Skype’s elusive, security related, bug
posted on 2016-04-16
I didn’t use Skype for almost a year, but a month ago just recalled a strange problem I encountered while going through my old screenshots directory. The screenshot in question was one of an alien skype profile I accidentally logged on one day. I have reported the problem to Skype in January. It was long overdue. Yet I’m not sure if the message passed through1 as no one have contacted me about it, not even their lawyers 😄
I rarely used Skype even when I used it. But still in a span of last three or four years when I occasionally fired it up on my macbook pro I was presented with another one’s account when automatically logged into. I didn’t enter anyone’s password, just fired the client. I could easily see his whole roster and do everything one can do while logged in. Our accounts had similar names, the difference was additional suffix starting with a dot in his account name. Logging out and logging back into my own account would take me to my own account just like expected.
Googling revealed only one forum post on Skype’s site that claimed similar behaviour. The post was from 2012.
I can easily imagine myself making an error in logging in code that would bring smililar behaviour. It is so easy to compare two buffers taking wrong length as a guideline, ie. taking always the shortest one, and not failing the test altogether when the lengths differ.
Each time I encountered that behaviour I was back after a longer hiatus in terms of Skype use and that’s could also state an important information to track that rare and elusive bug. But I don’t hold my breath for Skype to do so, as it seems Skype have their security team well guarded from getting reports from their users.
I don’t use Skype anymore so I will just leave it where it is.
Footnotes:
you can’t do it via email, despite instructions on their faq, the support page doesn’t allow it – you can only post it to their community forums or have an online chat with a representative which I had, got the info it was passed to their supervisor and that’s all.