{"id":1450,"date":"2011-07-19T09:05:28","date_gmt":"2011-07-19T12:05:28","guid":{"rendered":"http:\/\/www.talsoft.com.ar\/?p=1450"},"modified":"2011-07-19T09:05:28","modified_gmt":"2011-07-19T12:05:28","slug":"descubierta-vulnerabilidad-xss-en-skype","status":"publish","type":"post","link":"https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/","title":{"rendered":"Descubierta vulnerabilidad XSS en Skype"},"content":{"rendered":"<div><a href=\"http:\/\/2.bp.blogspot.com\/-ndZANmdpPE8\/TiSUDsDKR0I\/AAAAAAAAF3s\/FjMT5MDyA3g\/s1600\/skype_xss.jpg\" rel=\"lytebox\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"http:\/\/2.bp.blogspot.com\/-ndZANmdpPE8\/TiSUDsDKR0I\/AAAAAAAAF3s\/FjMT5MDyA3g\/s320\/skype_xss.jpg\" alt=\"\" width=\"320\" height=\"223\" border=\"0\" \/><\/a><\/div>\n<p>Desde el jueves pasado circulaban algunas noticias sobre el descubrimiento de una Cross-site Scripting (XSS) en Skype pero, tras la confirmaci\u00f3n oficial de la compa\u00f1\u00eda y la alerta enviada <a href=\"http:\/\/cert.inteco.es\/securityAdvice\/Actualidad\/Avisos_seguridad_tecnicos\/xss_skype_20110716\">por el INTECO-CERT<\/a> se confirma la noticia. <a href=\"http:\/\/www.noptrix.net\/about.html\">Levent Kayan<\/a>, un consultor de seguridad de Berl\u00edn, <a href=\"http:\/\/www.noptrix.net\/advisories\/skype_xss.txt\">public\u00f3 hace unos d\u00edas<\/a> su descubrimiento; una vulnerabilidad que permitir\u00eda (a un atacante remoto) <strong>acceder a la cuenta de un usuario<\/strong> (y tomar el control de la misma al cambiarle la contrase\u00f1a, por ejemplo, y acceder a todos los datos de sus contactos).<\/p>\n<p>El problema se encuentra en el formulario de usuario (<a href=\"http:\/\/www.youtube.com\/watch?v=uaXHZKf9JLs\">video<\/a>), el cual contiene <strong>un campo para consignar el n\u00famero de tel\u00e9fono m\u00f3vil y en el que se puede inyectar c\u00f3digo en JavaScript<\/strong> que, posteriormente, puede ser ejecutado cuando un contacto accede a la ficha \u201cmaliciosa\u201d del usuario, momento en el que se podr\u00eda tomar el control total de la cuenta y acceder a todos los datos del usuario. Visto as\u00ed, est\u00e1 claro que tanto v\u00edctima como atacante tienen que conocerse y, por tanto, el riesgo baja un poco, pero no deja de ser una brecha importante.<\/p>\n<p>Skype est\u00e1 trabajando en una actualizaci\u00f3n de sus clientes para solventar el problema, mientras tanto, los usuarios de <strong>Skype 5.3.0.120<\/strong> y versiones anteriores para plataformas Windows y Mac OS X, deber\u00e1n extremar las precauciones con la gente a la que agregan y los perfiles que visitan. Pens\u00e1ndolo un poco, creo que el fallo es muy grave, permitir en un campo que es num\u00e9rico,la introducci\u00f3n de un c\u00f3digo en JavaScript est\u00e1 m\u00e1s all\u00e1 del mero despiste; algo que Skype no ha considerado as\u00ed y no lo ha catalogado como incidencia cr\u00edtica.<\/p>\n<p>Seg\u00fan la respuesta oficial de Skype, encarnada en <a href=\"http:\/\/www.linkedin.com\/in\/adrianasher\">Adrian Asher<\/a>, jefe de seguridad de la informaci\u00f3n de Skype:<\/p>\n<blockquote><p>En esencia, permite que uno de sus principales contactos en Windows le muestre mensajes o lo rediriga a p\u00e1ginas web dentro de la p\u00e1gina de Skype. Con el fin de aprovecharla, esta persona tendr\u00eda que ser un contacto validado suyo y uno de los m\u00e1s frecuentes, y por lo tanto muy poco probable que cause problemas en el mundo real, sin embargo, no deber\u00eda ser as\u00ed y se arreglar\u00e1.<\/p><\/blockquote>\n<p><strong>Fuente: <a href=\"http:\/\/www.ddsmedia.net\/blog\/2011\/07\/14244\/\">DDSMedia<\/a> y <a href=\"http:\/\/blog.segu-info.com.ar\/\">Segu-info<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Desde el jueves pasado circulaban algunas noticias sobre el descubrimiento de una Cross-site Scripting (XSS) en Skype pero, tras la confirmaci\u00f3n oficial de la compa\u00f1\u00eda y la alerta enviada por el INTECO-CERT se confirma la noticia. Levent Kayan, un consultor de seguridad de Berl\u00edn, public\u00f3 hace unos d\u00edas su descubrimiento; una vulnerabilidad que permitir\u00eda (a [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-1450","post","type-post","status-publish","format-standard","hentry","category-profesional"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>TalSoft - Seguridad Inform\u00e1tica Empresarial - Descubierta vulnerabilidad XSS en Skype<\/title>\n<meta name=\"description\" content=\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Leandro Ferrari\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/\"},\"author\":{\"name\":\"Leandro Ferrari\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\"},\"headline\":\"Descubierta vulnerabilidad XSS en Skype\",\"datePublished\":\"2011-07-19T12:05:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/\"},\"wordCount\":396,\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/2.bp.blogspot.com\/-ndZANmdpPE8\/TiSUDsDKR0I\/AAAAAAAAF3s\/FjMT5MDyA3g\/s320\/skype_xss.jpg\",\"articleSection\":[\"Profesional\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/\",\"name\":\"TalSoft - Seguridad Inform\u00e1tica Empresarial - Descubierta vulnerabilidad XSS en Skype\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/2.bp.blogspot.com\/-ndZANmdpPE8\/TiSUDsDKR0I\/AAAAAAAAF3s\/FjMT5MDyA3g\/s320\/skype_xss.jpg\",\"datePublished\":\"2011-07-19T12:05:28+00:00\",\"description\":\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\",\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/#primaryimage\",\"url\":\"http:\/\/2.bp.blogspot.com\/-ndZANmdpPE8\/TiSUDsDKR0I\/AAAAAAAAF3s\/FjMT5MDyA3g\/s320\/skype_xss.jpg\",\"contentUrl\":\"http:\/\/2.bp.blogspot.com\/-ndZANmdpPE8\/TiSUDsDKR0I\/AAAAAAAAF3s\/FjMT5MDyA3g\/s320\/skype_xss.jpg\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"name\":\"TalSoft TS - Services IT Security\",\"description\":\"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.\",\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\",\"name\":\"Talsoft TS\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"contentUrl\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"width\":270,\"height\":125,\"caption\":\"Talsoft TS\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"http:\/\/www.facebook.com\/talsoftsrl\",\"https:\/\/x.com\/talsoft\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\",\"name\":\"Leandro Ferrari\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"caption\":\"Leandro Ferrari\"},\"sameAs\":[\"http:\/\/www.talsoft.com.ar\",\"https:\/\/www.facebook.com\/talsoftsrl\/\",\"https:\/\/x.com\/avatar_leandro\"],\"url\":\"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Descubierta vulnerabilidad XSS en Skype","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/","twitter_misc":{"Written by":"Leandro Ferrari","Estimated reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/#article","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/"},"author":{"name":"Leandro Ferrari","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8"},"headline":"Descubierta vulnerabilidad XSS en Skype","datePublished":"2011-07-19T12:05:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/"},"wordCount":396,"publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/#primaryimage"},"thumbnailUrl":"http:\/\/2.bp.blogspot.com\/-ndZANmdpPE8\/TiSUDsDKR0I\/AAAAAAAAF3s\/FjMT5MDyA3g\/s320\/skype_xss.jpg","articleSection":["Profesional"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/","url":"https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/","name":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Descubierta vulnerabilidad XSS en Skype","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/#primaryimage"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/#primaryimage"},"thumbnailUrl":"http:\/\/2.bp.blogspot.com\/-ndZANmdpPE8\/TiSUDsDKR0I\/AAAAAAAAF3s\/FjMT5MDyA3g\/s320\/skype_xss.jpg","datePublished":"2011-07-19T12:05:28+00:00","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/descubierta-vulnerabilidad-xss-en-skype\/#primaryimage","url":"http:\/\/2.bp.blogspot.com\/-ndZANmdpPE8\/TiSUDsDKR0I\/AAAAAAAAF3s\/FjMT5MDyA3g\/s320\/skype_xss.jpg","contentUrl":"http:\/\/2.bp.blogspot.com\/-ndZANmdpPE8\/TiSUDsDKR0I\/AAAAAAAAF3s\/FjMT5MDyA3g\/s320\/skype_xss.jpg"},{"@type":"WebSite","@id":"https:\/\/www.talsoft-security.com\/site\/#website","url":"https:\/\/www.talsoft-security.com\/site\/","name":"TalSoft TS - Services IT Security","description":"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.","publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.talsoft-security.com\/site\/#organization","name":"Talsoft TS","url":"https:\/\/www.talsoft-security.com\/site\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/","url":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","contentUrl":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","width":270,"height":125,"caption":"Talsoft TS"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/"},"sameAs":["http:\/\/www.facebook.com\/talsoftsrl","https:\/\/x.com\/talsoft"]},{"@type":"Person","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8","name":"Leandro Ferrari","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","caption":"Leandro Ferrari"},"sameAs":["http:\/\/www.talsoft.com.ar","https:\/\/www.facebook.com\/talsoftsrl\/","https:\/\/x.com\/avatar_leandro"],"url":"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/"}]}},"_links":{"self":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/1450","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/comments?post=1450"}],"version-history":[{"count":1,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/1450\/revisions"}],"predecessor-version":[{"id":1451,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/1450\/revisions\/1451"}],"wp:attachment":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/media?parent=1450"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/categories?post=1450"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/tags?post=1450"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}