Skip to main content


#XSF Announcement

Recently there was an incident via a so called #man_in_the_middle attack happened to an #XMPP #server.

To reduce the risk of such attacks in the future an early stage service called CertWatch has been published by our Community: certwatch.xmpp.net/

Many thanks to Stephen P. Weber (@singpolyma)!

Read two related blog posts:
blog.jmp.chat/b/certwatch/cert…

snikket.org/blog/on-the-jabber…

#Jabber #mitm #security #vulnerability #machine_in_the_middle #chat

Nicoco reshared this.

in reply to XSF: XMPP Standards Foundation

An alternative form of MitM is Manipulator-in-the-middle.

I prefer it as it is (1) more accurate and (2) less focused on a gender („man“ being ambiguous in English here).

in reply to XSF: XMPP Standards Foundation

It throws a 504 error if your c2s ports aren’t open to all IP addresses. But once I relaxed my server’s firewall, it was fine.
in reply to XSF: XMPP Standards Foundation

#XMPP #CertWatch said that »[My] settings are correct and no MITM was detected.« That's great.

It then continued with some #PubSub stuff and finally said »If you do not have a pubsub-capable client you can subscribe for text notifications by opening a chat with certwatch.xmpp.net and sending the message “subscribe <my xmpp server>”«.

My question is now: How do I open a chat with a hostname and not a JID?

My clients are #Gajim resp. #Conversations / #BlabberIM.

Anyone?

in reply to Klaus Alexander Seistrup

@kas exactly like you would open a chat with a contact. Or by clicking here: xmpp:certwatch.xmpp.net

Conversations shows a warning that this is a domain address but 'add anyway' works fine.

This entry was edited (1 year ago)