On Tue, Apr 29, 2014 at 1:26 AM, wrote:
> Thus, in this case, the development of such malicious client is not out of
> their security model and it is an actual design flaw.
I'm no fan of Telegram, but this is silly.
Can you point to any security software that can survive the "client is
duped i
Hi,
I'm afraid I have a few questions and some criticism. My responses inline:
On Tue, Apr 29, 2014 at 10:26 AM, wrote:
> Hello,
>
> Thanks for your response.
>
> Telegram actually promotes the development of unofficial apps by providing
> a free API which allows anyone to interact with their s
Hello,
Thanks for your response.
Telegram actually promotes the development of unofficial apps by providing
a free API which allows anyone to interact with their services, and easily
develop and distribute an unofficial client. Moreover, they do not provide
any mechanism at all to verify the auth
Hello,
like Telegram said, this is definitely out of normal security models!
You assume that the client app has been compromised, e.g. by downloading
an unofficial one.
If you assume that, every crypto protocol out there is broken! What
about downloading a forked Firefox version? Maybe it includes
On Mon, 28 Apr 2014 11:17:31 +0200
jd...@cert.inteco.es wrote:
> This may allow
> an attacker leveraging this issue (e.g. by distributing a slightly
> modified client) to obtain almost full control of the victim's
> account.
I haven't read the details, but can you please explain how it is an
"att
Hello,
A security issue affecting Telegram instant messaging service has been
made public by INTECO-CERT. Further details follow.
--
Affected products and services:
--
Telegram instant messaging service.
--
