08/03 2016
Man-in-the-Middle attack on Jabber server via tor
During the last days our friends of immerda.ch discovered a man-in-the-middle-attack on jabber users who connect to their favoured jabber server through Tor.
The malicious Tor exit-nodes presented a fake(wrong) certificate to those users. This should result in a certificate warning on the client side. If you ignored this warning, may someone eavesdropped on your connection.
Those servers were victims of the attack:
freifunk.im
jabber.ccc.de
jabber.systemli.org
jappix.org
jodo.im
pad7.de
swissjabber.ch
tigase.me
As far as we know, users who connect through our Tor Hidden Service were not affected.
You can find more detailed information in immerda’s summary
Sync your files, contacts, calendars, and more
Mailboxes without ads or analysis of your emails
Online editor for collaborative documents
Telephone and video conferencing for small groups
End-to-end encrypted messenger
Publish (encrypted) texts and add a date of expiry
Encrypted mailing lists for secure group communication
Distribute short messages during demonstrations and events
Wikis, blogs and individual website solutions
Our services at a glance