If you really know how Skype works, you know it's about as safe as juggling firecrackers. Skype, the popular VoIP program, relies on every PC running Skype between you and who you're calling to serve as stepping stones for your conversation. That's bad. What's worse is when Skype doesn't check to see if Skype calls are actually sent, or received, by the right people.
Or, to quote Levent "Noptrix" Kayan, the security researcher that uncovered this hole, "Skype suffers from a persistent Cross-Site Scripting [XSS] vulnerability due to a lack of input validation and output sanitization of the 'mobile phone' profile entry. Other input fields may also be affected."
What does that mean for you? Noptrix explained, "An attacker could trivially hijack session IDs of remote users and leverage the vulnerability to increase the attack vector to the underlying software and operating system of the victim."
In plain English, it's simple for a hacker to take over your Skype session as you login to Skype. From there it's not much of a trick to take over your Windows PC or Mac and start causing real trouble.
In a report by ZDNet Australia, Skype claims it's not that big a deal. Yeah. Right. At the same time though, Skype admits that it is a real problem and that they'll fix it within the next few days.
I have a better idea. Drop Skype, which will soon belong to Microsoft, and use Google Talk, ooVoo, or another VoIP program instead. Pretty much whatever you pick is going to be safer than Skype. Maybe Microsoft will fix this issue, but I still have real trouble figuring out how Microsoft is going to integrate Skype with its corporate VoIP program Lync. I wouldn't count on Skype being safe to use anytime soon. In fact, if I were you I wouldn't count on Skype at all.
