[95270] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Yahoo + iPhone = replay attacks

daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Thu Jul 19 18:59:20 2007

To: cryptography@metzdowd.com
From: "Perry E. Metzger" <perry@piermont.com>
Date: Thu, 19 Jul 2007 18:54:27 -0400

A blog entry which claims that the proprietary "Push IMAP" protocol
that Apple and Yahoo came up with is deeply flawed -- the entry states
that the entire thing is vulnerable to trivial replay attacks.

http://blog.dave.cridland.net/?p=32

Hat tip: Marshall Rose

If true, this is yet more evidence for the ancient hypothesis that it
is foolish to roll your own security protocols.

Perry
-- 
Perry E. Metzger		perry@piermont.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[95270] in cryptography@c2.net mail archive

Yahoo + iPhone = replay attacks

daemon@ATHENA.MIT.EDU (Perry E. Metzger)Thu Jul 19 18:59:20 2007

daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Thu Jul 19 18:59:20 2007