[Operators] Suspicion of Jabbim services being hacked

Istvan Betuker istvanbetuker at gmail.com
Sat Jan 10 13:46:08 UTC 2015


Hi, please remove my e-mail from the mailing list. It was a mistake for I
subscribed.
Cheers
On Dec 29, 2014 6:41 PM, "Mathias Ertl" <mati at fsinf.at> wrote:

> Hi,
>
> On 12/19/2014 08:36 PM, Mathieu Pasquet wrote:
> > Do we have any statistics (e.g. on jabber.org) about what proportion of
> > clients do not support any other mechanisms than PLAIN and DIGEST-MD5?
> > (though yes, PLAIN works well with hashed passwords, but should still be
> > avoided whenever possible)
> >
> > That would be enlightening.
>
> ejabberd supports an option "disable_sasl_mechanisms" in 14.12. We used
> it to disable digest-md5 to mimics a switch to SCRAM-SHA1 before we made
> the actual switch.
>
> We have received a single report of a user not being able to connect,
> but he didn't reply after us asking what client he used. We have seen no
> observable drop in service usage.
>
> greetings, Mati
> (jabber.at)
>
>
> --
> twitter: @mathiasertl | xing: Mathias Ertl | email: mati at er.tl
> I only read plain-text mail!  I prefer signed/encrypted mail!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/operators/attachments/20150110/b597bb97/attachment.html>


More information about the Operators mailing list