Video Screencast Help
Search Video Help Close Back
to help

Security Response

Showing posts tagged with Vulnerabilities & Exploits
Showing posts in English
Vulnerabilities of the Skype API
John Canavan | 11 May 2006 07:00:00 GMT | 0 comments

With a landmark of six million concurrent online users set last month, Skype’s active user base is growing quickly. With many worms now targeting other IM platforms, it looks to be only a matter of time before Skype becomes targeted as an infection vector. The presence of functionally strong features in the Skype API makes it a prime target for malicious code.

Towards the end of last year, Skype introduced a programming API with the intention of fostering a growing development community. Applications providing useful add-ons to Skype functionality and many hardware interfaces had been springing up over the previous months. Hoping to make development for these programmers less painful, introduce new add-ons to the product, and ultimately increase their market share in the face of the threats from Google Talk and Yahoo IM talk services, the Skype API was launched to capitalize on developer interest.

The Skype API allowed for stand-alone applications...

Read more
History repeating…
Liam O Murchu | 05 May 2006 07:00:00 GMT | 0 comments

History repeats itself. Well, that’s how the saying goes anyway. To see the future we should look to the past.
So what have we seen in the recent past? The whole .wmf debacle at the end of 2005 certainly stands out. Have any lessons been learned from that? I think not, but I guess we will have to wait and see. Of course, the lessons should have been learned a long time before the .wmf exploits were ever circulated.

Why? Well, the .wmf vulnerabilities were more than likely found using some simple file format fuzzing techniques. These vulnerabilities were not the first that could have been found using file fuzzing. Indeed, we have also seen some other prominent examples of bugs in image formats that were probably found using this same technique. For example, we had the .png vulnerability in early 2005. We witnessed the icon vulnerability, also in 2005. What about the .jpeg/GDI vulnerability in 2004? All of these critical vulnerabilities could have been...

Read more