default configuration for irc clients should use ssl servers
Bug #1456778 reported by
David Monniaux
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
irssi (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Ubuntu 14.04.2 LTS irssi 0.8.15-5ubuntu3
irssi installs a default list of IRC networks and servers, all using unencrypted communications. This allows eavesdropping, e.g. if people access the Internet from an insecure wifi connection. This allows eavesdroppers to record conversations and nickserv passwords and possibly to impersonate the legitimate users.
Many of these networks (e.g. OFTC, Freenode) now provide SSL servers. They should be configured in the default irssi configuration file that is installed if the user has none.
To post a comment you must log in.
Status changed to 'Confirmed' because the bug affects multiple users.