Pages

Saturday, November 17, 2012

New Skype Hack Found - Only Requires Your Email Address


A major new Skype hack has started to appear that only requires the hacker to know your email address (username isn’t required) in order to exploit your Skype account.

The hack is made possible due to Skype’s crappy password recovery proceedures which is being used to gain access to users Skype accounts. The vulnerability was first reported to Skype about 3 months ago according to a Russian site that disclosed the hack  this week.

To temporarily address this vulnerability, users are being advised to change their primary email address associated with their Skype accounts as soon as possible. Here is how to do that: (Note that I was only able to get this to work using Internet Explorer).

Firstly, log into your account at Skype.com (not via the program)

Next select your profile


Now scroll down to your contact details and click on Add email address


when you save this seeting a pop-up message will appear asking for you to re-enter your password. Enter it and Click (with your mouse) the Enter button in the pop-up window. If you simply hit the Enter key on your keyboard this will result in an error.


Now hit Edit again and delete your old primary email address and hit Save.

You are Done.

Now you are using another guy's email address for skype account without his permission!!
Now if you change your account details the account  becomes fake.

[Update] Skype are now aware of this issue and have temporarily disabled the ability to reset your passwords until they have patched this. They have released the following message on their support forums:
We’ve been informed of a vulnerability in our password reset process, which could compromise the security of our users. We have temporarily disabled the password reset process for Skype accounts to prevent this vulnerability from being exploited.
Security is of the highest importance to us and we are working on getting this fixed as soon as possible.
We apologize for any inconvenience caused to users who need to reset their passwords, but our priority is protecting the integrity of user accounts
 But they posted a solution for this on this wednesday, But still vulnerability persists as I tested it with my own account today(1 hrs ago before posting this article).


Note: Please donot exploit any one;this article  is only for education purposes so that when you build a website you must take care of these things. **Tech@cks will not be responsible for your any false activities.

No comments:

Post a Comment