RSS Alerts

Share

More services

Related Links

Related Stories

  • Data Breach Spring
    Infosecurity’s Drew Amorosi examines three data breach incidents from the past few months that, by their nature, keep security vendors in business, regulators busy, and CISOs up at night. Find out why industry observers think this rash of massive breaches could lead to a ‘PCI for consumer privacy’
  • Information security in China: A license to print money
    With 200 million internet users in China, and a predicted annual growth rate of 17% for the information security market until 2013, why would security vendors want to go anywhere else? William Knight investigates
  • Zero Day of the Dead
    The data load that has accompanied the globalization of trade would make even Atlas stagger. And that’s without the added burden of counter-terrorisAs you read this, zombie programs are flitting across the internet like a pestilence to infect and drain the life from innocent computer systems. Yet, for all the aggravation and grief they cause, you may never know you are part of a global invasion of the system snatchers, says William Knight. Unless…
  • Comment: APT Tops Security Risks to Corporate IP in 2012
    Verdasys’ Bill Ledingham shares his insights on advanced persistent threats (APT) and offers steps companies can take to increase their cybersecurity
  • The Good, the Bad, and the Ugly Insider Threats
    Whether intentional or unintentional, insider threats take many forms. The (ISC)² US Government Advisory Board Executive Writers Bureau examines this dichotomy and how it is being affected by both regulatory considerations, and the rapidly changing technology landscape
    Members' Content

Top 5 Stories

News

Skype - not as secure as you might think

15 April 2009

Although VOIP afficionadoes are wont to promote the encrypted nature of Skype Internet telephony calls, it's now becoming accepted that the use of a compressed data mode within Skype opens the gates to pattern recognition and slow, but steady, text-based decoding of the voice transmissions as a result.

But now it seems the Skype client software may also be flawed, as the experts over at Secure Science have revealed the system can be used as an advanced phishing platform.

In a process known as `SkypeSkrayping', Secure Science says that users are being contacted - ostensibly by Skype HQ - via instant messaging, and offered a free $25.00 credit if they visit a site.

Of course, the site is a frame or image-infected one and - quelle surprise - the Skype user ends up being infected in response to the link in the instant message.

The bad news is that, once infected, it seems the fraudsters can gain remote access to the users' Skype account and add extra facilities which can then used by the remote user or, perhaps worse, used to phish for other victims and so tarnish the phished users' reputation.

Interestingly, Secure Science says that the phisher can also gain access to the phishee's outbound telephony calling facility.

This could be used, Infosecurity notes, to make free (to the fraudster) international phone calls via so-called spoof Caller ID services, which are normally charged a premium, and perform other scams as a result.

The good news is that Skype says it is aware of this client software flaw and is working on an update.

 

 

 

 


 

This article is featured in:
Data Loss  • Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012