A security flaw in popular voice-over-IP software Skype could be harnessed to run malicious code on a victim's computer, InfoWorld reports. Citing blog entries by security researchers Aviv Raff and Petko. Petkov, InfoWorld says the issue can be triggered by something as simple as searching for an online video via Skype's "Add Video to Chat" dialog.
Indeed, Skype harnesses the rendering engine of Microsoft's Internet Explorer to display web pages, but it employs the "Local zone" security setting, giving pages carte blanche to execute code on a user's system. Folks aren't likely to visit malicious sites from within Skype, but they could hit up a site like DailyMotion.com by clicking the "Video" button in a chat window. And therein lies the problem: because of a cross-site scripting vulnerability, users can inject malicious scripts in DailyMotion video titles. As Raff puts it, "This basically means that an attacker can now upload a movie, set a kewl popular keyword (e.g. 'Paris Hilton'), and own any user that will search for a video with those keywords through Skype."
A YouTube video showcasing the security flaw in action can be viewed here. In the video, Raff simply searches for keywords in Skype's "Add Video to Chat" dialog, and a script embedded in a DailyMotion video title opens up the Windows calculator. The demo was recorded in Windows Vista, too, so it looks like even Microsoft's latest operating system falls victim to the flaw.
|In the lab: Gigabyte's GeForce GTX 1050 G1 Gaming graphics card||3|
|Google's Jamboard takes the whiteboard into the cloud||5|
|Transcend hops on the 3D NAND bandwagon with the SSD 230||1|
|Apple puts its AirPods in the oven a little longer||25|
|Microsoft helps hardware companies make VR more affordable||17|
|Intel P3100 M.2 SSD has datacenters in mind||8|
|A technology overview of the Aimpad R5 analog keyboard||14|
|Microsoft Surface Ergonomic Keyboard merges comfort and style||36|
|Surface Studio puts the iMac on notice||78|
|Absolutely. GCN is pretty much GCN, so the math backs this up: R9 290X = 1GHz x 2816 GCN CUs = 2816 CUGHz (pronounced "cougar hertz") RX 480 = 1.27GHz...||+43|