Mitigating MITMs in XMPP
328 | Thu 01 Aug 3 p.m.–3:45 p.m.
Presented by
-
Amolith is a musician, developer, and sysadmin. He works with MBOA.dev on products like JMP.chat, co-hosts the Linux Dev Time (linuxdevtime.com) and Linux Lads (linuxlads.com) podcasts, runs NixNet (nixnet.services), and blogs on secluded.site.
Amolith is a musician, developer, and sysadmin. He works with MBOA.dev on products like JMP.chat, co-hosts the Linux Dev Time (linuxdevtime.com) and Linux Lads (linuxlads.com) podcasts, runs NixNet (nixnet.services), and blogs on secluded.site.
Abstract
In October 2023, Jabber.ru, “the largest Russian XMPP messaging service”, discovered that both Hetzner and Linode had been targetting them with Machine-In-The-Middle (MITM) attacks for up to 6 months. This talk covers the basics of MITM attacks in general, some specifics of the attack against Jabber.ru, and a very effective mitigation strategy for admins to implement and both admins and users to monitor.
This talk assumes little prior knowledge beyond “XMPP is an open and extensible communication protocol that facilitates messaging, calling, and more”.
In October 2023, Jabber.ru, “the largest Russian XMPP messaging service”, discovered that both Hetzner and Linode had been targetting them with Machine-In-The-Middle (MITM) attacks for up to 6 months. This talk covers the basics of MITM attacks in general, some specifics of the attack against Jabber.ru, and a very effective mitigation strategy for admins to implement and both admins and users to monitor. This talk assumes little prior knowledge beyond “XMPP is an open and extensible communication protocol that facilitates messaging, calling, and more”.