Remember how Facebook with Skype integration was going to be "Something Awesome"? Well, it's something alright—a wide-open back door to your computer.


The vulnerability surfaced after David Vieira-Kurz posted the proof of concept video above to the Secalert website. Apparently, he had "found a few security issues which makes it possible to hijack a Skype Session and compromise a user's system due to a lack output sanitization." The victim does not need to be on either the attacker's FB friends list or Skype contact list for the exploit to work. According to ZDNet, the flaw has been independently verified (though details regarding how the hack actually work remain scarce) but neither Skype nor Facebook has yet confirmed the findings. [Secalert via ZDNet]

Update: Skype has issued a statement regarding the vulnerability and says that they actually fixed it last week. "The newly reported Cross Site Scripting (XSS) vulnerability that allows your Facebook stream to pop-up messages or redirect you to other Web sites is actually an issue that was fixed last week by an update deployed to users. All affected users should already be protected. Skype users do not need to install any updates for this fix to take effect."