lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sat, 3 May 2003 14:22:58 +1000 (Australia/ACT)
From: Darren Reed <avalon@...igula.anu.edu.au>
To: 0x90@...isiblenet.net (Intel Nop)
Subject: Re: Dynamic DNS "Spoofing" & IRC


In some mail from Intel Nop, sie said:
> 
> This is a trivial "feature/flaw" I've been holding onto for a bit, and it's
> probably commonly known, but I haven't seen it posted anywhere, more of a
> neat little thing in taking advantage of IRC and it's treatment of dyndns
> within DNS if reverse lookup is possible.
> 
> IRC (Internet Relay Chat) servers being a common ground for chat, have some
> annoyances such as the username@...ddress or username@...ainname, some
> people don't like that etc, being that they have to use a bouncer to avoid
> showing their own ip address or hostname to other users if they want to
> maintain some sort of privacy.

Bah!  Why do people still expect to have any sort of privacy ?!

Haven't you all gotten over it yet and realised that anyone can
know anything and everything about your life if they have enough $$ ?!

Privacy is such a 20th century concept, get with the times!

Oh, and btw, revealing user@...tname was quite a deliberate design
decision that was debated many times (and probably still is.)

IRC is meant to be a means for communicating with people and when
you're communicating with someone you generally want to know something
about them.  Revealing user@...tname was not ever considered to be a
privacy risk and you might argue is no different to CLID.  I for one
refuse to answer the phone if I cannot see who the other party is that
is calling me because it is generally considered good etiquette to let
someone know who you are when calling.  Revealing more information also
serves as something of a disincentive towards anti-social behaviour and
before you say "but if someone wants to be, they can use methods like
that posted to hide", history shows that for most it is either too
difficult or too much trouble for the average moron to do.

Another reply mentioned "stats L" output being useful.  Well at one
point it was, but today IRC is, for better or worse, far from being
anything as egalitarian as it used to be.

Darren

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ