OTR and general security stuff
Jurre van Bergen
drwhax at 2600nl.net
Wed Feb 13 10:46:46 EST 2013
I've been auditing various parts in Pidgin, I'm working with some
fellow hackers to audit various parts of the libpurple and pidgin code,
I found some potentially sketchy code, I'll hope to email the security
team soon with a write-up. Also, I plan on keep doing this for a while.
I plan on;
* Audit the codebase.
* Writing some fuzzers and look what ASan/TSan/MSan think of it.
* Getting a better SSL implementation going (NSS/GNUTLS in a pluggable
* Sandbox integration for Linux platform. Think libvirt-sandbox or Seccomp?
I was thinking, perhaps it's interesting for the Pidgin project to have
a few or one student(s) working this summer (GSOC) on "securing"
All the best,
Give a man a fish and you feed him for a day; teach a man to fish and you feed him for life.
More information about the Devel