Jul 29, 2011
Normally, software updates are intended to enhance a functionality, provide support or patch a particular known exploit. But this is not the case with the updated version of the Skype-client that has been released just recently. The updated version now includes the much awaiting Facebook integration in which you can post comments and status updates. You can also view your friends online using the updated version. Though the functionality of the new skype version brings new features, this could lead to your account being compromised by malicious hackers.
So hold your horses, do not update to this version of Skype or you’ll be the next victim. A security expert by the name of David Vieira-Kurz uncovered some vulnerabilities that could allow an attacker to steal someone’s Skype session. This could mean that someone can pretend to be a friend to all the friends’ victim. Also the attacker can then change your Skype’s password or even worst your Facebook account can be stolen too. The worst thing is, the attacker does not have to be your Facebook or Skype friend. So, I suggest that you wait for a patch or another update that will fix this problem. Visit the Microsoft or Skype website for further announcements and do not obtain patch from other sites.
For more details of the attack visit the author’s website or watch the video below to see the proof of concept how the attack is done.