Full Disclosure mailing list archives

Re: Telegram authentication bypass

From: Tony Arcieri <bascule () gmail com>
Date: Tue, 29 Apr 2014 11:24:01 -0700

On Tue, Apr 29, 2014 at 1:26 AM, <jdiaz () cert inteco es> wrote:

Thus, in this case, the development of such malicious client is not out of
their security model and it is an actual design flaw.



I'm no fan of Telegram, but this is silly.

Can you point to any security software that can survive the "client is
duped into installing malware" attack?

-- 
Tony Arcieri

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

Telegram authentication bypass jdiaz (Apr 28)
- Re: Telegram authentication bypass Dominik Schürmann (Apr 28)
  - Re: Telegram authentication bypass jdiaz (Apr 29)
    - Re: Telegram authentication bypass Mario Vilas (Apr 29)
    - Re: Telegram authentication bypass Tony Arcieri (Apr 29)
- Re: Telegram authentication bypass Hanno Böck (Apr 28)