Critical Bug In Libotr Opens Users of ChatSecure, Adium, Pidgin To Compromise

Critical Bug In Libotr Opens Users of ChatSecure, Adium, Pidgin To Compromise (helpnetsecurity.com) 25

Posted by timothy on Saturday March 12, 2016 @07:02AM from the knowing-is-half-the-aaaaauuuuggghhh dept.

An anonymous reader writes with a report at HelpNet Security that A vulnerability in "libotr," the C code implementation of the Off-the-Record (OTR) protocol that is used in many secure instant messengers such as ChatSecure, Pidgin, Adium and Kopete, could be exploited by attackers to crash an app using libotr or execute remote code on the user's machine.

Critical Bug In Libotr Opens Users of ChatSecure, Adium, Pidgin To Compromise

This discussion has been archived. No new comments can be posted.

Load All Comments

Search 25 Comments Log In/Create an Account

Comments Filter:

Curious (Score:2, Interesting)

by campuscodi ( 4234297 ) writes:

Does anyone still use these?
- Re: (Score:1)
  
  by Anonymous Coward writes:
  
  Enlighten me, what should one be using to chat securely these days?
  - Re: (Score:3)
    
    by Wowsers ( 1151731 ) writes:
    
    Sneakernet.
  - Re: (Score:3)
    
    by Dutch Gun ( 899105 ) writes:
    
    Enlighten me, what should one be using to chat securely these days?
    I'd probably use Threema, as it has a trust-no-one model in which the most secure level (of the three available) requires personally exchanging keys with the target recipient. The company is also based in Switzerland, which, sadly, makes it a hell of a lot more secure by default than any US-based company, as we're quickly finding out with this pending Apple / FBI case.
    That being said, I *don't* actually need secure chat, so I just use SMS or e-mail, which should be considered about as secure as a postcard.
  - - Re: (Score:3)
      
      by shione ( 666388 ) writes:
      
      I like telegram ( https://telegram.org/ [telegram.org] ) . It gets a 7 on EFF ( https://www.eff.org/node/83766 [eff.org] ) and has clients on android/ios/windows/mac/linux and even on winblows phone that nobody uses
      - Re: (Score:3)
        
        by thegoldenear ( 323630 ) writes:
        
        Moxie Marlinspike - 'A Crypto Challenge For The Telegram Developers':
        http://thoughtcrime.org/blog/t... [thoughtcrime.org]
        Pete Boyd
        
        Re: (Score:2)
        
        by shione ( 666388 ) writes:
        
        Thats interesting. I notice it is from a few years back. I take it the developers of telegram ignored them about it?
      - Re: (Score:2)
        
        by shione ( 666388 ) writes:
        
        Yea, sorry it's a 6. typo :)
      - Re: (Score:2)
        
        by KGIII ( 973947 ) writes:
        
        qTox.
        https://tox.chat/clients.html [tox.chat]
        I do use a Windows phone, by the way. A /.er recommended it so I tried it and I'm pretty happy. I don't use Windows on my computer but I kind of like it on my phone. Contrary to popular opinion - there are apps available. There just aren't a few hundred thousand repeats of the same apps. I do everything that I can possibly want to do on my phone. I'm pretty happy with it and it's really quite snappy even though it's not as powerful as some of the other phones that I've owne

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Critical Bug In Libotr Opens Users of ChatSecure, Adium, Pidgin To Compromise (helpnetsecurity.com) 25

Critical Bug In Libotr Opens Users of ChatSecure, Adium, Pidgin To Compromise More Login

Critical Bug In Libotr Opens Users of ChatSecure, Adium, Pidgin To Compromise

Curious (Score:2, Interesting)

Re: (Score:1)

Re: (Score:3)

Re: (Score:3)

Re: (Score:3)

Re: (Score:3)

Re: (Score:2)

Re: (Score:2)

Re: (Score:2)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot