Confirmation from Skype that they have temporarily disabled password resets due to a trivial account hijacking vulnerability: http://heartbeat.skype.com/2012/11/security_issue.html
More data here from Costin Raiu of Kaspersky: https://www.securelist.com/en/blog/208193933/New_Skype_vulnerability_allows_hijacking_of_your_account "The exploit, which has been available for two months already, takes advantage of the Skype password reset feature. This allows you to reset the password of somebody else's account, as long as you know the e-mail address associated with their main Skype account." On Wed, Nov 14, 2012 at 2:30 AM, Tim Dittler < [email protected]> wrote: > On 11/14/2012 01:02 AM, Eric S Johnson wrote: > > Alternatively, since (like OTR) no Skype communication is known to have > ever been successfully in-line-intercepted, the question might be one of > priorities: what cybersec weakness has most often resulted in compromise of > an activist?**** > > Not true for skype chat: http://news.cnet.com/8301-1009_3-10056127-83.html > > Researchers at University of Toronto say they've uncovered "targeted > surveillance" of TOM-Skype users in China and that text chats are recorded > and blocked if they contain certain words. > > > > -- > Unsubscribe, change to digest, or change password at: > https://mailman.stanford.edu/mailman/listinfo/liberationtech >
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
