Posts Tagged ‘Social Network’

Security researcher Phil discover a Cross-Site Scripting vulnerability exists in the “Chat Message” window in Skype 3.0.1 and earlier versions for iPhone and iPod Touch devices.

Skype uses a locally stored HTML file to display chat messages from other Skype users, but it fails to properly encode the incoming users “Full Name”, allowing an attacker to craft malicious JavaScript code that runs when the victim views the message.

XSS in Skype

To demonstrate the vulnerability, He captured a photo of a simple javascript alert() running within Skype.

Executing arbitrary Javascript code is one thing, but he found that Skype also improperly defines the URI scheme used by the built-in webkit browser for Skype. Usually you will see the scheme set to something like, “about:blank” or “skype-randomtoken”, but in this case it is actually set to “file://”. This gives an attacker access to the users file system, and an attacker can access any file that the application itself would be able to access.

File system access is partially mitigated by the iOS Application sandbox that Apple has implemented, preventing an attacker from accessing certain sensitive files. However, every iOS application has access to the users AddressBook, and Skype is no exception.

He also created a proof of concept injection and attack that shows that a users AddressBook can indeed be stolen from an iPhone or iPod touch with this vulnerability.

To further demonstrate the issue, he had recorded a video of this scenario.

Please see the video & use the comments section on his blog for your questions.

Skype Attack Message

Skype Attack Loading

In case anyone is wondering, Phill disclosed the vulnerability to Skype on 8/24 & been told an update would be released early this August but no update yet.

facebook%20evilFacebook recently announced on its developer blog that it will now be "making a user’s address and mobile phone number accessible as part of the User Graph object." In other words, the site will now let third-party applications (think Farmville or that spammy app your friends keep falling for that promises to show them who is stalking them on Facebook) access your contact information.

"Because this is sensitive information," reads the announcement, "[…]permissions must be explicitly granted to your application by the user via our standard permissions dialogs." Take a look at the example permission dialogs box, however, and tell us if you think this is enough.

That we believe they are planning for long as they make authorize user ID via phone number and login via it.

So what they goanna sell out next? Your photo and information on dating site … No wonder if that happened.

We suggest to stop playing games and using Facebook application to stop spreading your information undesired manners. 

We thought apple is against for porn but the way they dealing the sexual issue and content is really make us feel apple is money greedy. They have some inviting some unethical social sexual part like group sex: see it as they said



Finally! The ONLY GROUP SEX positions application is available on the AppStore! Ready for a threesome with two girls or two guys? Threesome Sex Positions brings your the sexiest, most innovative, creative and pleasurable sex positions for adults who enjoy the multi-partner lifestyle of threesome sex.

★★★ SALE! 50% OFF THIS WEEK ★★★

Don’t get caught in a situation where you’re ready to have a threesome but have no idea what positions to try!!

✔ Browse tons of group sex kama sutra positions
✔ Multiple sex configurations:
✔ Two males and one female
✔ Two females and one male
✔ Add group sex positions to your favorites for quick access
✔ Text descriptions for each positions
✔ Share your favorite group sex positions via email
✔ Manage your favorites with a finger swipe
✔ Send interesting positions to your friends

We are always including new positions for your enjoyment. Over 30 *more* positions are on the way! Enjoy the best app exclusively for threesome sex positions!


The app is selling it for $0.99 See it on iTunes

What you think? Please leave your comment