Logs for jabber

Show join/part/nick changes:

[00:14:21] * treebilou left the chat.
[00:23:05] <ThurahT> has there really not been any conversation for 11 hours or is it smthng wrong with my client?
[00:40:27] <brlancer> ThurahT: the last I saw was ~11h ago
[00:40:56] <ThurahT> Then all is well I guess.. : )
[00:41:02] <ThurahT> thx
[00:54:17] <brlancer> /me shrugs
[02:41:21] * darkrain left the chat.
[04:55:05] * rameesanakkara joined the chat.
[04:55:06] * rameesanakkara left the chat.
[04:55:28] * rameesanakkara joined the chat.
[04:56:59] * rameesanakkara left the chat.
[05:37:55] * tsk joined the chat.
[06:33:28] * Tobias joined the chat.
[06:36:32] * treebilou joined the chat.
[06:37:26] * treebilou left the chat.
[06:37:30] * treebilou joined the chat.
[06:40:23] * tsk left the chat.
[07:06:57] * Neustradamus left the chat.
[07:07:39] * Neustradamus joined the chat.
[07:16:49] * naw joined the chat.
[07:16:57] * rameesanakkara joined the chat.
[07:16:57] * rameesanakkara left the chat.
[07:18:03] * rameesanakkara joined the chat.
[07:36:06] * Jeremy Visser joined the chat.
[07:36:34] <Jeremy Visser> O hai
[07:39:48] <rameesanakkara> Hi
[07:41:40] * rameesanakkara left the chat.
[07:59:53] <brlancer> word
[09:12:40] * rameesanakkara joined the chat.
[09:12:40] * rameesanakkara left the chat.
[09:13:03] * rameesanakkara joined the chat.
[09:17:11] * rameesanakkara left the chat.
[09:19:49] * naw left the chat.
[09:26:33] * rmehla3 joined the chat.
[09:26:34] * rmehla3 left the chat.
[09:59:19] * naveenraj07 joined the chat.
[09:59:19] * naveenraj07 left the chat.
[10:04:05] * naveenraj07 joined the chat.
[10:07:02] * naveenraj07 left the chat.
[10:11:55] * badlop joined the chat.
[10:39:03] * Tobias_ joined the chat.
[10:43:58] * Tobias left the chat.
[10:48:34] * Lastwebpage joined the chat.
[10:55:41] * treebilou left the chat.
[11:01:42] * thewanderer joined the chat.
[11:02:41] <thewanderer> hi. is message sender spoofing possible in XMPP/Jabber in a similar way that's possible with E-Mail in SMTP?
[11:04:28] <thewanderer> I'm writing a bot supposed to offer sensitive services to authorized users (authenticated by JID) and am concerned if it's going to be vulnerable to this kind of attack
[11:07:32] <louiz’> no, except if the receiver is DNS-spoofed, AFAIK
[11:08:36] <louiz’> but when you send a message, the receiver server checks to your domain « is it really you, that is connecting to me and sending me a message from someone@yourserver.com? »
[11:09:01] <thewanderer> does that involve a full XMPP s2s connection or only DNS verification?
[11:09:21] <louiz’> what do you mean?
[11:10:24] <louiz’> when you starts a s2s connection, the remote server uses DNS to check if your server is not lying.
[11:10:37] <louiz’> you starts = your server starts
[11:10:43] <Kev> You have a reasonable degree of confidence that anyone claiming to be alice@wonderland.lit is either a) alice@wonderland.lit b) someone using the alice@wonderland.lit account, having compromised her credentials c) the wonderland.lit admin deliberately compromising the alice@wonderland.lit account.
[11:10:58] <thewanderer> hm, okay
[11:11:42] <Kev> If DNS is compromised, or the wonderland.lit server is compromised, or your server is compromised, this confidence drops.
[11:11:47] <thewanderer> I was reading about the Dialback mechanism, but that does seem redundant somehow if the victim's cache is poisoned
[11:12:06] <Kev> Well, it's the victim's server's cache that needs to be poisoned.
[11:12:13] <thewanderer> yeah, I understand that
[11:12:26] <Kev> But yes, dialback is susceptible to DNS poisoning.
[11:12:37] <thewanderer> hm... why bother with a key, then?
[11:12:47] <Kev> Hmm?
[11:12:58] <louiz’> the key, for TSL encryption, you mean?
[11:13:01] <louiz’> TLS*
[11:13:06] <Kev> Do you mean the dialback key?
[11:13:25] <Kev> That's because when A connects to B, A provides a key - B then connects back to A and asks "Was this you?".
[11:13:37] <Kev> While giving A the key that is pupportedly from A.
[11:14:08] <thewanderer> ah, so making it less susceptible to DNS attacks...
[11:14:45] <Kev> Well, the dialback connection B to A is still susceptible to a DNS attack.
[11:15:00] <thewanderer> yeah, but they'd have to intercept the key as well it seems
[11:15:32] <thewanderer> oh wait, it's sent to the attacker :/
[11:15:36] <Kev> I think it's reasonable to assume that if DNS has been compromised, dialback will break down.
[11:15:48] <Kev> That's why the Right way of doing S2S verification is cert-based.
[11:15:49] <thewanderer> yeah, I'd better not worry about that for now
[11:16:13] <Kev> If you want to be absolutely certain, then do something a little bit clever like SCRAM authentication end to end.
[11:16:29] <Kev> But that requires custom stuff at both ends, not just at yours.
[11:16:34] <Kev> So it depends on your degree of paranoia.
[11:16:48] <thewanderer> I think certificates will be enough, I don't expect them to be compromised
[11:17:00] <Kev> Certificates aren't generally used for verification.
[11:17:04] <Kev> It's usually dialback that's used.
[11:17:17] <Kev> (Because so few servers have properly configured certs)
[11:17:54] <thewanderer> so if I set my server to prefer cert auth, I'm fine?
[11:18:21] <Kev> If you set your server to require cert trust auth for s2s, you're ok - but most servers won't be able to connect to you.
[11:18:54] <Kev> jabber.org will, using the default trust anchors for most OSs, for example, but even my own server would fail (correct cert, but expired).
[11:18:57] <thewanderer> that's okay, I bet gmail servers don't use garage-made certificates and nobody else ever talks to us :P
[11:19:19] <Kev> I'm not sure whether the gmail certs are valid or not, I've never checked. It wouldn't surprise me to find that they're wrong.
[11:20:34] <thewanderer> I'll check that before deploying, then
[11:20:46] <thewanderer> thank everyone for their help
[11:21:55] <Kev> YW.
[12:23:33] * Tobias_ left the chat.
[12:24:29] * Tobias joined the chat.
[12:35:02] * thewanderer left the chat.
[13:10:10] * Badja joined the chat.
[13:12:29] * Badja left the chat.
[13:15:54] * aRyo joined the chat.
[13:37:59] * aRyo left the chat.
[13:39:12] * jafarkattamkuzhi joined the chat.
[13:39:12] * jafarkattamkuzhi left the chat.
[13:41:46] * jafarkattamkuzhi joined the chat.
[13:41:49] * jafarkattamkuzhi left the chat.
[14:20:45] * Neustradamus left the chat.
[14:25:54] * treebilou joined the chat.
[14:46:12] * tsk joined the chat.
[15:04:26] * Moritz Molch joined the chat.
[15:04:26] * Moritz Molch left the chat.
[15:07:18] * Nanichinnu2010 joined the chat.
[15:07:19] * Nanichinnu2010 left the chat.
[15:07:37] * Nanichinnu2010 joined the chat.
[15:07:37] * Nanichinnu2010 left the chat.
[15:08:12] * Nanichinnu2010 joined the chat.
[15:11:57] * badlop left the chat.
[15:21:28] * Nanichinnu2010 left the chat.
[15:22:47] * Jeremy Visser left the chat.
[16:03:31] * tsk left the chat.
[16:12:36] * janibp29@jabber.org joined the chat.
[16:13:20] * janibp29@jabber.org left the chat.
[16:37:12] * dynam1te joined the chat.
[17:01:43] * darkrain joined the chat.
[17:04:13] * вап joined the chat.
[17:04:22] * вап left the chat.
[17:08:17] * darkrain left the chat.
[17:08:55] * darkrain joined the chat.
[17:21:11] * mpranj joined the chat.
[17:24:22] * dynam1te left the chat.
[17:25:19] * dynam1te joined the chat.
[17:25:20] * darkrain left the chat.
[17:36:35] * Neustradamus joined the chat.
[17:45:00] * Neustradamus left the chat.
[17:45:11] * aRyo joined the chat.
[17:45:44] * Neustradamus joined the chat.
[17:47:09] <aRyo> let's rock http://youtu.be/0jgrCKhxE1s
[17:47:15] <aRyo> ]:->
[17:53:23] * ThurahT left the chat.
[18:09:13] * aRyo left the chat.
[18:19:08] * naw joined the chat.
[18:25:48] * naw left the chat.
[18:35:45] * mpranj left the chat.
[18:37:10] * naw joined the chat.
[18:55:22] * naw left the chat.
[19:04:43] * Kev left the chat.
[19:05:16] * Kev joined the chat.
[19:10:20] * Kev left the chat.
[19:16:28] * Kev joined the chat.
[19:36:17] * Neustradamus left the chat.
[19:47:44] * Kev left the chat.
[19:50:33] * Kev joined the chat.
[20:13:17] * tsk joined the chat.
[20:13:49] * tsk left the chat.
[20:26:28] * naw joined the chat.
[20:32:04] * Neustradamus joined the chat.
[21:10:47] * naw left the chat.
[21:37:14] * norm joined the chat.
[21:37:14] * norm left the chat.
[21:38:00] * norm joined the chat.
[21:44:46] * ThurahT joined the chat.
[21:58:56] * Tobias left the chat.
[22:24:55] * Lastwebpage left the chat.
[22:25:47] * dynam1te left the chat.
[22:26:30] * dynam1te joined the chat.
[22:36:01] * dynam1te left the chat.
[22:36:18] * dynam1te joined the chat.
[22:49:03] * norm left the chat.