Audit Instantbird's security

added component::archived/tor messenger priority::medium resolution::wontfix severity::normal status::closed type::task labels

Trac:
Keywords: N/A deleted, SponsorO added

Trac:
Cc: N/A to gk

https://www.opentechfund.org/labs#redteam

Trac:
Parent: N/A to #14161 (closed)
Keywords: N/A deleted, TorMessengerPublic added

Trac:
Status: new to assigned
Owner: N/A to sukhbir

Trac:
Cc: gk to gk, arlolra

I talked to Florian today and he gave me some hints and useful information for auditing. I plan to work at some of the above points although I probably won't have the time to cover all things mentioned in the description.

That's great to hear. Thanks!

The twitter protocol uses a element to OAuth. There may be other uses. Noting to investigate.

Attached are the things I did and found while looking at Tor Messenger (essentially version 0.0.6, I guess). It contains some ToDos for the next audit as well.

Trac:
audit_tor_messenger0.0.6

Thanks gk! That was very helpful. I reopened a few tickets and copied findings to their relevant tasks.

Removing parent (#14161 (closed)) as blocker as we already have tickets for the tasks.

Trac:
Parent: #14161 (closed) to N/A

Trac:
Keywords: SponsorO deleted, N/A added

Trac:
Keywords: TorMessengerPublic deleted, N/A added

Trac:
Owner: sukhbir to N/A
Sponsor: N/A to N/A
Severity: N/A to Normal
Reviewer: N/A to N/A

Trac:
Status: assigned to new

<+sukhe> hello. yes, I think it's fine to close the tickets. thanks for doing what we should done earlier :)

sad but true: https://blog.torproject.org/sunsetting-tor-messenger

luckily there are alternatives: https://blog.torproject.org/tor-heart-onion-messaging

.. and maybe someday

Trac:
Status: new to closed
Resolution: N/A to wontfix

closed

Audit Instantbird's security

Child items ...

Activity