Vulnerability Disclosure ::: Pidgin

Nitin Goplani nitingoplani88 at
Sat Oct 4 12:22:45 EDT 2014

Thanks for letting me know.

On 4 October 2014 21:51, Thijs Alkemade <thijsalkemade at> wrote:

> On 4 okt. 2014, at 16:51, Nitin Goplani <nitingoplani88 at> wrote:
> > Hi,
> >
> > It was observed that  domain is not configured to support
> DNSSEC. This opens up a man-in-the-middle scenario where remote attackers
> will be able to tamper with your DNS records by the use of cache poisoning
> techniques.
> >
> > About DNSSEC: It is a technology to provide the guarantee that the
> answer from the Global DNS is correct which means the IP address belongs to
> the actual website not the fake/malicious one.
> > (i.e. if I type in the domain for my bank's website, I sure hope the IP
> address my browser goes to is of the intended bank, not some nefarious
> middle man trying to steal my data. This is what DNSSEC helps solve).
> > DNSSEC introduces digital signatures into the DNS infrastructure and is
> designed to automatically ensure that users are not hijacked en route and
> taken to an unintended destination
> >
> > Recommendation: It is recommended to deploy DNSSEC. It will ensure the
> end user is connecting to the actual web site or other service
> corresponding to a particular domain name.
> There’s no DNSSEC support for the .im TLD, so this is not currently
> possible:
> Regards,
> Thijs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the security mailing list