Privacy Blog

"Friends don’t let friends get spied on.' – Richard Stallman, President of the Free Software Foundation and longtime advocate of privacy in technology.

Skype Can’t Fix a Nasty Security Bug Without a Massive Code Rewrite

Leave a comment

Are you a frequent user of Skype? If so, you might want to rethink your usage. Luckily, there are several good, much more secure, alternatives. ZDNet reports that a security flaw in Skype’s updater process can allow an attacker to gain system-level privileges to a vulnerable Windows computer. If the bug is exploited, it “can escalate a local unprivileged user to the full ‘system’ level rights — granting them access to every corner of the operating system.” What’s worse is that Microsoft, which owns Skype, won’t fix the flaw because it would require the updater to go through “a large code revision.”

Luckily, the security apparently only affects Windows systems, not Macintosh or Linux or handheld devices. The bug uses a DLL hijacking technique. Luckily, DLL files are Windows-specific and are not used in the other operating systems.

Details may be found at http://www.zdnet.com/article/skype-cannot-fix-security-bug-without-a-massive-code-rewrite/.

Categories: Online Privacy & Security

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.