On 13 May '08, at 5:40 PM, Matt Burnett wrote:
Now your talking about hackers instead of spammers.
There's not really a difference nowadays, since most spam is sent from pwned servers/PCs.
It is hard to sniff a HTTP session, you have to penetrate your victim's network enough to be able to do so.
We're talking about a downloadable app. All I have to do is download a copy of it and either sniff its network traffic, or run it in gdb and set breakpoints on likely API calls that set up HTTP authentication. Then I know the URL and password.
(None of this may be likely, but security requires thinking about the worst possible scenarios.)
—Jens
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [EMAIL PROTECTED]
