OTR and general security stuff

Jurre van Bergen drwhax at 2600nl.net
Wed Feb 13 10:46:46 EST 2013


I've been auditing various parts in Pidgin[1], I'm working with some
fellow hackers to audit various parts of the libpurple and pidgin code,
I found some potentially sketchy code, I'll hope to email the security
team soon with a write-up. Also, I plan on keep doing this for a while.

I plan on;
* Audit the codebase.
* Writing some fuzzers and look what ASan/TSan/MSan think of it.
* Getting a better SSL implementation going (NSS/GNUTLS in a pluggable
way) [2]
* Sandbox integration for Linux platform. Think libvirt-sandbox or Seccomp?

I was thinking, perhaps it's interesting for the Pidgin project to have
a few or one student(s) working this summer (GSOC) on "securing"

All the best,

[1] http://hg.pidgin.im/pidgin/main/rev/66dc0da8257b
[2] https://developer.pidgin.im/ticket/15515

Give a man a fish and you feed him for a day; teach a man to fish and you feed him for life.


More information about the Devel mailing list