On Mon, 28 Apr 2014 11:17:31 +0200 jdiaz@xxxxxxxxxxxxxx wrote: > This may allow > an attacker leveraging this issue (e.g. by distributing a slightly > modified client) to obtain almost full control of the victim's > account. I haven't read the details, but can you please explain how it is an "attack" if I can control a user if I manage that he installs a modified client? I can do anything if a user installs a client I can modify. That's no surprise and has nothing to do with the protocol in use. I'm certainly not a fan of telegram's strange security protocol, but this seriously sounds like strange FUD (haven't read the paper, maybe it's just a joke or a fake). -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@xxxxxxxxx GPG: BBB51E42
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/