Yahoo + iPhone = replay attacks
Perry E. Metzger
perry at piermont.com
Thu Jul 19 18:54:27 EDT 2007
A blog entry which claims that the proprietary "Push IMAP" protocol
that Apple and Yahoo came up with is deeply flawed -- the entry states
that the entire thing is vulnerable to trivial replay attacks.
http://blog.dave.cridland.net/?p=32
Hat tip: Marshall Rose
If true, this is yet more evidence for the ancient hypothesis that it
is foolish to roll your own security protocols.
Perry
--
Perry E. Metzger perry at piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list