We've published a new blog post about the recent jabber.ru security incident (a... - Random

snikket_im, 7 months ago

We've published a new blog post about the recent jabber.ru security incident (a kind of attack we have not seen before). It did not affect Snikket servers, but we are taking steps to remove the possibility of such attacks in the future. This includes advice that self-hosters can follow.

https://snikket.org/blog/on-the-jabber-ru-mitm/

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

+ vascorsd, John_Livingston, reiver, jabberati +1 more

Image

Image alternative text

nogweii, 7 months ago

@snikket_im very curious as to what you decide to do about CRT monitoring. Please share what tooling you end up using/developing, even if its something off-the-shelf!

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

jabberati, 7 months ago

deleted_by_author

Loading...

snikket_im, 7 months ago

@jabberati
Thanks! The problem is that we have hundreds of domains on our service, and so we really need something that can identify rogue certificates without drowning us in notifications about all the legitimate ones. That's apparently a bit harder...

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

kkarhan, 7 months ago

@snikket_im thanks for this vital info.

reply

report

activity

copy /kbin url

copy original url

open original url

Loading...

Add comment