Your email address:


Powered by FeedBlitz

Translator



Search this site

Search in + 6000 articles


  • Web this blog

Technorati Authority

Crude Oil Price

eBay Quote

Blogpulse Trend Skype / VoIP / Ebay

Site Translator

Skype numbers

Skype Online Users / DL Source : nyanyan.to

  • Skype Users / DL chart last 7 days

    Skypechartstats

  • Skype Users / DL chart last 2 days

    Skypechartstats

The "enemies", antagonists & competitors of Skype

Twitter Floater

RSS Feeds

Bookmark and Share
Subscribe to this blog's feed

Recent Comments

My Online Status

Categories

« Adding Skype voice-calling capabilities to MySpace IM | Main | Skype user interface for LCD TV sets. »

28 August 2008

Asterisk & Skype security vulnerabilities

Interesting mp3 podcast by Dan York there, as found on  Blue Box #82: Asterisk & Skype security vulnerabilities.

Skype-SB-2008-003 – Skype File URI Security Bypass Code Execution Vulnerability

" Remote exploitation of a security policy bypass in Windows Skype             versions                 could allow an attacker to execute arbitrary code.                

URI handler in Skype performs checks upon the URL to verify                 that the link does not contain certain file extensions related to                 executable file formats. If the link is found to contain a blacklisted                 executable file extension a security warning dialog is shown to the                 user. This check is flawed in two ways. The check is performed using                 the case sensitive comparison.

               

The second flaw in this check is that the blacklist fails to mention             all                 potential executable file formats. This allows an attacker to bypass                 this security policy and execute arbitrary code if a victim clicks an                 attacker supplied URL.

28 August 2008 in Asterisk/Skype |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451c37769e200e5549a1cd28834

Listed below are links to weblogs that reference Asterisk & Skype security vulnerabilities:

Comments

Blog disclaimer

  • This is a personal weblog. The opinions expressed here represent my own and not those of my previous or current employer(s) and/or businesspartner(s). This blog is NOT affiliated with Skype. Skype is a trademark of Skype Limited. Any trademarks belong to the respective owners. This blog is slightly satirical and contains a heavy dose or irony if not sarcasm. Get used to it. For cleaned up marketing and PR stories please visit the original websites. I am quite sure you will notice the difference.

TheUberOverLord Creations

  • FREE Programs for Skype and Information on Current Skype Deals

SEO-WATCH

  • SEO WATCH

Virtufon replacement for Skype In numbers :)

Flickr Photos

Links to hardware blogs

Recent Posts

Sponsors 2007

  • Pamela Skype Recordings

Visitors/Readers

Twittercounter

  • TwitterCounter for @jangeirnaert

Traffic value of this site

  • Registered Readers

  • Alexa.com data

Reviews. Hands on field tests.

Feel Free to Click

  • Listen to
    ANY blog

    Talkr: Letting blogs speak for themselves.

Hot Youtube Video's on Skype

  • Magic Jack Skype Vonage Killer
  • Skype Outage August 2007

Reviews of Skype hardware on Youtube

  • Older Skype USB Video Phone.
  • Free 2 Ipevo Skype Phone. What's in the box.
  • Ipevo free 2 has a long cable
  • Ipevo free 2 phone, nice to have.
  • Ipevo free 2 phone.
  • Ipevo Xing Conference box
  • Ipevo Skype Solo Phone official demo
  • Ipevo Skype Solo Phone working nice, adding contacts
  • Making a new Skype account on the Ipevo Solo
  • Ipevo Skype Solo Phone unwrapped
  • Ipevo Solo with moving display
  • Netgear Skype Wifi Phone. Field-test in Kuala Lumpur
  • Netgear Skype Wifi phone.
  • Netgear Skype Wifi phone.

Google Analytics

  • G.A.