[guardian-dev] Smack SSL MiTM Vuln and ChatSecure beta fix

Nathan of Guardian nathan at guardianproject.info
Tue Aug 5 16:59:58 EDT 2014

Thanks to Georg of Yaxim for his great work on this, both technically
and in coordinating with us.


"Smack is an Open Source XMPP (Jabber) client library for instant
messaging and presence written in Java. Smack prior to version 4.0.2 is
vulnerable to TLS Man-in-the-Middle attacks, as it fails to check if the
server certificate matches the hostname of the connection."


Our fix for ChatSecure:Android
is included in the new ChatSecure 13.2.0 beta out today, which is near
enough to stable, that we recommend an upgrade:



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20140805/89be4b11/attachment.sig>

More information about the Guardian-dev mailing list