"TheEndless" wrote:
"roquoonewbie" wrote:
You were saying that could be done by abusing the ECP launched channel store page. That can only be done if there is malicious software already running on the network.
Not necessarily. Your perfectly harmless ECP app could unknowingly allow the install of such a malicious channel. Have you reviewed the code of every private channel that your app installs? There's no way for you to know if a developer has hidden something in their channel that looks completely innocuous on the surface.
My perfectly harmless ECP (or any of the examples I provided above) could not unknowingly install such a malicious channel. An ECP app typically only installs it's own companion app. And only does so when a user requests it. Only a malicious ECP could/would covertly launch the channel store screen for a private channel the user had not expressed any interest in installing. And again, if it could do that, it could equally launch the web browser to the add channel page as well...which looks just as "official" as the channel store screen.
