Login  Register

Re: [EXTERNAL] Urgent: skype vulnerability?

Posted by Marcus G. Daniels on Sep 12, 2013; 2:55am
URL: http://friam.383.s1.nabble.com/Urgent-skype-vulnerability-tp7583763p7583795.html

On 9/6/13 5:29 PM, Parks, Raymond wrote:
<base href="x-msg://600/"> I did a quick search through my data and there haven't been any major Skype vulns in a while.  There's a local privilege escalation from this last spring and URL snooping, but neither should result in massive Skype usage.  The Dark Comet Remote Access Tool (RAT) uses the Skype port and protocol to "phone home", so you might have a pest problem.  Even worse, a vulnerability was published last fall for getting in to the Dark Comet RAT via it's use of Skype - so if you have Dark Comet, someone could be breaking it to get into your computer.
Where do the folks selling zero day exploits seem to invest effort when it comes to Linux?   Do they work against versions that are in wide distribution (2.6.32), or try to get in early and sell bugs early in the hopes the lifetime of the work will be relatively longer (3.12)?    Is bleeding edge kernel and system software any better or worse security wise than a service contract for RHEL, etc. (and immediate updates).   If there are bad statistics, that would suggest to me some benefit from security from obscurity?

It still blows me a way that governments trust vendors that use international development teams, but do not disclose source code.   Why not more of a push toward systems that can _really_ be audited?   It seems to me like using medicine that has no systematic study or peer review.      

If this is accurate, it looks to me like the databases on exploits tends to be against old software?

http://www.cvedetails.com/vulnerability-list/vendor_id-33/product_id-47/year-2013/opgpriv-1/Linux-Linux-Kernel.html

Marcus

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com