mastodon - Link to source

#XSF Announcement

Recently there was an incident via a so called #man_in_the_middle attack happened to an #XMPP #server.

To reduce the risk of such attacks in the future an early stage service called CertWatch has been published by our Community: certwatch.xmpp.net/

Many thanks to Stephen P. Weber (@singpolyma)!

Read two related blog posts:
blog.jmp.chat/b/certwatch/cert…

snikket.org/blog/on-the-jabber…

#Jabber #mitm #security #vulnerability #machine_in_the_middle #chat

CertWatch Logo

On the jabber.ru MITM attack

Reports of a possible recent interception of the public XMPP service jabber.ru have raised a lot of questions for people about how the attack happened, and whether it could affect them too. We have some answers.
snikket.org
#xmpp #security #Jabber #server #chat #vulnerability #xsf #mitm #man_in_the_middle #machine_in_the_middle @Stephen Paul Weber
This entry was edited (1 year ago)

Nicoco reshared this.

in reply to XSF: XMPP Standards Foundation

pleroma - Link to source

Klaus Alexander Seistrup

#XMPP #CertWatch said that »[My] settings are correct and no MITM was detected.« That's great.

It then continued with some #PubSub stuff and finally said »If you do not have a pubsub-capable client you can subscribe for text notifications by opening a chat with certwatch.xmpp.net and sending the message “subscribe <my xmpp server>”«.

My question is now: How do I open a chat with a hostname and not a JID?

My clients are #Gajim resp. #Conversations / #BlabberIM.

Anyone?

CertWatch: XMPP MITM Monitoring

certwatch.xmpp.net
#xmpp #conversations #gajim #pubsub #blabberim #certwatch