Security researcher Aviv Raff has discovered and demonstrated a flaw within Skype that allows malicious code to execute when the software embeds video into chat. The problem is caused by Skype's web control. The program uses Internet Explorer to render internal and external HTML, but does so using "Local Zone" security settings. Full information on the "Skype cross-zone scripting vulnerability" is posted here. There, you can also watch a proof-of-concept footage of Skype launching Windows' calculator. The bug currently effects Skype v.3.6.0.244, and may be present in older versions of the client as well. At this point, the solution is to avoid running the "Add Video to Chat" Skype feature. Simply having the program installed or using its various other functions will not expose a system to potential infection.

Earlier this week, Sony's Consumer Electronics Show site slipped news that Skype VoIP functionality for the PlayStation Portable (PSP) will soon be added. Japan's Nikkei Net news service is reporting today that Skype functionality will be added to the PSP as early as this month. Skype's Internet phone technology will be limited to owners of the PSP Slim only. Those who own the redesigned handheld will be able to download Skype software directly onto their PSPs and then use a specially designed microphone to communicate. The Skype service will be free for PSP-to-PSP and PSP-to-PC calls. PSP Slim owners will also be able to sign up for a dedicated phone number, which Nikkei is reporting will run for 2,250 yen (about $20.70) for three months of usage. Expect more information on the service next week during the 2008 Consumer Electronics Show in Las Vegas.

Skype, a program that allows you to talk to people for free via the internet, is headed for the PSP, Sony has revealed.

Call friends, talk trash to fellow gamers or catch up with acquaintances via Skype for PSP system,

Sony states on its official site for the upcoming CES show. Expect more detailed information soon after the CES 2008 grand opening next Monday.

A password-stealing Trojan is targeting Skype, posing as a security plug-in for the popular VOIP and IM service and displaying a fake log-in screen that's almost identical to the real thing. McAfee's Avert Labs is identifying the Trojan as PWS-Pykse, and F-Secure is referring to it as Trojan-Spy.Win32.Skyper.B. Skype is calling it 65404-SkypeDefenderSetup.exe. The Trojan identifies itself as the "Skype-Defender" plug-in and is attempting to steal Skype usernames and passwords, along with all usernames and passwords saved in Internet Explorer. After execution, the Trojan disables running instances of Skype and swaps in its fake Skype login window. If the victim enters his or her username and password, the malware captures it and any others saved in IE and posts it via http to a Web site for the malware author to retrieve. Security researchers, and Skype, are recommending that users update their antivirus detections to avoid infection.

Although, not one of my favourite programs, Skype is considered a high priority software application. The latest 3.5.0.239 release, is now available for download and it fixes some major bugs:

• bugfix: Links with invalid % encodings were executed
• bugfix: Data execution protection may have crashed Skype
• bugfix: Pressing escape did not end call
• Security improvements to ensure it is no longer possible to shut down Skype from a web page

DOWNLOAD

Skype has learned that a computer virus called "w32/Ramex.A" is affecting users of Skype for Windows. Users whose computers are infected with this virus will send a chat message to other Skype users asking them to click on a web link that can infect the computer of the person who receives the message. The worm is also known as "WORM_SKIPI.A (Trend)," and "W32/Pykse.worm.b" (McAfee). When a Skype user receives chat message with an internet link - either from Skype contacts or users not on the contact list - and download the .scr file covered as .jpg picture, the worm will install itself to the system and create several startup keys in the registry. Currently, F-Secure, Kaspersky Lab and Symantec have already updated their antivirus products to detect and remove the worm. Expert users who know what they're doing can also remove the worm manually, by following this guide.

A new variant of the Stration worm, which has been plaguing Windows users for the past year, has made the jump from Skype to the ICQ and MSN Messenger networks. For a computer to be infected, a user must first click on a link and then agree to download an executable file. The malicious link is listed below the instant message: "Check this out. Give me your opinion." Once installed, the worm will gradually start to send out messages to the victim's contacts. Although the worm is considered to be a low-risk infection, be careful what you click on these days.

Another Trojan horse is spreading through the Internet telephone network of Skype Ltd. The malicious code, known as both Warezov and Stration, is similar to an earlier version detected in February, but with a new URL and a new version of the malicious code, according to an alert posted Thursday by Websense Inc. Websense warns Skype users to watch for the message "Check up this," with a URL containing a hyperlink. When users click on the link, they are redirected to a site that is hosting a file named file_01.exe. Users are then prompted to run the file and if they do, several other files are downloaded and run. The downloaded files are other versions of the Waresov/Stration malicious code, so be careful when receiving messages from people not in your contact list.

All Skype subscribers will be able to access a new premium service: a lie detector. Made by KishKish, the lie detecting program is an add-on to Skype, which works by measuring the stress levels in a conversation. Neither Skype or KishKish have a general figure on how much the service will cost, though you can download trial versions of it here.

Janus Friis and Niklas Zennstrom - the founders of Skype, one of the largest companies in VoIP calling - are planning for a peer-to-peer IPTV service. About 6,000 users are already beta testing this service (codenamed the Venice Project) which is intended to allow people to share any videos that they own the copyright to, almost like a peer-to-peer YouTube. Although this is an interesting idea, many connections will be unable to handle the upload speeds that would be required if thousands of people were looking to stream the same video from a few users.