Results 1 to 14 of 14

Thread: Skype security bug requires major rewrite

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    26,546
    Thanks
    0
    Thanked
    1,642 times in 569 posts

    Skype security bug requires major rewrite

    So Microsoft is working on "a newer version of the product rather than a security update".
    Read more.

  2. #2
    Admin Team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    17,369
    Thanks
    2,257
    Thanked
    2,818 times in 2,251 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: Skype security bug requires major rewrite

    Presumably only the Windows version is vulnerable? Not that the OSX version hasn't had its share of vulnerabilities in the past!

    Edit:

    According to this article https://www.myce.com/news/critical-v...evision-83726/

    it is claimed (but not apparently verified) that it could affect the OSX version.

    Oh well, no matter, I rarely use Skype these days, its main advantage is for landline calls but there are plenty of other messaging applications available, iMessage, Facetime, Telegram, WhatsApp etc.

    Telegram is particularly interesting as it is truly cross platform: Linux, OSX, Windows, Android and IOS.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  3. #3
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,058
    Thanks
    786
    Thanked
    2,135 times in 1,395 posts

    Re: Skype security bug requires major rewrite

    How is this update bug not easy to fix.

    They just need to launch their temp process with modified search behaviour. This is easy to fix. Heck they could hack it to use a 'random' folder each time and make the attack far harder with a little ACL.

    The real bug must be a different one.
    throw new ArgumentException (String, String, Exception)

  4. #4
    root Member DanceswithUnix's Avatar
    Join Date
    Jan 2006
    Location
    In the middle of a core dump
    Posts
    8,136
    Thanks
    335
    Thanked
    776 times in 671 posts
    • DanceswithUnix's system
      • Motherboard:
      • M5A-97 EVO R2.0
      • CPU:
      • FX-8350
      • Memory:
      • 16GB ECC 1333
      • Storage:
      • 660GB Linux, 500GB Games (Win 10)
      • Graphics card(s):
      • Sapphire Nitro R9 380 4GB
      • PSU:
      • 650W Corsair TX
      • Case:
      • Antec 300
      • Operating System:
      • Fedora 24 + Win 10 Pro 64 (yuk)
      • Monitor(s):
      • Benq XL2730Z 1440p + Samsung 2343BW 2048x1152
      • Internet:
      • 80Mb/20Mb VDSL

    Re: Skype security bug requires major rewrite

    Hang on, I thought Skype was installed from the Windows Store and that the store app did the updating. Are MS still making applications do their own updates behind the scenes?

    A program should do one thing and do it well, that is the Windows way. Oh hang on, that's Unix isn't it. Windows is the one where you re-invent everything and bung it in a single application, yeah that would do it.

  5. #5
    Senior Member
    Join Date
    Dec 2013
    Posts
    1,869
    Thanks
    167
    Thanked
    172 times in 125 posts

    Re: Skype security bug requires major rewrite

    Make sure you stay secure by keeping your software up to date, we'll do that automatically for you, Oh wait!

  6. #6
    Admin Team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    17,369
    Thanks
    2,257
    Thanked
    2,818 times in 2,251 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: Skype security bug requires major rewrite

    Quote Originally Posted by DanceswithUnix View Post
    Hang on, I thought Skype was installed from the Windows Store and that the store app did the updating. Are MS still making applications do their own updates behind the scenes?

    A program should do one thing and do it well, that is the Windows way. Oh hang on, that's Unix isn't it. Windows is the one where you re-invent everything and bung it in a single application, yeah that would do it.
    As Skype is semi-cross-platform I guess you dont need the Windows store. (Maybe for new installs?)

    Installed versions are updated from within the application (maybe connecting to the Windows sore or Apple store behind the scenes?). At least thats how it was last time I felt moved to update it (probably because another update had rendered my version incompatible)

    Ah yes, the Windows way...
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  7. #7
    Now 100% Apple free cheesemp's Avatar
    Join Date
    Apr 2007
    Location
    Near the New forest
    Posts
    2,091
    Thanks
    128
    Thanked
    124 times in 84 posts
    • cheesemp's system
      • Motherboard:
      • Gigabyte Z77-D3H
      • CPU:
      • Intel i5 3570k @ 4.2
      • Memory:
      • 16gb Crucial Ballastix Elite DDR3 @1866
      • Storage:
      • 64Gb M4 + 240Gb arc100 + 500Gb HDD
      • Graphics card(s):
      • RX 480 8Gb Nitro+ OC
      • PSU:
      • Antec 650W Semi modular
      • Case:
      • Antec 300
      • Operating System:
      • Win 10
      • Monitor(s):
      • 23" Samsung LED
      • Internet:
      • FTTC ~30Mb

    Re: Skype security bug requires major rewrite

    Quote Originally Posted by DanceswithUnix View Post
    Hang on, I thought Skype was installed from the Windows Store and that the store app did the updating. Are MS still making applications do their own updates behind the scenes?
    Windows 7 - No windows store there! I'm guessing this doesn't affect the Windows store version?
    Trust
    [/url]
    Laptop : Lenovo G505s A8-5550m 8Gb 240Gb SSD Radeon HD 8550G + Radeon HD 8570M dual graphics

  8. #8
    root Member DanceswithUnix's Avatar
    Join Date
    Jan 2006
    Location
    In the middle of a core dump
    Posts
    8,136
    Thanks
    335
    Thanked
    776 times in 671 posts
    • DanceswithUnix's system
      • Motherboard:
      • M5A-97 EVO R2.0
      • CPU:
      • FX-8350
      • Memory:
      • 16GB ECC 1333
      • Storage:
      • 660GB Linux, 500GB Games (Win 10)
      • Graphics card(s):
      • Sapphire Nitro R9 380 4GB
      • PSU:
      • 650W Corsair TX
      • Case:
      • Antec 300
      • Operating System:
      • Fedora 24 + Win 10 Pro 64 (yuk)
      • Monitor(s):
      • Benq XL2730Z 1440p + Samsung 2343BW 2048x1152
      • Internet:
      • 80Mb/20Mb VDSL

    Re: Skype security bug requires major rewrite

    Quote Originally Posted by cheesemp View Post
    Windows 7 - No windows store there! I'm guessing this doesn't affect the Windows store version?
    Dunno, hence I was asking. I don't have any Win 7 boxes any more. My new job will expect me to run Skype, but it looks like they still run a Linux RPM repository so that should be fine.

  9. #9
    Senior Member
    Join Date
    Aug 2013
    Location
    North Wales
    Posts
    1,615
    Thanks
    149
    Thanked
    223 times in 165 posts
    • virtuo's system
      • Motherboard:
      • Asus GRYPHON Z87
      • CPU:
      • i7 4790K @4.8Ghz Corsair H100i GTX
      • Memory:
      • 32Gb G.Skill TridentX 2400 @ CAS9
      • Storage:
      • Samsung 840 EVO 120Gb + Many, many HDs
      • Graphics card(s):
      • EVGA 980Ti FTW
      • PSU:
      • EVGA Supernova G2 750W
      • Case:
      • be quiet! Dark Base Pro 900 (Orange)
      • Operating System:
      • Win10, Fedora
      • Monitor(s):
      • 2x Dell U2515H 1440p DELL U3415W Ultrawide for Work
      • Internet:
      • PlusNet Unlimited 80Mb

    Re: Skype security bug requires major rewrite

    Can bet this "new version" will have an updated privacy policy/T&Cs to go with it

  10. #10
    Yum, Mint Vienetta ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    4,352
    Thanks
    1,015
    Thanked
    556 times in 431 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: Skype security bug requires major rewrite

    Quote Originally Posted by virtuo View Post
    Can bet this "new version" will have an updated privacy policy/T&Cs to go with it
    That was my assumption too. Couldn't think how to voice it, but that is close enough. "Ah, great, just like with win7 being blocked on "old" CPUs finally a way we can force people to use a new version that gives us more power to snoop on them and force things on them they don't want. All in the name of "security" and updates."

  11. #11
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,058
    Thanks
    786
    Thanked
    2,135 times in 1,395 posts

    Re: Skype security bug requires major rewrite

    Quote Originally Posted by DanceswithUnix View Post
    Dunno, hence I was asking. I don't have any Win 7 boxes any more. My new job will expect me to run Skype, but it looks like they still run a Linux RPM repository so that should be fine.
    They've a different code base for the windows store version, it has less functionality.
    throw new ArgumentException (String, String, Exception)

  12. #12
    Member
    Join Date
    Jan 2012
    Posts
    144
    Thanks
    0
    Thanked
    7 times in 7 posts

    Re: Skype security bug requires major rewrite

    Is it possible to stop the updater from running? It doesn't seem to be possible to disable automatic updates within Skype. The option is there, but it doesn't seem to do anything.

  13. #13
    Registered+
    Join Date
    Apr 2006
    Posts
    82
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: Skype security bug requires major rewrite

    I wish I had the link for reference, but this was already fixed long ago. not sure why this does not have an UPDATE. sorry i cant locate my source but it was on one of the major sites over a week ago in response to this post.

  14. #14
    root Member DanceswithUnix's Avatar
    Join Date
    Jan 2006
    Location
    In the middle of a core dump
    Posts
    8,136
    Thanks
    335
    Thanked
    776 times in 671 posts
    • DanceswithUnix's system
      • Motherboard:
      • M5A-97 EVO R2.0
      • CPU:
      • FX-8350
      • Memory:
      • 16GB ECC 1333
      • Storage:
      • 660GB Linux, 500GB Games (Win 10)
      • Graphics card(s):
      • Sapphire Nitro R9 380 4GB
      • PSU:
      • 650W Corsair TX
      • Case:
      • Antec 300
      • Operating System:
      • Fedora 24 + Win 10 Pro 64 (yuk)
      • Monitor(s):
      • Benq XL2730Z 1440p + Samsung 2343BW 2048x1152
      • Internet:
      • 80Mb/20Mb VDSL

    Re: Skype security bug requires major rewrite

    Quote Originally Posted by TheAnimus View Post
    They've a different code base for the windows store version, it has less functionality.
    What, it only displays adverts and drains your battery?

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •