Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Are you kidding me? The gall to say like that! I think they are following Apple (the magical character) in that regard then!
-
but if they fix it then they'll have to update it, making skypes user's vulnerable
-
C0D4681977yThis is incredibly scary. Good thing I don’t use Skype for anything but the fact that they know and allow such a widespread issue and just wash their hands of it as it’s too much work 😡
@yendenikhil apple’s already patched that issue -
@C0D4 we use Skype as corporate messenger, with sensitive data! And if Apple patched it (finally!), Is marginally better then!
-
C0D4681977y@yendenikhil our company took up ms teams instead, so it probably has its own well of vulnerabilities.
-
Root824797yLol Skype.
I use it to talk to exactly one person, and only because he's too lazy to give me any other contact info.
I think it's been long enough.
I'm going to yell at him later. -
@ramen That doesn't make it less severe or less irresponsible from Microsoft for not patching it.
-
Link please? (It's 00:11 here, I'm too lazy to go search) And which version of Skype does this apply to?
-
Microsoft said they fixed it in October 🤔. https://windowslatest.com/2018/02/...
-
C0D4681977y@eletious
Didn’t get a choice, company moved from slack to teams and block slack, plus having to use it all the time, I just tolerate it. -
C0D4681977y@dontbeevil it crashes all the time or freezes up.
Maybe it’s just me but I found slack more stable. -
@ParkCity Not sure what to tell ya, article 1 vs article 2 about the same thing but different situation?
-
The most funny thing about that is that Microsoft has several guidances on how to avoid such drama hijacking and is now vulnerable themselves:
Source: http://seclists.org/fulldisclosure/...
Microsoft published plenty advice/guidance to avoid this beginner's
error: https://msdn.microsoft.com/en-us/...,
https://technet.microsoft.com/en-us...,
https://support.microsoft.com/en-us...
and
https://blogs.technet.microsoft.com/...
. .. which their own developers and their QA but seem to ignore!
Related Rants
A quite severe vulnerability was found in Skype (at least for windows, not sure about other systems) allowing anyone with system access (remote or local) to replace the update files skype downloads before updating itself with malicious versions because skype doesn't check the integrity of local files. This could allow an attacker to, once gaining access to the system, 'inject' any malicious DLL into skype by placing it in the right directory with the right file name and waiting for the user to update (except with auto updates of course).
From a company like Microsoft, taking in mind that skype has hundreds of millions of users worldwide, I'd expect them to take a very serious stance on this and work on a patch as soon as possible.
What they said about this: they won't be fixing it anytime soon as it would require a quite big rewrite of skype.
This kinda shit makes me so fucking angry, especially when it comes from big ass companies 😡. Take your fucking responsibility, Microsoft.
rant
microsoft
ms
security
skype
fuck you
vulnerability
not so secure
fucking hell