Results 1 to 16 of 16

Thread: Skype security bug requires major rewrite

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    27,725
    Thanks
    0
    Thanked
    1,727 times in 597 posts

    Skype security bug requires major rewrite

    So Microsoft is working on "a newer version of the product rather than a security update".
    Read more.

  2. #2
    Admin team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    18,748
    Thanks
    2,625
    Thanked
    3,189 times in 2,532 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: Skype security bug requires major rewrite

    Presumably only the Windows version is vulnerable? Not that the OSX version hasn't had its share of vulnerabilities in the past!

    Edit:

    According to this article https://www.myce.com/news/critical-v...evision-83726/

    it is claimed (but not apparently verified) that it could affect the OSX version.

    Oh well, no matter, I rarely use Skype these days, its main advantage is for landline calls but there are plenty of other messaging applications available, iMessage, Facetime, Telegram, WhatsApp etc.

    Telegram is particularly interesting as it is truly cross platform: Linux, OSX, Windows, Android and IOS.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  3. #3
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,144
    Thanks
    797
    Thanked
    2,151 times in 1,407 posts

    Re: Skype security bug requires major rewrite

    How is this update bug not easy to fix.

    They just need to launch their temp process with modified search behaviour. This is easy to fix. Heck they could hack it to use a 'random' folder each time and make the attack far harder with a little ACL.

    The real bug must be a different one.
    throw new ArgumentException (String, String, Exception)

  4. #4
    root Member DanceswithUnix's Avatar
    Join Date
    Jan 2006
    Location
    In the middle of a core dump
    Posts
    9,327
    Thanks
    443
    Thanked
    945 times in 805 posts
    • DanceswithUnix's system
      • Motherboard:
      • M5A-97 EVO R2.0
      • CPU:
      • FX-8350
      • Memory:
      • 16GB ECC 1333
      • Storage:
      • 500GB Linux, 1TB Games (Win 10)
      • Graphics card(s):
      • Asus Strix RX Vega 56
      • PSU:
      • 650W Corsair TX
      • Case:
      • Antec 300
      • Operating System:
      • Fedora 28 + Win 10 Pro 64 (yuk)
      • Monitor(s):
      • Benq XL2730Z 1440p + Samsung 2343BW 2048x1152
      • Internet:
      • Zen 80Mb/20Mb VDSL

    Re: Skype security bug requires major rewrite

    Hang on, I thought Skype was installed from the Windows Store and that the store app did the updating. Are MS still making applications do their own updates behind the scenes?

    A program should do one thing and do it well, that is the Windows way. Oh hang on, that's Unix isn't it. Windows is the one where you re-invent everything and bung it in a single application, yeah that would do it.

  5. #5
    Senior Member
    Join Date
    Dec 2013
    Posts
    2,523
    Thanks
    301
    Thanked
    311 times in 216 posts

    Re: Skype security bug requires major rewrite

    Make sure you stay secure by keeping your software up to date, we'll do that automatically for you, Oh wait!

  6. #6
    Admin team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    18,748
    Thanks
    2,625
    Thanked
    3,189 times in 2,532 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: Skype security bug requires major rewrite

    Quote Originally Posted by DanceswithUnix View Post
    Hang on, I thought Skype was installed from the Windows Store and that the store app did the updating. Are MS still making applications do their own updates behind the scenes?

    A program should do one thing and do it well, that is the Windows way. Oh hang on, that's Unix isn't it. Windows is the one where you re-invent everything and bung it in a single application, yeah that would do it.
    As Skype is semi-cross-platform I guess you dont need the Windows store. (Maybe for new installs?)

    Installed versions are updated from within the application (maybe connecting to the Windows sore or Apple store behind the scenes?). At least thats how it was last time I felt moved to update it (probably because another update had rendered my version incompatible)

    Ah yes, the Windows way...
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  7. #7
    Now 100% Apple free cheesemp's Avatar
    Join Date
    Apr 2007
    Location
    Near the New forest
    Posts
    2,201
    Thanks
    145
    Thanked
    141 times in 98 posts
    • cheesemp's system
      • Motherboard:
      • Gigabyte Z77-D3H
      • CPU:
      • Intel i5 3570k @ 4.2
      • Memory:
      • 16gb Crucial Ballastix Elite DDR3 @1866
      • Storage:
      • 64Gb M4 + 240Gb arc100 + 2x500Gb HDD
      • Graphics card(s):
      • RX 480 8Gb Nitro+ OC
      • PSU:
      • Antec 650W Semi modular
      • Case:
      • NZXT Source S340 Mid Tower
      • Operating System:
      • Win 10
      • Monitor(s):
      • 32" QHD AOC Q3279VWF
      • Internet:
      • FTTC ~30Mb

    Re: Skype security bug requires major rewrite

    Quote Originally Posted by DanceswithUnix View Post
    Hang on, I thought Skype was installed from the Windows Store and that the store app did the updating. Are MS still making applications do their own updates behind the scenes?
    Windows 7 - No windows store there! I'm guessing this doesn't affect the Windows store version?
    Trust

    Laptop : Lenovo G505s A8-5550m 8Gb 240Gb SSD Radeon HD 8550G + Radeon HD 8570M dual graphics

  8. #8
    root Member DanceswithUnix's Avatar
    Join Date
    Jan 2006
    Location
    In the middle of a core dump
    Posts
    9,327
    Thanks
    443
    Thanked
    945 times in 805 posts
    • DanceswithUnix's system
      • Motherboard:
      • M5A-97 EVO R2.0
      • CPU:
      • FX-8350
      • Memory:
      • 16GB ECC 1333
      • Storage:
      • 500GB Linux, 1TB Games (Win 10)
      • Graphics card(s):
      • Asus Strix RX Vega 56
      • PSU:
      • 650W Corsair TX
      • Case:
      • Antec 300
      • Operating System:
      • Fedora 28 + Win 10 Pro 64 (yuk)
      • Monitor(s):
      • Benq XL2730Z 1440p + Samsung 2343BW 2048x1152
      • Internet:
      • Zen 80Mb/20Mb VDSL

    Re: Skype security bug requires major rewrite

    Quote Originally Posted by cheesemp View Post
    Windows 7 - No windows store there! I'm guessing this doesn't affect the Windows store version?
    Dunno, hence I was asking. I don't have any Win 7 boxes any more. My new job will expect me to run Skype, but it looks like they still run a Linux RPM repository so that should be fine.

  9. #9
    Senior Member
    Join Date
    Aug 2013
    Location
    North Wales
    Posts
    1,724
    Thanks
    159
    Thanked
    248 times in 183 posts
    • virtuo's system
      • Motherboard:
      • Asus GRYPHON Z87
      • CPU:
      • i7 4790K @4.8Ghz Corsair H100i GTX
      • Memory:
      • 32Gb G.Skill TridentX 2400 @ CAS9
      • Storage:
      • Samsung 840 EVO 120Gb + Many, many HDs
      • Graphics card(s):
      • EVGA 980Ti FTW
      • PSU:
      • EVGA Supernova G2 750W
      • Case:
      • be quiet! Dark Base Pro 900 (Orange)
      • Operating System:
      • Win10, Fedora
      • Monitor(s):
      • 2x Dell U2515H 1440p DELL U3415W Ultrawide for Work
      • Internet:
      • PlusNet Unlimited 80Mb

    Re: Skype security bug requires major rewrite

    Can bet this "new version" will have an updated privacy policy/T&Cs to go with it

  10. #10
    bored of Vienetta now
    Join Date
    Nov 2009
    Posts
    4,839
    Thanks
    1,147
    Thanked
    695 times in 528 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: Skype security bug requires major rewrite

    Quote Originally Posted by virtuo View Post
    Can bet this "new version" will have an updated privacy policy/T&Cs to go with it
    That was my assumption too. Couldn't think how to voice it, but that is close enough. "Ah, great, just like with win7 being blocked on "old" CPUs finally a way we can force people to use a new version that gives us more power to snoop on them and force things on them they don't want. All in the name of "security" and updates."

  11. #11
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,144
    Thanks
    797
    Thanked
    2,151 times in 1,407 posts

    Re: Skype security bug requires major rewrite

    Quote Originally Posted by DanceswithUnix View Post
    Dunno, hence I was asking. I don't have any Win 7 boxes any more. My new job will expect me to run Skype, but it looks like they still run a Linux RPM repository so that should be fine.
    They've a different code base for the windows store version, it has less functionality.
    throw new ArgumentException (String, String, Exception)

  12. #12
    Member
    Join Date
    Jan 2012
    Posts
    150
    Thanks
    0
    Thanked
    7 times in 7 posts

    Re: Skype security bug requires major rewrite

    Is it possible to stop the updater from running? It doesn't seem to be possible to disable automatic updates within Skype. The option is there, but it doesn't seem to do anything.

  13. #13
    Member
    Join Date
    Apr 2006
    Posts
    179
    Thanks
    0
    Thanked
    3 times in 3 posts

    Re: Skype security bug requires major rewrite

    I wish I had the link for reference, but this was already fixed long ago. not sure why this does not have an UPDATE. sorry i cant locate my source but it was on one of the major sites over a week ago in response to this post.

  14. #14
    root Member DanceswithUnix's Avatar
    Join Date
    Jan 2006
    Location
    In the middle of a core dump
    Posts
    9,327
    Thanks
    443
    Thanked
    945 times in 805 posts
    • DanceswithUnix's system
      • Motherboard:
      • M5A-97 EVO R2.0
      • CPU:
      • FX-8350
      • Memory:
      • 16GB ECC 1333
      • Storage:
      • 500GB Linux, 1TB Games (Win 10)
      • Graphics card(s):
      • Asus Strix RX Vega 56
      • PSU:
      • 650W Corsair TX
      • Case:
      • Antec 300
      • Operating System:
      • Fedora 28 + Win 10 Pro 64 (yuk)
      • Monitor(s):
      • Benq XL2730Z 1440p + Samsung 2343BW 2048x1152
      • Internet:
      • Zen 80Mb/20Mb VDSL

    Re: Skype security bug requires major rewrite

    Quote Originally Posted by TheAnimus View Post
    They've a different code base for the windows store version, it has less functionality.
    What, it only displays adverts and drains your battery?

  15. #15
    Registered+
    Join Date
    Dec 2017
    Location
    Runcorn, Cheshire
    Posts
    57
    Thanks
    2
    Thanked
    18 times in 10 posts

    Re: Skype security bug requires major rewrite

    Quote Originally Posted by ETR316 View Post
    I wish I had the link for reference, but this was already fixed long ago. not sure why this does not have an UPDATE. sorry i cant locate my source but it was on one of the major sites over a week ago in response to this post.
    yes was fixed in october
    https://www.theregister.co.uk/2018/0...t_skype_fixed/

  16. #16
    Member
    Join Date
    Apr 2006
    Posts
    179
    Thanks
    0
    Thanked
    3 times in 3 posts

    Re: Skype security bug requires major rewrite

    fairly certain this was fixed at the end of last year.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •