

Skype Bug Lets Users Hijack Accounts - fafssaf
http://blogs.forbes.com/andygreenberg/2011/07/15/simple-skype-bug-lets-hackers-hijack-contacts-accounts/

======
cipherpunk
A remote exploit in the Skype application that allows account theft is
`minor', because, ``as you can imagine, someone who you deal with frequently
is probably unlikely to take advantage of this bug anyways.''

Give me a moment to collect my jaw from the floor.

~~~
shareme
I take it MS must have bought a Forbes ad?

------
kevingadd
My favorite part of this is that for some reason, the HTML document they're
using to display (unsanitized) user details in the Skype application has a
cookie set that contains the logged in user's login token. Why is that even
necessary to display another user's profile?

