This article is an automated machine-translation of an article in English. We know the translation isn't perfect, but we hope it's useful for people who don't read English.

警告说,严重的安全问题 - Skype用户帐户可以轻松劫持

by Graham Cluley on November 14, 2012 | Leave a comment

Filed Under: Featured, Microsoft, Privacy, Vulnerability

Skype一个严重的安全问题已经被发现在Skype,这让黑客劫持账户只知道用户的电子邮件地址。

下一个Web介绍了,如何重现攻击,访问Skype帐户的工作人员,只知道他们的电子邮件地址,然后改变他们的“受害者”,把他们的密码。

根据下一个Web:

“这个工程的原因很简单,但它的仍然令人担忧。当你使用现有的电子邮件地址与Skype签署再次,在服务电子邮件您提醒您的用户名,这是正常的,因为没有人应该有访问您的电子邮件。不幸的是,因为这种方法使你能够得到一个重设密码令牌发送到Skype应用程序本身,这使得第三方赎回,并声称拥有你原来的用户名和帐户。“

据报道,俄罗斯论坛上记录的问题几个月前,和似乎是容易被利用。

Skype已暂时停用Skype帐户密码重置的报告作出回应,并发表了一份简短的咨询用户:

Skype acknowledges there is a possible problem

“我们有一个新的安全漏洞问题的报告。作为预防措施,我们已暂时停用密码重置,我们将继续进一步调查这个问题。我们带来的不便表示歉意,但用户体验和安全是我们的首要任务”

出于安全原因,在过去,微软拥有的Skype已经成了头条新闻。例如,今年早些时候被指控的缓慢修复一个安全漏洞 ,可能会允许Skype用户的信息,包括受害者的城市,国家,互联网服务提供商和IP地址收集。

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

About the author

Graham Cluley has worked in the computer security industry for more than 20 years, developing anti-virus software and doing quite a lot of talking about internet threats. He's won awards for his blogging, but is proudest of the text adventure games he wrote when he was still wearing short trousers. You can learn more about those (the games, not the trousers) at grahamcluley.com. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.