Another Skype security flaw rears its ugly head

Security researchers have found a serious security vulnerability that could result in PC hijack attacks against users of the Skype IP telephony service.

The flaw, described by researcher Aviv Raff as a cross-zone scripting vulnerability, could allow hackers to use rigged video files to launch a serious attack on the user's PC.

The problem is know to affect Skype v3.6.0 but other versions may also be affected.

Just to make life really interesting, Petko D. Petkov, a vulnerability researcher at GNUcitizen, claims to have identified that the ads transmitted over the Skype network are unencrypted, allowing - in theory at least - for them to be intercepted and replaced.

Until the problem is patched, the researchers are advising punters not to use the video chat facility. I think that's wise advice...