Vulnerability Disclosure ::: Pidgin

Thijs Alkemade thijsalkemade at
Sat Oct 4 12:21:43 EDT 2014

On 4 okt. 2014, at 16:51, Nitin Goplani <nitingoplani88 at> wrote:

> Hi,
> It was observed that  domain is not configured to support DNSSEC. This opens up a man-in-the-middle scenario where remote attackers will be able to tamper with your DNS records by the use of cache poisoning techniques.
> About DNSSEC: It is a technology to provide the guarantee that the answer from the Global DNS is correct which means the IP address belongs to the actual website not the fake/malicious one. 
> (i.e. if I type in the domain for my bank's website, I sure hope the IP address my browser goes to is of the intended bank, not some nefarious middle man trying to steal my data. This is what DNSSEC helps solve). 
> DNSSEC introduces digital signatures into the DNS infrastructure and is designed to automatically ensure that users are not hijacked en route and taken to an unintended destination 
> Recommendation: It is recommended to deploy DNSSEC. It will ensure the end user is connecting to the actual web site or other service corresponding to a particular domain name.

There’s no DNSSEC support for the .im TLD, so this is not currently possible:


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the security mailing list