This article is an automated machine-translation of an article in English. We know the translation isn't perfect, but we hope it's useful for people who don't read English.

警告说,严重的安全问题 - Skype用户帐户可以轻松劫持

Filed Under: Featured, Microsoft, Privacy, Vulnerability

Skype一个严重的安全问题已经被发现在Skype,这让黑客劫持账户只知道用户的电子邮件地址。

下一个Web介绍了,如何重现攻击,访问Skype帐户的工作人员,只知道他们的电子邮件地址,然后改变他们的“受害者”,把他们的密码。

根据下一个Web:

“这个工程的原因很简单,但它的仍然令人担忧。当你使用现有的电子邮件地址与Skype签署再次,在服务电子邮件您提醒您的用户名,这是正常的,因为没有人应该有访问您的电子邮件。不幸的是,因为这种方法使你能够得到一个重设密码令牌发送到Skype应用程序本身,这使得第三方赎回,并声称拥有你原来的用户名和帐户。“

据报道,俄罗斯论坛上记录的问题几个月前,和似乎是容易被利用。

Skype已暂时停用Skype帐户密码重置的报告作出回应,并发表了一份简短的咨询用户:

Skype acknowledges there is a possible problem

“我们有一个新的安全漏洞问题的报告。作为预防措施,我们已暂时停用密码重置,我们将继续进一步调查这个问题。我们带来的不便表示歉意,但用户体验和安全是我们的首要任务”

出于安全原因,在过去,微软拥有的Skype已经成了头条新闻。例如,今年早些时候被指控的缓慢修复一个安全漏洞 ,可能会允许Skype用户的信息,包括受害者的城市,国家,互联网服务提供商和IP地址收集。

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley