203

Malicious Plugin in Pidgin (Chat Application) (pidgin.im)

submitted 4 months ago by pnutzh4x0r@lemmy.ndlug.org to c/opensource@lemmy.ml

16 comments fedilink hide all child comments

Greetings everyone. It is with much regret that I am writing this post. A plugin, ss-otr, was added to the third party plugins list on July 6th. On August 16th we received a report from 0xFFFC0000 that the plugin contained a key logger and shared screen shots with unwanted parties.

We quietly pulled the plugin from the list immediately and started investigating. On August 22nd Johnny Xmas was able to confirm that a keylogger was present.

you are viewing a single comment's thread
view the rest of the comments

[-] Churbleyimyam@lemm.ee 19 points 4 months ago* (last edited 4 months ago)

Was the plugin open source?

Edit: looks like it wasn't and the incident has prompted more more transparency. Good stuff.

[-] sugartits@lemmy.world 6 points 4 months ago

Unless the pidgin team are compiling the binaries themselves, this doesn't really fix much.

Ideally we need reproducible builds.

[-] delirious_owl@discuss.online 1 points 4 months ago

Its really not hard for them to compile themselves. This is what most package managers do

this post was submitted on 26 Aug 2024

203 points (99.5% liked)

Open Source

31724 readers

134 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago

MODERATORS

Cloak@lemmy.ml

kevincox@lemmy.ml

CrypticCoffee@lemmy.ml

Lettuceeatlettuce@lemmy.ml