[VOIPSEC] "SkypeSkryping" and Google Voice findings by Secure Science
nnp
version5 at gmail.com
Sat Apr 11 15:08:33 CDT 2009
OK, interesting I suppose. Although you could have summed up the
entire thing with a one-liner "Skype web access is vulnerable to CSRF"
Is there some way to enumerate valid Skype accounts by the way?
Besides some lame dictionary attack. If not, then how do you propose
the attacker finds out who these online 15 million people are? That
would seem to be the more interesting part here.
On Sat, Apr 11, 2009 at 6:27 PM, Shawn Merdinger <shawnmer at gmail.com> wrote:
> http://www.securescience.net/blog/2009/04/skypeskrayping-part-1.html
> http://www.securescience.net/exploits/googlevoice/GVSSCETATv1_public.pdf
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
--
http://www.unprotectedhex.com
http://www.smashthestack.org
More information about the Voipsec
mailing list