[Adium-devl] Adium iPhone
Peter Hosey
boredzo at adiumx.com
Fri Jan 23 09:32:39 UTC 2009
On 2009-01-23, at 01:11, Ofri wrote:
> Something like pressing a sync button [in Mac Adium] and then a
> search window will pop letting the user select from all available
> mobile apps.
No. Imagine something like WWDC, with Mallory sitting in a chair with
Adium on his laptop and a bunch of Mobile Adium users walking around
with it running on their sleeping iPhones.
Adium probably should provide a method of authentication more secure
than “pick one from this list of computer names”, but even that would
be less of a security risk than “pick one from this list of iPhone
names”.
Remember, the main thing is to get transcripts from the device to the
Mac. Going the other way might be nice for filling out history, but
it's not necessary. Thus, having the Mac pull transcripts from any
iPhone that it wants to is a huge data leak for the owners of those
iPhones; the reverse, which would require Mallory to fool the mark
into tapping the wrong computer name, is a much harder attack to pull
off, and practically impossible to do to many victims at once.
More information about the devel
mailing list