Am 01.02.2014 19:57, schrieb Mark Doliner:
On Sat, Feb 1, 2014 at 6:21 AM, Alexander Holler <[email protected]> wrote:
I'm able to read. How do you send that reply?
The malicious user is logged into the user's XMPP server with another
account. The reply is sent as a normal IQ reply stanza from the
malicious user's client to the server, and is then routed to the
target user.
Thijs Alkemade didn't wrote that an already broken server is necessary
to explore or do something malicious with "delaying" replies or whatever.
It doesn't make sense to talk about things which only are possible if
the server is already totally broken. If you can spoof the 'from'
address of stanzas, then you alread have a broken server and nothing
will help. If the 'from' will not be validated by a server and the
server will route stanzas with those spoofed sender anyway, then
security already is at a level near zero.
Anyway, I prefer to quit this discussion, I don't have the need to talk
with people which do accuse me of not beeing able to read.
Alexander Holler
_______________________________________________
JDev mailing list
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: [email protected]
_______________________________________________
