[Operators] Security Test Day - feedback needed!

Marco Cirillo maranda at lightwitch.org
Sun Jan 5 22:41:40 UTC 2014


Il 05/01/2014 20:13, Mike Taylor ha scritto:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> So a lot of us flipped the "encryption required" flag for our
> Server-to-Server connections yesterday, how did it go? For my self it
> went very well, but I also tend to only communicate to other XMPP folks :)
>
> I would love to hear from operators and normal users about any results
> or issues that were seen or heard about.
>
> Thanks!
> - -- 
>
> bear
> xmpp agitator; ops curmudgeon; generalist
> http://bear.im/about
> http://bear.im/pubkey.txt
> 0A93 9BA7 8203 FCBC 58A9 E8B5 9D1E 0661 8EE5 B4D8
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJSya7pAAoJEJ0eBmGO5bTYej8P+gPh9Jbwi0YJhw4CRPfe7C2V
> nXtdE/g41U5oaObkPPzjdz53nxAjkJxzvhKAiOpEHhRGypYD2inn2AYWu8S9dpvn
> g0qtli7HhwjHjuF9dzm9Up4pfHADA8HXdrq5dfEUJSjmiZjxeoMuuKj2MwfVHbJW
> t29Jm6u2D+TTfix0M+DLKSzpsLqMx+3HHYaqo3cHDYhfborFveOZIQiGZxPRR0WP
> P9N7zb55Age4ncNFXypnlIgbTCD0ZeSb6CAcQXWwiP7vQMJfATX6dF8Sk/BK2iW5
> yLw00Lu8FqESVjdZqqc+N8IohPHtTLA8Cx5Zo9NbFQMy/KZawrmR6qIvPjFI29vB
> Km89Wxi7dZ03rhqK/EM7LFZTwna+RrGsuVeDCcaYgW0h2cIo1ttb+NRAHW0vyScT
> dtsWQxmqbuuNetl8hz/Xxk25Ju8zf/ZzwZuutlYrl+YUSeUnEoVrhbb7li7pURmc
> q1HpXBhDU7N3oa1rnKIAAn2F+iZIU2YPHNGclIzzmRuMMW7pM6xAIGYb7+Ysnl9x
> A/0QJM/2y3rLL1AvogOr8KnEy7U3iXztvwBTzYQa+8CtIeD/sbQh2gLJR0qgCNTK
> fQr1qobLyjL2mJna+8Jo4uzNk78Cb6NgT7LKETkg+ZM3W0qnyMINvlS56aI8H0bA
> cOH51m28z88Yr6n24m1z
> =j9f/
> -----END PGP SIGNATURE-----

It singled out a lot of big services here:

- cisco.com and all webex jabber hosted services
- google talk and all google apps xmpp hosted domains (and it's more 
then you think...)
- All servers which run Openfire even if they support TLS, they seem to 
trample on authentication steps when they open a stream to a server 
which presents both SASL and DB
- All servers which (seemingly) are pre-1.0 (even those who don't 
properly tag their strean headers)

And beside this had some not so nice encounters with very buggy jabberd2 
servers which started to loop attempting to re-establish a connection 
(very fast beside) when the server closed down their streams.

-- 

*Marco Cirillo*
/LW.Org/LW.Org IM Owner & Head Developer/
/Metronome IM Project Mantainer/Developer/
/Jappix Mantainer/Developer/
http://lightwitch.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20140105/c34459db/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4512 bytes
Desc: Firma crittografica S/MIME
URL: <http://mail.jabber.org/pipermail/operators/attachments/20140105/c34459db/attachment-0001.bin>


More information about the Operators mailing list