[Pidgin] #15277: Windows installer relies on HTTP rather than HTTPS

Pidgin trac at pidgin.im
Mon Aug 27 01:55:47 EDT 2012

#15277: Windows installer relies on HTTP rather than HTTPS
 Reporter:  ioerror      |        Owner:  datallah       
     Type:  enhancement  |       Status:  new            
Milestone:               |    Component:  winpidgin (gtk)
  Version:  2.10.6       |   Resolution:                 
 Keywords:  security     |  

Comment(by ioerror):

 I've written an EvilGrade module for this issue - so it provides a
 backdoored GTK bundle. Ironically, just as I was testing, I noticed I
 couldn't use the installer to download the GTK bundle or the debugging
 symbols. I'm not sure why the installer behavior changed but I'll get
 around to figuring it out in about a week. The EvilGrade plugin will work
 for all files that aren't protected by HTTPS (SSL/TLS) - so it can be used
 as a useful regression test when HTTPS is deployed.

Ticket URL: <http://developer.pidgin.im/ticket/15277#comment:7>
Pidgin <http://pidgin.im>

More information about the Tracker mailing list