Re: Anybody using Pantomime or mail-core framework?

FROM : Jens Alfke
DATE : Wed May 14 02:48:34 2008

On 13 May '08, at 5:40 PM, Matt Burnett wrote:

> Now your talking about hackers instead of spammers.


There's not really a difference nowadays, since most spam is sent from 
pwned servers/PCs.

> It is hard to sniff a HTTP session, you have to penetrate your 
> victim's network enough to be able to do so.


We're talking about a downloadable app. All I have to do is download a 
copy of it and either sniff its network traffic, or run it in gdb and 
set breakpoints on likely API calls that set up HTTP authentication. 
Then I know the URL and password.

(None of this may be likely, but security requires thinking about the 
worst possible scenarios.)

—Jens