In this post, the Snikket Team addresses a recent security incident involving a public XMPP service, jabber.ru. The service experienced a targeted attack in which encrypted traffic was intercepted and modified for an extended period of time. This type of “active” attack is notable because it involved decrypting and re-encrypting traffic, using valid certificates for the targeted domains. The Snikket Team reassures users that Snikket was not affected by the incident and outlines measures they are taking to prevent similar attacks, such as deploying a strict CAA record and implementing monitoring for suspicious certificates. They also mention the upcoming release of the Snikket Server, which includes the “channel binding” security feature. For those using the Snikket platform, they provide instructions on how to increase security through a CAA record for custom domains.
https://snikket.org/blog/on-the-jabber-ru-mitm/