RSS Alerts

Related Links

Related Stories

  • Comment: Automated security analysis – learning to love change
    Change is the only constant in security – new users, new apps, growing networks and new threats mean recurring headaches for security teams. So how can IT stay ahead of change when everything is in flux? Gidi Cohen of Skybox Security shows how
    Members' Content
  • The Black Art of IT Forensics
    What makes a good digital forensics specialist? Steve Gold looks at some of the latest applications and investigates how the IT forensic investigator’s role has evolved in order to comply with changing customer priorities
  • Weekly brief - September 21. 2009
    Talk, Tools, Techniques, Trials, and Traps - get the lowdown on the week's security news in our weekly brief.
  • Virtualization: virtually a commodity
    Virtualization is a welcome medicine for many of IT's irritating symptoms. But is there a risk that basic information security hygiene will suffer as a result? William Knight investigates
  • Taking Down a Botnet
    This past February, Microsoft, along with industry partners and academic researchers, spearheaded an effort to take the Waledec botnet offline. Drew Amorosi provides a detailed account of just how the cooperative endeavor was able to halt – at least temporarily – the notorious spam serving network.
    Members' Content

News

Skype - not as secure as you might think

15 April 2009

Although VOIP afficionadoes are wont to promote the encrypted nature of Skype Internet telephony calls, it's now becoming accepted that the use of a compressed data mode within Skype opens the gates to pattern recognition and slow, but steady, text-based decoding of the voice transmissions as a result.

But now it seems the Skype client software may also be flawed, as the experts over at Secure Science have revealed the system can be used as an advanced phishing platform.

In a process known as `SkypeSkrayping', Secure Science says that users are being contacted - ostensibly by Skype HQ - via instant messaging, and offered a free $25.00 credit if they visit a site.

Of course, the site is a frame or image-infected one and - quelle surprise - the Skype user ends up being infected in response to the link in the instant message.

The bad news is that, once infected, it seems the fraudsters can gain remote access to the users' Skype account and add extra facilities which can then used by the remote user or, perhaps worse, used to phish for other victims and so tarnish the phished users' reputation.

Interestingly, Secure Science says that the phisher can also gain access to the phishee's outbound telephony calling facility.

This could be used, Infosecurity notes, to make free (to the fraudster) international phone calls via so-called spoof Caller ID services, which are normally charged a premium, and perform other scams as a result.

The good news is that Skype says it is aware of this client software flaw and is working on an update.

 

 

 

 


 

 

This article is featured in:
Data Loss Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water