[Pidgin] #11110: Pidgin appears to leak DNS for Jabber accounts
Pidgin
trac at pidgin.im
Fri Apr 15 12:58:12 EDT 2011
#11110: Pidgin appears to leak DNS for Jabber accounts
----------------------------------------+-----------------------------------
Reporter: ioerror | Owner: deryni
Type: defect | Status: new
Milestone: Implementation In Progress | Component: XMPP
Version: | Resolution:
Keywords: jabber security privacy |
----------------------------------------+-----------------------------------
Comment(by ioerror):
Right - that's the idea - if I'm using Google Talk with Tor, which I am -
I don't want to do a SRV lookup. It is not safe.
I want to be told that the connection fails with my proxy because it does
not support SRV lookups. I expect that pidgin may want to warn me about a
need to fill in the advanced tab by hand or something similar. Otherwise,
I will leak information that allows someone to perform a MITM attack on me
or worse.
I don't see how a plugin will change this behavior?
--
Ticket URL: <http://developer.pidgin.im/ticket/11110#comment:23>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list