We issued a separate SSL certificate and proxyed connections to TCP:5222. Wow! It was revealed by accident due to a mistake by their admins. If not for this error, most likely no one would have noticed.
Most likely this is a government attack and the hosters were simply obliged to implement these redirects. I wonder how many of these jabber servers are being listened to at the moment. After all, cool hackers and scammers most often use jabber. Another episode justifying the paranoia of red-eyed cryptomaniacs.
Morality:
1. Check the fingerprints of certificates even if you are lazy.
2. Nothing has been invented more secure than E2E encryption, but even there everyone is too lazy to check key fingerprints.
Personally, I prefer the @fbi_gov @leakbase_official_v2 approach with 4 emojis as a key fingerprint; it’s not difficult to verify when calling.
Post on HN: You must be logged in to see this link.
The investigation itself You must be logged in to see this link.
Most likely this is a government attack and the hosters were simply obliged to implement these redirects. I wonder how many of these jabber servers are being listened to at the moment. After all, cool hackers and scammers most often use jabber. Another episode justifying the paranoia of red-eyed cryptomaniacs.
Morality:
1. Check the fingerprints of certificates even if you are lazy.
2. Nothing has been invented more secure than E2E encryption, but even there everyone is too lazy to check key fingerprints.
Personally, I prefer the @fbi_gov @leakbase_official_v2 approach with 4 emojis as a key fingerprint; it’s not difficult to verify when calling.
Post on HN: You must be logged in to see this link.
The investigation itself You must be logged in to see this link.