There is a point in which the responsibility of Skype to maintain your privacy and system security stops, and your habits begin. Skype, like any cloud-based service, depends a great deal on user habits and precautions to remain secure.
In this case, the issue was resolved, an update was sent to the community through the Skype Security Blog, and a new version of the Windows client was made available to users. Earlier this year, it was discovered that a Windows user’s password could be reset through a cross-scripting bug. This isn’t the first time this year Skype has been under fire for having exploitable security flaws. I have yet to see an announcement from Microsoft or Skype indicating that this particular flaw has been fixed. By calling another user, blocking certain packets from being received, and hanging up quickly, the exploiter receives your IP information and you are none the wiser because your blocked call never even gives you a pop-up. Unfortunately, this block is implemented at the client which means that the caller’s machine has to successfully shake hands with your client and receive the denial in order to block the flow of packets. When you configure your Skype client, you can direct it to automatically block calls from anyone not currently on your contacts list. A change to any one of these factors can throw off security measures and expose new exploitable flaws that may (or may not) be discovered by people with malicious intent. Not only does Skype’s internal system need to be secure, but the connection between the server and the client, the client itself, and the operating system that the client depends on to run. Security is one of the biggest concerns for software engineers, and also one of their biggest challenges.
The very nature of software relies on a seemingly countless number of variables to be in perfect alignment for all expectations to be met. Did you know that a recently discovered security flaw in Skype makes your location and file-downloading activity accessible to parties unknown? This flaw has brought home the point that no Web-accessible software or service can be truly secure.
0 kommentar(er)
