, every day. Wherever life takes you, Skype allows you to seamlessly create, play, share, and do more with the people you care about most.

How are they going to do that? Here’s a video that shows the new Skype in action:

The newest update of Skype will become available to Android users over the next few months. Support for iOS is coming sometime in July. Desktop support for both PC and Mac will become available to users sometime this summer.

Skype WiFi To Be Deep Sixed On March 31st

Posted in Commentary with tags on February 28, 2017 by itnerd

For those of you who use Skype WiFi to get online when tethering and paying some outrageous fee for WiFi doesn’t make sense, I have bad news for you. This was posted on the Skype WiFi page:

capture

If you click on the FAQ, it says this:

We’re retiring Skype WiFi globally so we can better focus our efforts on bringing you the best possible experience through our core Skype features.

Now, I have to admit that I have not used Skype WiFi lately  as WiFi is pretty much everywhere. However it has come in useful at times. Thus I will be looking for other options as something like Skype WiFi is handy to have. I’ll post any alternatives that I come across in a future post.