[Psi-devel] account defaults don't work for google talk
Trejkaz
trejkaz at trypticon.org
Sat Mar 3 00:54:16 PST 2007
On Friday 02 March 2007 08:23, textshell-I1QKlO at neutronstar.dyndns.org wrote:
> It enables a malicous server to steal the password.
A malicious server wouldn't *need* to. If it's already managed to fake the
SSL certificate and the DNS entry, I think it's safe to assume it could just
pretend to be that user without the user actually needing to login.
TX
--
Email: trejkaz at trypticon.org
Jabber ID: trejkaz at trypticon.org
Web site: http://trypticon.org/
GPG Fingerprint: 9EEB 97D7 8F7B 7977 F39F A62C B8C7 BC8B 037E EA73
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.affinix.com/pipermail/psi-devel-affinix.com/attachments/20070303/e7b11339/attachment.pgp
More information about the psi-devel
mailing list