[Pidgin] #15277: Windows installer relies on HTTP rather than HTTPS
Pidgin
trac at pidgin.im
Mon Aug 27 01:55:47 EDT 2012
#15277: Windows installer relies on HTTP rather than HTTPS
-------------------------+--------------------------------------------------
Reporter: ioerror | Owner: datallah
Type: enhancement | Status: new
Milestone: | Component: winpidgin (gtk)
Version: 2.10.6 | Resolution:
Keywords: security |
-------------------------+--------------------------------------------------
Comment(by ioerror):
I've written an EvilGrade module for this issue - so it provides a
backdoored GTK bundle. Ironically, just as I was testing, I noticed I
couldn't use the installer to download the GTK bundle or the debugging
symbols. I'm not sure why the installer behavior changed but I'll get
around to figuring it out in about a week. The EvilGrade plugin will work
for all files that aren't protected by HTTPS (SSL/TLS) - so it can be used
as a useful regression test when HTTPS is deployed.
--
Ticket URL: <http://developer.pidgin.im/ticket/15277#comment:7>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list