Results 1 to 16 of 16

Thread: Skype security bug requires major rewrite

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    31,709
    Thanks
    0
    Thanked
    2,073 times in 719 posts

    Skype security bug requires major rewrite

    So Microsoft is working on "a newer version of the product rather than a security update".
    Read more.

  2. #2
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: Skype security bug requires major rewrite

    Presumably only the Windows version is vulnerable? Not that the OSX version hasn't had its share of vulnerabilities in the past!

    Edit:

    According to this article https://www.myce.com/news/critical-v...evision-83726/

    it is claimed (but not apparently verified) that it could affect the OSX version.

    Oh well, no matter, I rarely use Skype these days, its main advantage is for landline calls but there are plenty of other messaging applications available, iMessage, Facetime, Telegram, WhatsApp etc.

    Telegram is particularly interesting as it is truly cross platform: Linux, OSX, Windows, Android and IOS.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  3. #3
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,164
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts

    Re: Skype security bug requires major rewrite

    How is this update bug not easy to fix.

    They just need to launch their temp process with modified search behaviour. This is easy to fix. Heck they could hack it to use a 'random' folder each time and make the attack far harder with a little ACL.

    The real bug must be a different one.
    throw new ArgumentException (String, String, Exception)

  4. #4
    root Member DanceswithUnix's Avatar
    Join Date
    Jan 2006
    Location
    In the middle of a core dump
    Posts
    12,484
    Thanks
    729
    Thanked
    1,453 times in 1,223 posts
    • DanceswithUnix's system
      • Motherboard:
      • Asus X470-PRO
      • CPU:
      • 3700X
      • Memory:
      • 32GB 3200MHz ECC
      • Storage:
      • 1TB Linux, 2TB Games (Win 10)
      • Graphics card(s):
      • Asus Strix RX Vega 56
      • PSU:
      • 650W Corsair TX
      • Case:
      • Antec 300
      • Operating System:
      • Fedora 35 + Win 10 Pro 64 (yuk)
      • Monitor(s):
      • Benq XL2730Z 1440p + Iiyama 27" 1440p
      • Internet:
      • Zen 80Mb/20Mb VDSL

    Re: Skype security bug requires major rewrite

    Hang on, I thought Skype was installed from the Windows Store and that the store app did the updating. Are MS still making applications do their own updates behind the scenes?

    A program should do one thing and do it well, that is the Windows way. Oh hang on, that's Unix isn't it. Windows is the one where you re-invent everything and bung it in a single application, yeah that would do it.

  5. #5
    Senior Member
    Join Date
    Dec 2013
    Posts
    3,526
    Thanks
    504
    Thanked
    468 times in 326 posts

    Re: Skype security bug requires major rewrite

    Make sure you stay secure by keeping your software up to date, we'll do that automatically for you, Oh wait!

  6. #6
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: Skype security bug requires major rewrite

    Quote Originally Posted by DanceswithUnix View Post
    Hang on, I thought Skype was installed from the Windows Store and that the store app did the updating. Are MS still making applications do their own updates behind the scenes?

    A program should do one thing and do it well, that is the Windows way. Oh hang on, that's Unix isn't it. Windows is the one where you re-invent everything and bung it in a single application, yeah that would do it.
    As Skype is semi-cross-platform I guess you dont need the Windows store. (Maybe for new installs?)

    Installed versions are updated from within the application (maybe connecting to the Windows sore or Apple store behind the scenes?). At least thats how it was last time I felt moved to update it (probably because another update had rendered my version incompatible)

    Ah yes, the Windows way...
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  7. #7
    Now 100% Apple free cheesemp's Avatar
    Join Date
    Apr 2007
    Location
    Near the New forest
    Posts
    2,923
    Thanks
    347
    Thanked
    242 times in 166 posts
    • cheesemp's system
      • Motherboard:
      • ASUS TUF x570-plus
      • CPU:
      • Ryzen 3600
      • Memory:
      • 16gb Corsair RGB ram
      • Storage:
      • 256Gb NVMe + 500Gb TcSunbow SDD (cheap for games only)
      • Graphics card(s):
      • RX 480 8Gb Nitro+ OC (with auto OC to above 580 speeds!)
      • PSU:
      • Cooler Master MWE 750 bronze
      • Case:
      • Gamemax f15m
      • Operating System:
      • Win 11
      • Monitor(s):
      • 32" QHD AOC Q3279VWF
      • Internet:
      • FTTC ~35Mb

    Re: Skype security bug requires major rewrite

    Quote Originally Posted by DanceswithUnix View Post
    Hang on, I thought Skype was installed from the Windows Store and that the store app did the updating. Are MS still making applications do their own updates behind the scenes?
    Windows 7 - No windows store there! I'm guessing this doesn't affect the Windows store version?
    Trust

    Laptop : Dell Inspiron 1545 with Ryzen 5500u, 16gb and 256 NVMe, Windows 11.

  8. #8
    root Member DanceswithUnix's Avatar
    Join Date
    Jan 2006
    Location
    In the middle of a core dump
    Posts
    12,484
    Thanks
    729
    Thanked
    1,453 times in 1,223 posts
    • DanceswithUnix's system
      • Motherboard:
      • Asus X470-PRO
      • CPU:
      • 3700X
      • Memory:
      • 32GB 3200MHz ECC
      • Storage:
      • 1TB Linux, 2TB Games (Win 10)
      • Graphics card(s):
      • Asus Strix RX Vega 56
      • PSU:
      • 650W Corsair TX
      • Case:
      • Antec 300
      • Operating System:
      • Fedora 35 + Win 10 Pro 64 (yuk)
      • Monitor(s):
      • Benq XL2730Z 1440p + Iiyama 27" 1440p
      • Internet:
      • Zen 80Mb/20Mb VDSL

    Re: Skype security bug requires major rewrite

    Quote Originally Posted by cheesemp View Post
    Windows 7 - No windows store there! I'm guessing this doesn't affect the Windows store version?
    Dunno, hence I was asking. I don't have any Win 7 boxes any more. My new job will expect me to run Skype, but it looks like they still run a Linux RPM repository so that should be fine.

  9. #9
    Senior Member
    Join Date
    Aug 2013
    Location
    North Wales
    Posts
    1,850
    Thanks
    165
    Thanked
    271 times in 202 posts
    • virtuo's system
      • Motherboard:
      • Gigabyte Aorus Master X570
      • CPU:
      • Ryzen 9 5950x
      • Memory:
      • 64Gb G.Skill TridentZ Neo 3600 CL16
      • Storage:
      • Sabrent 2TB PCIE4 NVME + NAS upon NAS upon NAS
      • Graphics card(s):
      • RTX 3090 FE
      • PSU:
      • Corsair HX850 80+ Platinum
      • Case:
      • Fractal Meshify 2 Grey
      • Operating System:
      • RedStar 3, Ubuntu, Win 10
      • Monitor(s):
      • Samsung CRG90 5140x1440 120hz
      • Internet:
      • PlusNet's best, but still poor, attempt

    Re: Skype security bug requires major rewrite

    Can bet this "new version" will have an updated privacy policy/T&Cs to go with it

  10. #10
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    7,463
    Thanks
    1,746
    Thanked
    1,319 times in 984 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: Skype security bug requires major rewrite

    Quote Originally Posted by virtuo View Post
    Can bet this "new version" will have an updated privacy policy/T&Cs to go with it
    That was my assumption too. Couldn't think how to voice it, but that is close enough. "Ah, great, just like with win7 being blocked on "old" CPUs finally a way we can force people to use a new version that gives us more power to snoop on them and force things on them they don't want. All in the name of "security" and updates."

  11. #11
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,164
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts

    Re: Skype security bug requires major rewrite

    Quote Originally Posted by DanceswithUnix View Post
    Dunno, hence I was asking. I don't have any Win 7 boxes any more. My new job will expect me to run Skype, but it looks like they still run a Linux RPM repository so that should be fine.
    They've a different code base for the windows store version, it has less functionality.
    throw new ArgumentException (String, String, Exception)

  12. #12
    Member
    Join Date
    Jan 2012
    Posts
    154
    Thanks
    0
    Thanked
    7 times in 7 posts

    Re: Skype security bug requires major rewrite

    Is it possible to stop the updater from running? It doesn't seem to be possible to disable automatic updates within Skype. The option is there, but it doesn't seem to do anything.

  13. #13
    ETR316
    Guest

    Re: Skype security bug requires major rewrite

    I wish I had the link for reference, but this was already fixed long ago. not sure why this does not have an UPDATE. sorry i cant locate my source but it was on one of the major sites over a week ago in response to this post.

  14. #14
    root Member DanceswithUnix's Avatar
    Join Date
    Jan 2006
    Location
    In the middle of a core dump
    Posts
    12,484
    Thanks
    729
    Thanked
    1,453 times in 1,223 posts
    • DanceswithUnix's system
      • Motherboard:
      • Asus X470-PRO
      • CPU:
      • 3700X
      • Memory:
      • 32GB 3200MHz ECC
      • Storage:
      • 1TB Linux, 2TB Games (Win 10)
      • Graphics card(s):
      • Asus Strix RX Vega 56
      • PSU:
      • 650W Corsair TX
      • Case:
      • Antec 300
      • Operating System:
      • Fedora 35 + Win 10 Pro 64 (yuk)
      • Monitor(s):
      • Benq XL2730Z 1440p + Iiyama 27" 1440p
      • Internet:
      • Zen 80Mb/20Mb VDSL

    Re: Skype security bug requires major rewrite

    Quote Originally Posted by TheAnimus View Post
    They've a different code base for the windows store version, it has less functionality.
    What, it only displays adverts and drains your battery?

  15. #15
    Registered+
    Join Date
    Dec 2017
    Location
    Runcorn, Cheshire
    Posts
    57
    Thanks
    2
    Thanked
    18 times in 10 posts

    Re: Skype security bug requires major rewrite

    Quote Originally Posted by ETR316 View Post
    I wish I had the link for reference, but this was already fixed long ago. not sure why this does not have an UPDATE. sorry i cant locate my source but it was on one of the major sites over a week ago in response to this post.
    yes was fixed in october
    https://www.theregister.co.uk/2018/0...t_skype_fixed/

  16. #16
    ETR316
    Guest

    Re: Skype security bug requires major rewrite

    fairly certain this was fixed at the end of last year.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •