John P. Mello Jr. from TechNewsWorld wrote that Skype had an on-and-off kind of week, fixing an embarrassing flaw in its password reset system and then being called too secure for many corporate networks because its encryption could allow company secrets to escape undetected. Then, it had to deal with a report that it had given out information on one of its users to a private investigator who simply asked for it.
Microsoft had to temporarily disable Skype's password reset feature last week after a Russian hacker revealed a simple way to lock users out of their accounts.
All an attacker needed to know was an email address associated with an account in order to hijack it. That address could be used to create a new account, which could then be used to reset the password and lock out the original user.
Ironically, Skype's robust security features are one reason some organizations bar it from their networks, said Tom Nichols, vice president for corporate marketing for Endace. "Skype is a risk because it's deeply encrypted and it can be used to transfer information out of an organization without anybody knowing what's going on," he told TechNewsWorld.
Skype is one of many applications running on corporate networks in defiance of company security policies, a study by Endace released last week revealed. Of the more than 100 senior network IT professionals from Fortune 500 companies, 53 percent confessed that their employees use applications that violate corporate policies, the study found.
After Skype fixed its password problem, it found itself in a bad light again when it was reported that the company had handed over the user information of a Dutch teenager and fan of WikiLeaks to a Texas cyber intelligence firm that just asked for it.
That appears to be a violation of Skype's privacy policy, which states it will not surrender user data "unless it is obliged to do so under applicable laws or by order of the competent authorities."
Comments