[liberationtech] Comments on Internews new "information security guide"
Morgan Marquis-Boire
morgan.marquisboire at gmail.com
Wed Nov 14 03:25:45 PST 2012
Confirmation from Skype that they have temporarily disabled password resets
due to a trivial account hijacking vulnerability:
http://heartbeat.skype.com/2012/11/security_issue.html
More data here from Costin Raiu of Kaspersky:
https://www.securelist.com/en/blog/208193933/New_Skype_vulnerability_allows_hijacking_of_your_account
"The exploit, which has been available for two months already, takes
advantage of the Skype password reset feature. This allows you to reset the
password of somebody else's account, as long as you know the e-mail address
associated with their main Skype account."
On Wed, Nov 14, 2012 at 2:30 AM, Tim Dittler <
dittler at informatik.hu-berlin.de> wrote:
> On 11/14/2012 01:02 AM, Eric S Johnson wrote:
>
> Alternatively, since (like OTR) no Skype communication is known to have
> ever been successfully in-line-intercepted, the question might be one of
> priorities: what cybersec weakness has most often resulted in compromise of
> an activist?****
>
> Not true for skype chat: http://news.cnet.com/8301-1009_3-10056127-83.html
>
> Researchers at University of Toronto say they've uncovered "targeted
> surveillance" of TOM-Skype users in China and that text chats are recorded
> and blocked if they contain certain words.
>
>
>
> --
> Unsubscribe, change to digest, or change password at:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121114/da4aebf0/attachment-0001.html>
More information about the liberationtech
mailing list