[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Telegram authentication bypass



On Mon, 28 Apr 2014 11:17:31 +0200
jdiaz@xxxxxxxxxxxxxx wrote:

> This may allow
> an attacker leveraging this issue (e.g. by distributing a slightly
> modified client) to obtain almost full control of the victim's
> account.

I haven't read the details, but can you please explain how it is an
"attack" if I can control a user if I manage that he installs a
modified client?
I can do anything if a user installs a client I can modify. That's
no surprise and has nothing to do with the protocol in use.

I'm certainly not a fan of telegram's strange security protocol, but
this seriously sounds like strange FUD (haven't read the paper, maybe
it's just a joke or a fake).

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@xxxxxxxxx
GPG: BBB51E42

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/