«
Expand/Collapse
76 items tagged "Skype"
Related tags:
site [+],
cross [+],
exploitation [+],
input validation [+],
vulnerabilities [+],
memory corruption [+],
malaysia [+],
mac os x [+],
mac os [+],
injection [+],
hitb [+],
day [+],
corruption [+],
validation [+],
uri handler [+],
input [+],
zero day [+],
voip [+],
uri [+],
txt [+],
safer use [+],
remote [+],
mac chat [+],
denial of service [+],
command execution [+],
client [+],
bug [+],
voice over ip voip [+],
vendor website [+],
stefan burschka [+],
stefan [+],
service vulnerability [+],
security settings [+],
pointer [+],
os x [+],
mining [+],
memory [+],
insertion [+],
information disclosure [+],
information [+],
html [+],
disclosure [+],
directory server [+],
command line arguments [+],
chaos communication congress [+],
application experiments [+],
zero [+],
whitepaper [+],
voice over ip software [+],
user [+],
target user [+],
target [+],
software vulnerabilities [+],
protocol [+],
pdf [+],
logic [+],
functionality [+],
configuration storage [+],
client versions [+],
attackers [+],
attacker [+],
android [+],
analysis [+],
vulnerability [+],
xml [+],
vulnerable [+],
uri processing [+],
update [+],
telepresence [+],
tags [+],
spy tech [+],
spy [+],
silver needle [+],
service [+],
security flaw [+],
secret recipe [+],
scip [+],
robots [+],
robot [+],
risk [+],
right direction [+],
reverse engineer [+],
remote attack [+],
protocol handler [+],
plugin [+],
place [+],
philippe biondi [+],
patents [+],
microsoft patents [+],
microsoft [+],
may [+],
manager ezpmutils [+],
manager ez [+],
malicious code [+],
magicjack [+],
mac hole [+],
mac [+],
integration [+],
india [+],
hacks [+],
hackers [+],
google [+],
fuck [+],
flaw [+],
facebook [+],
fabrice desclaux [+],
extracts [+],
exploits [+],
everyone [+],
engineered [+],
engineer [+],
electric drills [+],
distant friends [+],
denial [+],
curbs [+],
credential [+],
crack [+],
black hat [+],
biondi [+],
authors [+],
attack [+],
allows [+],
advisory [+],
Support [+],
General [+],
BackTrack [+]
-
-
14:01
»
Hack a Day
This telepresence robot will never let your Skype callers sneak up on you. [Priit] built the project, which he calls Skype Got Legs, so that his distant friends could follow him around the house during chats. But as you can hear after the break, the electric drills used to motorize the base are extremely loud. [...]
-
-
21:38
»
SecDocs
Authors:
Stefan Burschka Tags:
reverse engineering data mining Skype Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: This talk presents Traffic Mining (TM) particularly in regard to VoiP applications such as Skype. TM is a method to digest and understand large quantities of data. Voice over IP (VoIP) has experienced a tremendous growth over the last few years and is now widely used among the population and for business purposes. The security of such VoIP systems is often assumed, creating a false sense of privacy. Stefan will present research into leakage of information from Skype, a widely used and protected VoIP application. Experiments have shown that isolated phonemes can be classified and given sentences identified. By using the dynamic time warping (DTW) algorithm, frequently used in speech processing, an accuracy of 60% can be reached. The results can be further improved by choosing specific training data and reach an accuracy of 83% under specific conditions
-
21:38
»
SecDocs
Authors:
Stefan Burschka Tags:
reverse engineering data mining Skype Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: This talk presents Traffic Mining (TM) particularly in regard to VoiP applications such as Skype. TM is a method to digest and understand large quantities of data. Voice over IP (VoIP) has experienced a tremendous growth over the last few years and is now widely used among the population and for business purposes. The security of such VoIP systems is often assumed, creating a false sense of privacy. Stefan will present research into leakage of information from Skype, a widely used and protected VoIP application. Experiments have shown that isolated phonemes can be classified and given sentences identified. By using the dynamic time warping (DTW) algorithm, frequently used in speech processing, an accuracy of 60% can be reached. The results can be further improved by choosing specific training data and reach an accuracy of 83% under specific conditions
-
21:38
»
SecDocs
Authors:
Stefan Burschka Tags:
reverse engineering data mining Skype Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: This talk presents Traffic Mining (TM) particularly in regard to VoiP applications such as Skype. TM is a method to digest and understand large quantities of data. Voice over IP (VoIP) has experienced a tremendous growth over the last few years and is now widely used among the population and for business purposes. The security of such VoIP systems is often assumed, creating a false sense of privacy. Stefan will present research into leakage of information from Skype, a widely used and protected VoIP application. Experiments have shown that isolated phonemes can be classified and given sentences identified. By using the dynamic time warping (DTW) algorithm, frequently used in speech processing, an accuracy of 60% can be reached. The results can be further improved by choosing specific training data and reach an accuracy of 83% under specific conditions
-
-
14:11
»
Packet Storm Security Exploits
Even if a user has their security settings with no history enabled, Skype 5.x.x fails to securely remove chat messages stored in the sqlite3 database.
-
14:11
»
Packet Storm Security Recent Files
Even if a user has their security settings with no history enabled, Skype 5.x.x fails to securely remove chat messages stored in the sqlite3 database.
-
14:11
»
Packet Storm Security Misc. Files
Even if a user has their security settings with no history enabled, Skype 5.x.x fails to securely remove chat messages stored in the sqlite3 database.
-
18:51
»
Packet Storm Security Advisories
A critical pointer vulnerability is located in the Mac OS X and Windows versions of Skype. The bug is located in 2 input forms of a unicode HTTP search request to the Skype search directory server. The vulnerability allows a local attacker to crash the complete Skype process via an unknown unhandled software exception. The bug allows a local attacker to overwrite or read a new address (skype_debug2_win7_x64x.png).
-
18:51
»
Packet Storm Security Recent Files
A critical pointer vulnerability is located in the Mac OS X and Windows versions of Skype. The bug is located in 2 input forms of a unicode HTTP search request to the Skype search directory server. The vulnerability allows a local attacker to crash the complete Skype process via an unknown unhandled software exception. The bug allows a local attacker to overwrite or read a new address (skype_debug2_win7_x64x.png).
-
18:51
»
Packet Storm Security Misc. Files
A critical pointer vulnerability is located in the Mac OS X and Windows versions of Skype. The bug is located in 2 input forms of a unicode HTTP search request to the Skype search directory server. The vulnerability allows a local attacker to crash the complete Skype process via an unknown unhandled software exception. The bug allows a local attacker to overwrite or read a new address (skype_debug2_win7_x64x.png).
-
-
18:35
»
SecuriTeam
A Denial of Service vulnerability was discovered in Skype for Mac.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
14:23
»
SecuriTeam
Due to a flaw in the current user input validation performed by Skype, it is possible to append additional command line arguments which are subsequently processed during the launch of Skype.exe.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
20:27
»
SecuriTeam
This vulnerability allows remote attackers to remove arbitrary XML files on vulnerable installations of Skype.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
20:22
»
SecuriTeam
This vulnerability allows remote attackers to glean authentication credential from vulnerable installations of Skype.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:00
»
Packet Storm Security Recent Files
Skype client versions prior to 4.2.0.1.55 suffer from a URI handling input validation vulnerability that allows for remote command execution.
-
16:00
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-028 - This vulnerability allows remote attackers to remove arbitrary XML files on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in Skype's handling of the 'skype-plugin:' protocol. An attacker can specify a malicious URI, that upon clicking, will trigger the deletion of an arbitrary attacker specified XML file.
-
16:00
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-027 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists with how the OS web-browser passes command line arguments to Skype through the registered 'skype:' protocol handler. Insufficient sanity checking to the /datapath argument allows an attacker to construct a link that will execute Skype with arbitrary arguments. This can be abused to specify a remote configuration storage directory which can be leveraged to glean target user credentials.
-
16:00
»
Packet Storm Security Exploits
Skype client versions prior to 4.2.0.1.55 suffer from a URI handling input validation vulnerability that allows for remote command execution.
-
16:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-028 - This vulnerability allows remote attackers to remove arbitrary XML files on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in Skype's handling of the 'skype-plugin:' protocol. An attacker can specify a malicious URI, that upon clicking, will trigger the deletion of an arbitrary attacker specified XML file.
-
16:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-027 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Skype. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists with how the OS web-browser passes command line arguments to Skype through the registered 'skype:' protocol handler. Insufficient sanity checking to the /datapath argument allows an attacker to construct a link that will execute Skype with arbitrary arguments. This can be abused to specify a remote configuration storage directory which can be leveraged to glean target user credentials.
-
-
12:45
»
remote-exploit & backtrack
Hello everyone I can't seem to find a good place to help me with VOIP testing. The reason I'm interested in VOIP is because I have three computers on my home network that use Magicjack and Skype. Now all I'm asking if someone can point me the right direction.
Thanks for your time.....
-
-
12:54
»
Wirevolution
At CES last week Josh Silverman, Skype’s CEO mentioned that Skype’s international voice traffic went up 75% in 2009. This has now been approximately confirmed by Telegeography, which now puts Skype’s share of international voice traffic at 13%, up from 8% in 2008. That’s an increase of over 60% year on year.
Josh Silverman also mentioned that Skype was being downloaded at a rate of well over 300,000 downloads per day. Yes, per day. This number matches CKIPE’s observation that Skype added 2.5 million new users in the 11 days after Christmas 2009.
If you are interested in Skype numbers you can get more at CKIPE and SkypeNumerology.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
16:51