Let's Encrypt: threat or opportunity to other certificate authorities?
Classified in : Homepage, Debian, Command line, Miscellaneous
Let's Encrypt is a certificate authority (CA) that just left beta stage, that provides domain name-validated (DV) X.509 certificates for free and in an automated way: users just have to run a piece of software on their server to get and install a certificate, resulting in a valid TLS setup.
Read more Let's Encrypt: threat or opportunity to other certificate authorities?
XMPPloit explained
XMPPloit is an exploit tool for a so-called “flaw” in the XMPP protocol. It has been published recently under the GPLv3 license, and has received much comment. However, it does not seem anybody took the time to study this attack and explain it.
Goals
XMPPloit is designed to serve as a transparent man-in-the-middle between an XMPP client and its XMPP server, in order to force the client not to encrypt its communications, so that it is possible to read them and modify them on-the-fly.
That allows to force the client to use a clear text authentication mechanism, to display its login and password, and to modify any message it sends or receives.