[guardian-dev] gibberbot, OTR, xmpp, android in general

Michael Rogers michael at briarproject.org
Tue Dec 3 05:50:35 EST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/12/13 19:00, Natanael wrote:
> If the SSL session is attacked, the attacker can at best end the
> connection to your chat server or try to send malformed packages
> hoping that your client will crash or get DDoS:ed, and they can
> also send non-OTR Jabber messages. They could potentially attempt
> to hijack your Jabber account as well (sending messages to other
> people from it), but they still can't intitiate verified OTR chats
> with anybody who knows your OTR public key.

They could also see who you're chatting with.

Cheers,
Michael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJSnbd7AAoJEBEET9GfxSfM+JIH+waFXU2T3BB0ykZ3Crd5gtiO
RVgVExunS9DfF2M/Ts+RMzGYvK+0CCEsto+vn92lqZOMh1KjuwE6IJM4zrPraX6y
F/r0DVs6cu3qZ/ulftTQDLdBlmSXhammrbgB3IrVVZXyw5t9QlTICvUhGxS6050D
y/1iYPLBhWMYGKMsT8FsW4QmnPd2qdDin9v81ZTz7wxpd93v3ax+Pv+B4QRdeUgF
GVGhDG4VGTqZSQiJ+QXOf3RLWAZBNqfhBTDf2IVnclj/Nx/VAGXQUDm13iA19ECg
qkFsCAjMnCAFkwYifo70XIS/hMwJpuyztYwE6lSDwK3xLupn6ZK3uQAPyuaZgPk=
=52rX
-----END PGP SIGNATURE-----


More information about the Guardian-dev mailing list