[Operators] Security Test Day - feedback needed!
Marco Cirillo
maranda at lightwitch.org
Sun Jan 5 22:41:40 UTC 2014
Il 05/01/2014 20:13, Mike Taylor ha scritto:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> So a lot of us flipped the "encryption required" flag for our
> Server-to-Server connections yesterday, how did it go? For my self it
> went very well, but I also tend to only communicate to other XMPP folks :)
>
> I would love to hear from operators and normal users about any results
> or issues that were seen or heard about.
>
> Thanks!
> - --
>
> bear
> xmpp agitator; ops curmudgeon; generalist
> http://bear.im/about
> http://bear.im/pubkey.txt
> 0A93 9BA7 8203 FCBC 58A9 E8B5 9D1E 0661 8EE5 B4D8
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJSya7pAAoJEJ0eBmGO5bTYej8P+gPh9Jbwi0YJhw4CRPfe7C2V
> nXtdE/g41U5oaObkPPzjdz53nxAjkJxzvhKAiOpEHhRGypYD2inn2AYWu8S9dpvn
> g0qtli7HhwjHjuF9dzm9Up4pfHADA8HXdrq5dfEUJSjmiZjxeoMuuKj2MwfVHbJW
> t29Jm6u2D+TTfix0M+DLKSzpsLqMx+3HHYaqo3cHDYhfborFveOZIQiGZxPRR0WP
> P9N7zb55Age4ncNFXypnlIgbTCD0ZeSb6CAcQXWwiP7vQMJfATX6dF8Sk/BK2iW5
> yLw00Lu8FqESVjdZqqc+N8IohPHtTLA8Cx5Zo9NbFQMy/KZawrmR6qIvPjFI29vB
> Km89Wxi7dZ03rhqK/EM7LFZTwna+RrGsuVeDCcaYgW0h2cIo1ttb+NRAHW0vyScT
> dtsWQxmqbuuNetl8hz/Xxk25Ju8zf/ZzwZuutlYrl+YUSeUnEoVrhbb7li7pURmc
> q1HpXBhDU7N3oa1rnKIAAn2F+iZIU2YPHNGclIzzmRuMMW7pM6xAIGYb7+Ysnl9x
> A/0QJM/2y3rLL1AvogOr8KnEy7U3iXztvwBTzYQa+8CtIeD/sbQh2gLJR0qgCNTK
> fQr1qobLyjL2mJna+8Jo4uzNk78Cb6NgT7LKETkg+ZM3W0qnyMINvlS56aI8H0bA
> cOH51m28z88Yr6n24m1z
> =j9f/
> -----END PGP SIGNATURE-----
It singled out a lot of big services here:
- cisco.com and all webex jabber hosted services
- google talk and all google apps xmpp hosted domains (and it's more
then you think...)
- All servers which run Openfire even if they support TLS, they seem to
trample on authentication steps when they open a stream to a server
which presents both SASL and DB
- All servers which (seemingly) are pre-1.0 (even those who don't
properly tag their strean headers)
And beside this had some not so nice encounters with very buggy jabberd2
servers which started to loop attempting to re-establish a connection
(very fast beside) when the server closed down their streams.
--
*Marco Cirillo*
/LW.Org/LW.Org IM Owner & Head Developer/
/Metronome IM Project Mantainer/Developer/
/Jappix Mantainer/Developer/
http://lightwitch.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20140105/c34459db/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4512 bytes
Desc: Firma crittografica S/MIME
URL: <http://mail.jabber.org/pipermail/operators/attachments/20140105/c34459db/attachment-0001.bin>
More information about the Operators
mailing list