[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] Telegram authentication bypass

To: jdiaz@xxxxxxxxxxxxxx
Subject: Re: [FD] Telegram authentication bypass
From: Tony Arcieri <bascule@xxxxxxxxx>
Date: Tue, 29 Apr 2014 11:24:01 -0700

On Tue, Apr 29, 2014 at 1:26 AM, <jdiaz@xxxxxxxxxxxxxx> wrote:

> Thus, in this case, the development of such malicious client is not out of
> their security model and it is an actual design flaw.

I'm no fan of Telegram, but this is silly.

Can you point to any security software that can survive the "client is
duped into installing malware" attack?

-- 
Tony Arcieri

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

References:
- [FD] Telegram authentication bypass
  - From: jdiaz
- Re: [FD] Telegram authentication bypass
  - From: Dominik Schürmann
- Re: [FD] Telegram authentication bypass
  - From: jdiaz

Prev by Date: Re: [FD] Telegram authentication bypass
Next by Date: Re: [FD] AOL confirms compromise
Previous by thread: Re: [FD] Telegram authentication bypass
Next by thread: Re: [FD] Telegram authentication bypass
Index(es):
- Date
- Thread