Critical Bug In Libotr Opens Users of ChatSecure, Adium, Pidgin To Compromise (helpnetsecurity.com)

← Back to Stories (view on slashdot.org)

Critical Bug In Libotr Opens Users of ChatSecure, Adium, Pidgin To Compromise (helpnetsecurity.com)

Posted by timothy on Friday March 11, 2016 @11:02PM from the knowing-is-half-the-aaaaauuuuggghhh dept.

An anonymous reader writes with a report at HelpNet Security that A vulnerability in "libotr," the C code implementation of the Off-the-Record (OTR) protocol that is used in many secure instant messengers such as ChatSecure, Pidgin, Adium and Kopete, could be exploited by attackers to crash an app using libotr or execute remote code on the user's machine.

4 of 25 comments (clear)

Min score:

Reason:

Sort:

Re:Curious by Wowsers · 2016-03-12 00:09 · Score: 2

Sneakernet.

--
Take Nobody's Word For It.
Re:Curious by Dutch+Gun · 2016-03-12 00:21 · Score: 2

Enlighten me, what should one be using to chat securely these days?
I'd probably use Threema, as it has a trust-no-one model in which the most secure level (of the three available) requires personally exchanging keys with the target recipient. The company is also based in Switzerland, which, sadly, makes it a hell of a lot more secure by default than any US-based company, as we're quickly finding out with this pending Apple / FBI case.
That being said, I *don't* actually need secure chat, so I just use SMS or e-mail, which should be considered about as secure as a postcard.

--
Irony: Agile development has too much intertia to be abandoned now.
Re:Curious by shione · 2016-03-12 03:11 · Score: 2

I like telegram ( https://telegram.org/ ) . It gets a 7 on EFF ( https://www.eff.org/node/83766 ) and has clients on android/ios/windows/mac/linux and even on winblows phone that nobody uses
Re:Curious by thegoldenear · 2016-03-12 04:44 · Score: 2

Moxie Marlinspike - 'A Crypto Challenge For The Telegram Developers':
http://thoughtcrime.org/blog/t...
Pete Boyd