Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
This is incredibly scary. Good thing I don’t use Skype for anything but the fact that they know and allow such a widespread issue and just wash their hands of it as it’s too much work 😡
@yendenikhil apple’s already patched that issue -
@C0D4 we use Skype as corporate messenger, with sensitive data! And if Apple patched it (finally!), Is marginally better then!
-
@yendenikhil our company took up ms teams instead, so it probably has its own well of vulnerabilities.
-
Microsoft said they fixed it in October 🤔. https://windowslatest.com/2018/02/...
-
@C0D4 ms teams is really good and has nothing to share with skype, moderb code, electron, different update system... Probably this vulnerability comes is there since the begin of Skype, when wasn't developed by ms.
P. S.
There was a simolar vulnerability discovered in telegram desktop -
@C0D4 we also moved from slack to teams and we really like it... What exactly don't you like?
-
@dontbeevil it crashes all the time or freezes up.
Maybe it’s just me but I found slack more stable. -
@C0D4 mmm that's really strange, we're using since october, didn't experience a single crash. Which os? Your collegues experience the same?
-
The most funny thing about that is that Microsoft has several guidances on how to avoid such drama hijacking and is now vulnerable themselves:
Source: http://seclists.org/fulldisclosure/...
Microsoft published plenty advice/guidance to avoid this beginner's
error: https://msdn.microsoft.com/en-us/...,
https://technet.microsoft.com/en-us...,
https://support.microsoft.com/en-us...
and
https://blogs.technet.microsoft.com/...
. .. which their own developers and their QA but seem to ignore!
Related Rants
Did you say security?
Made my day 😂😂
A quite severe vulnerability was found in Skype (at least for windows, not sure about other systems) allowing anyone with system access (remote or local) to replace the update files skype downloads before updating itself with malicious versions because skype doesn't check the integrity of local files. This could allow an attacker to, once gaining access to the system, 'inject' any malicious DLL into skype by placing it in the right directory with the right file name and waiting for the user to update (except with auto updates of course).
From a company like Microsoft, taking in mind that skype has hundreds of millions of users worldwide, I'd expect them to take a very serious stance on this and work on a patch as soon as possible.
What they said about this: they won't be fixing it anytime soon as it would require a quite big rewrite of skype.
This kinda shit makes me so fucking angry, especially when it comes from big ass companies 😡. Take your fucking responsibility, Microsoft.
rant
microsoft
ms
security
skype
fuck you
vulnerability
not so secure
fucking hell