From the cryptography list. Can anyone in the know comment, to the
extent you can do so publicly?
Udhay
To: [EMAIL PROTECTED]
Subject: Yahoo + iPhone = replay attacks
From: "Perry E. Metzger" <[EMAIL PROTECTED]>
Date: Thu, 19 Jul 2007 18:54:27 -0400
A blog entry which claims that the proprietary "Push IMAP" protocol
that Apple and Yahoo came up with is deeply flawed -- the entry states
that the entire thing is vulnerable to trivial replay attacks.
http://blog.dave.cridland.net/?p=32
Hat tip: Marshall Rose
If true, this is yet more evidence for the ancient hypothesis that it
is foolish to roll your own security protocols.
Perry
--
Perry E. Metzger [EMAIL PROTECTED]
-
--
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))
