Hacker News new | past | comments | ask | show | jobs | submit login

>and attacks like this are just downright scary

https://notes.valdikss.org.ru/jabber.ru-mitm/

That attack strikes me as generic. As in not anything to do with XMPP specifically.




> As in not anything to do with XMPP specifically.

The fact that STARTTLS is even possible with that protocol is bad.


What does STARTTLS have to do with a MITM attack based on certificate substitution? What XMPP servers still allow unencrypted client connections by default?




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: