Jump to content

Recommended Posts

Posted

First of all, let me clarify that I'm NOT complaining about the delay. I appreciate Kaphotics's and everyone else's work on it, as it's proven itself to be a very useful tool, and I know it can be a daunting task, but I'm just curious about why it has been more than a month and a half since it was announced to come "by the end of the month". Have there been any unexpected issues, manpower shortage, or just any more important stuff to attend to? Again, I'm not complaining, I'm just curious, and I fully understand if this can't be disclosed, but I would just like to know what to expect, since I've been religiously checking the website every day just to be greeted by the same bold message every time...

EDIT: I know some forums look down upon discussing other websites. I'm only posting this here because Pokécheck has no dedicated forums and is more like an online-hosted program than another website, and this is the place that seemed more appropriate for its discussion. If any mod feels it's inappropriate, feel free to close or delete this thread. I just humbly ask you to not consider this an infraction, if it's the case, as I found no other place that seemed better for this question.

Posted

xfr became unexpectedly busy in academic circles after he and his colleagues published the discovery of a new exploit in a certain commonly-used internet security protocol.

No idea if this was something he discovered in the course of working on Pokecheck. But it would be amazing if it were.

Posted
xfr became unexpectedly busy in academic circles after he and his colleagues published the discovery of a new exploit in a certain commonly-used internet security protocol.

No idea if this was something he discovered in the course of working on Pokecheck. But it would be amazing if it were.

Any specifics on this publication? I wouldn't mind checking it out.

Posted

Thanks Kaphotics.

For what it's worth, I doubt this had anything to do with Pokecheck. The attack described is only useful in a situation where A) the client deliberately connects to the attacker's server and B) the target server requires client authentication. A isn't possible in the context of Pokemon X/Y running on an unmodified 3DS and B isn't true of Pokemon X/Y's current online infrastructure.

Nevertheless, this is terrific work and I wouldn't be too surprised if someone as capable as xfr could find a hole in Nintendo's TLS implementation. We're lucky to have him.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...