11.14.12

^{Gemini version available ♊︎}

Skype Cracked, All User Accounts Are Vulnerable (Updated)

Posted in Microsoft, Security at 3:59 pm by Dr. Roy Schestowitz

Crack

Summary: A Russian site explains how to take over any account

According to this, Microsoft Skype gets the very basics wrong:

Here’s the original link where I’ve read about this (in Russian) – http://habrahabr.ru/post/158545/
with multiple people in the comments confirming it works and also reporting their accounts were stolen.
Here’s how it works:
Sign up for a new Skype account. Use the victim’s email. A warning will come up that an account with that email already exists, but you can still proceed with filling out the form and account creation.
Log in to the Skype client with your new account.
https://login.skype.com/account/password-reset-request – request a password reset using the victim’s email.
You will get a password reset notification and token in your skype client. Follow the link to pick the victim’s account and reset the password.
It appears the only way to safeguard yourself for now is to change your main Skype account email to one that’s not publicly known.

There are many good reasons to avoid Skype and many good alternatives. The other day a Pidgin developer complained about the secret messaging protocols of Skype. These are deliberately non-interoperable. Since Microsoft moves its IM services to Skype, this will only become a greater issue. █

Update: Flaw confirmed by Microsoft

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.

Permalink Mail Send this to a friend

ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

What Else is New

Links 27/05/2022: Many More Microsoft Security Failures (and Spin/Lies)

Links for the day
Links 26/05/2022: KStars 3.5.9 and Chrome 103 Beta

Links for the day
Links 26/05/2022: AlmaLinux OS 9.0, MooseX::Extended for Perl Introduced

Links for the day
Links 26/05/2022: Kernel Events and Systemd-Free GNU/Linux Distributions

Links for the day
Links 26/05/2022: DuckDuckGo Increasingly Exposed as Microsoft Proxy

Links for the day
EPO Celebrates Software Patents Again, Dubbing Them 'Hey Hi' (AI) and '4IR'

The ludicrous state of the EPO is demonstrated by yesterday’s puff piece about “four million” (merely requests for monopoly in Europe; most come from outside Europe) and L’Oréal, which claims to have “invented” something that was already done in the 1990s if not the 1980s
[Meme] EPO's Monkey Business: Lowering the Patent Examination Bar

As we shall show in a moment, EPO President António Campinos has lowered the quality of patents and applications; sooner or later he might outsource the job to ‘livestock’
IRC Proceedings: Wednesday, May 25, 2022

IRC logs for Wednesday, May 25, 2022
Heads of Patent Offices Are Immune to Coronavirus

The overconfident chiefs of the U.S. Patent and Trademark Office (USPTO) and EPO might love speaking about COVID-19 (in relation to patents), but they do not take it seriously themselves
Links 26/05/2022: Plex Finally on GNU/Linux

Links for the day
The General Consultative Committee of the EPO Exposes a Disaster and a Lack of Genuine Dialogue

The General Consultative Committee (GCC) at the EPO deals with unlawful proposals from António Campinos (he’s happy to violate laws, constitutions, protocols, conventions, just like Benoît Battistelli did) and once again the abuses by managers is covered up; it’s as if the Office is run by unaccountable gangsters who arrogantly curse at everyone whilst insisting they’re the nicest people ever
The Latest Letter to Josef Kratochvìl and the Heads of Delegation of the Administrative Council of the European Patent Organisation

A week-old letter from the Central Staff Committee (CSC) to the Administrative Council of the European Patent Organisation highlights the nature of a crisis; there's no genuine dialogue and staff of the EPO (i.e. the scientists who do all the actual work) is constantly under attack
[Meme] The Recordings Must Have Accidentally Been Lost While Breaking the Rules

The EPO‘s “nicest” chief, Monopoly Tony, won’t even mention the recordings…
Links 25/05/2022: ‘V Rising’ on GNU/Linux and Pearl Linux OS 11

Links for the day
Links 25/05/2022: Librem Tries Another Approach

Links for the day
IRC Proceedings: Tuesday, May 24, 2022

IRC logs for Tuesday, May 24, 2022
Links 24/05/2022: nginx-1.22.0 and WordPress 6.0

Links for the day
[Meme] Divine Protection

You won’t find Monopoly Tony (António Campinos) wearing a mask at the EPO because the rules of the Office do not apply to him
António Campinos and the Alicante Clique (EPO Management, Appointed Based on Nepotism Despite Lack of Qualifications) Nowadays Exploiting Kids for PR Charades

The sick old habit of exploiting kids for Public Relations (PR) and marketing purposes is all too common at the EPO (they’re constantly exploiting “the children” to associate criticism of the EPO with demeaning the young and innocent), but the management — which enjoys nepotism and immunity rather than relevant skills — carries on today and it’s being called “inaugural”
[Meme] Snake on a Plane

The EPO‘s President ‘Monopoly Tony’ (António Campinos), whom you never see wearing a mask (none of the photo ops; he does not even socially distance himself from peers, he wears sneakers instead of masks) during the height of a pandemic, is the "f***ing president"; don’t tell him to wear one…
Microsoft GitHub Exposé — Part XX — Entering Phase II

We're about to resume the long-running series about the sick clique which ran GitHub until the assault on women became too much of a liability (among other wrongdoings and PR blunders)
Links 24/05/2022: Fedora 37 Test Days and Tor Browser 11.0.13

Links for the day
Microsoft Vidal, as USPTO Director, Already Plays 'Political Cards' to Disguise and Deflect Away From the Corporate Agenda

Microsoft Vidal, another corporate pawn in charge of the world’s most dangerous patent system, is using soft-spoken defle
Links 24/05/2022: WAL-G 2.0

Links for the day
IRC Proceedings: Monday, May 23, 2022

IRC logs for Monday, May 23, 2022
Unethical Advertising, Published as So-called 'Articles', in CNX Software

As we noted earlier this year, the CNX team is looking for money in the wrong places
Links 23/05/2022: Broadcom to Buy VMware?

Links for the day
LibreOffice Conference 2022, As Before, Puts the Keynotes on Sale (the Rich Buy Influence, the Price Doubles)

Discrimination against the community; talks and mentions are based on money, not merit ($2000 has become $4000 in just one year)
Links 23/05/2022: Kdenlive 22.04.1 and New Alpine Linux Released

Links for the day
António Campinos Promotes Software Patents Using Buzzwords and Sketchy Loopholes With Dubious Legal Basis

‘Monopoly Tony’ (António Campinos) is shamelessly manipulating EPO processes at both ends (sender and receiver) to facilitate the illegal granting of invalid European software patents; we’re meant to think this former EU official and imposter (banker) is some guru in the sciences because he reads a lousy speech crafted for him with lots of meaningless buzzwords peppered all over it (he’s not good at reading it, either)