[Pidgin] #11110: Pidgin appears to leak DNS for Jabber accounts

Pidgin trac at pidgin.im
Fri Apr 15 12:58:12 EDT 2011


#11110: Pidgin appears to leak DNS for Jabber accounts
----------------------------------------+-----------------------------------
 Reporter:  ioerror                     |        Owner:  deryni
     Type:  defect                      |       Status:  new   
Milestone:  Implementation In Progress  |    Component:  XMPP  
  Version:                              |   Resolution:        
 Keywords:  jabber security privacy     |  
----------------------------------------+-----------------------------------

Comment(by ioerror):

 Right - that's the idea - if I'm using Google Talk with Tor, which I am -
 I don't want to do a SRV lookup. It is not safe.

 I want to be told that the connection fails with my proxy because it does
 not support SRV lookups. I expect that pidgin may want to warn me about a
 need to fill in the advanced tab by hand or something similar. Otherwise,
 I will leak information that allows someone to perform a MITM attack on me
 or worse.

 I don't see how a plugin will change this behavior?

-- 
Ticket URL: <http://developer.pidgin.im/ticket/11110#comment:23>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list