| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: bkfsec at sdf.lonestar.org (bkfsec)
Subject: Why is IRC still around?
vord wrote:
>and for the record, "they would move to another resource" is not a
>coherent argument against his position [his question, rather]
>concerning the elimination of a problem-child medium. perhaps the cost
>to society via the spread piracy and virii [more importantly the
>altter] isnt worth the measly gain IRC affords its legitimate users?
>[well?]
>
>
This would be correct, if the move to a new medium wasn't 0-sum.
However, it is a 0-sum move because IRC bots have already been
retrofitted with remote control mechanisms using both IM and P2P
technologies. This isn't "hypothetically they'd move to another medium"
-- this is "they already HAVE moved to other mediums."
>it IS incoherent, however, to argue that IRC (1) is the kiddiots means
>of choice for controlling his worms because it is the easiest or most
>efficient way to do so, while also contending (2) that an IRC sunset
>would not cause the immediate dissappearance of substansial
>internet-wide problems. making it harder MAKES IT HARDER and must
>therefore to some degree reduce the probability of abuse. therefore
>the gain afforded to legitimate users by this medium should be
>weighted against the direct affect its eradication would have on REAL
>problems -- and, clearly, no one here is qualified to make this
>judgement, else they would have offered such proof in immediate
>response to the original post as opposed to blabbing incessantly about
>incredibly obvious bullshit.
>
Actually, I was one of the first respondants and I *DID* provide proof
of this in mentioning the WASTE P2P protocol and IM methods used for
remote control of said IRCbot networks.
The existance of these utilities (which are available and somewhat
documented) reduces the "makes it harder" portion of the equation to
almost nothing. Hell, the gaobot infector implemented these as a
secondary backdoor method quite some time ago.
If you don't consider that to be proof of the point, then I suggest that
you're a troll and that I shouldn't be here feeding you right now.
>the only potentially useful point anyone
>has made [not that it wasnt obvious] concerns the difficulty in
>removing the medium ... but this is irrelavent, of course, since it is
>more likely that the security community would suggest [and perhaps
>assist in the developement of] a replacement [most importantly] to the
>larger IRC networks.
>
>
That's not an irrelivent point - any kiddie with a dedicated PC can
setup their own IRC server. Replacing the existance of all of the
current IRC servers won't remove the ability for a cracker to easily
setup their own. If the proposal is "negate IRC", then that proposal
has to have a realistic plan for doing so.
>im sure the original ford model-T had plenty of legitimate users who
>didnt drive drunk or generally cause mayhem ... i dont see it around
>anymore though ... hmm, i wonder if that correlates directly to the
>increased safety of automobiles ... hmm hmm, indeed. </sardonicism>
>
>
No doubt, but there are people out there who choose to drive classic
automobiles and forego their personal; safety in order to do so. How
would you suggest stopping that?
Most people don't use IRC. Many do. If that's the point you're trying
to prove here, you're right - but the point is effectively moot.
>the issue is certainly not at all as cut and dry as most of you have
>made it out to be.
>
>
>
>
Sure it is. :)
-Barry
Powered by blists - more mailing lists