Despite Microsoft having been warned of the issue, for more than two months Skype has been vulnerable to a bug that enabled attackers to easily hijack any user’s Skype account.
Details of the vulnerability were first published in August on an online Russian-language hacking forum. Tuesday, the same Russian hacking forum user posted an update, reporting that the flaw still hadn’t been fixed.
That finally led Skype Wednesday to acknowledge the security vulnerability and begin working on a fix. “Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address,” wrote Skype Web quality assurance engineer Leonas Sendrauskas in a blog post. “We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience.”
Earlier today Mozilla introduced Collusion, an add-on for the Firefox browser that shows you how companies are tracking you as you surf the Web. A cool visual demonstration of the software illustrates all the links that form as you crisscross just a few popular sites online, including IMDB, the New York Times and the Huffington Post. The software shows the connections between sites you visit and third-party tracking and advertising networks such as Doubleclick and Scorecard Research. It makes plain the invisible web that has been woven through the Web.
The software was created as a protoype by Atul Varma, who explained in a blog post that he “didn’t know a lot about tracking myself, so I whipped up a Firefox add-on called Collusion to help me visualize it better,” he wrote. “The results were a little unsettling.”
VeriSign looks up over 50 billion URLs every day and, like Bitly, gets a handle on what people are doing online as a result. In particular, VeriSign’s data could add an awareness of activity outside the social sites where Bitly links are used. Andrew Cohen, Bitly’s general manager, wouldn’t give details on what this would make possible, but says he will explore the possibility of using the data to improve his company’s reputation-monitoring system.
Even without VeriSign’s help, Bitly can already predict when a company’s reputation is about to take a dive. Cohen gives the example of the vehicle-tracking company OnStar, not a Bitly customer, which was caught in a privacy controversy last month. It began when one customer wrote a blog post about reading in OnStar’s tracking policy that the movements of drivers that have canceled the service are still tracked. As the post got passed around on social media, Bitly algorithms registered a growing anger directed at OnStar. “We see the acceleration in clicks,” says Cohen, saying that had OnStar been a customer, Bitly could have warned that serious trouble was ahead. Sure enough, the story was picked up by the mainstream press, led senators to criticize OnStar, and forced the company to change its policy.
Cohen likens Bitly’s service to a smoke detector. “You don’t hear from it very often, but it’s important when you do,” he says. The VeriSign data will likely allow Bitly to better quantify such predictions because it can measure the usual traffic to a site and any deviations from that. “This gives Bitly another handle on the pulse of the Internet,” says Johan Bollen, a computer scientist at Indiana University.