[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6.1.0.6.0.20040524073143.02b38b80@mail.adelphia.net>
From: m0rtis at adelphia.net (Mortis)
Subject: irc over ssl
> are there any known issues concerning rootkits, backdoors,
> cmd execution concerning an irc(with ssl) client ? I use the
> irssi client to conect to a irc server with ssl.Is there a way for
> the admins of the irc server to open/intrude somehow to my
> pc(through the high port that the client opens to conect to the
> server)?
You never know, do you? That's half the fun.
No noise lately with irssi. They had a small number of ooboos in the past
if you google around. There was once a backdoor planted in the
configuration script. That was some funny sh*t that week.
The author seems to think the code is tight:
> I'm quite confident that there's no security bugs in Irssi.
> No buffer overflows, no format bugs (%s%s%s), no remote
> exploits, nothing.
I'm sure some turkey will hack it this week just to spank him for the
claim. Pretty code. Lots of lists and pointers.
You may be vulnerable to any of the bugs that affect openssl. Are you
using the most current version? Hit me offline if you don't know how to check.
Don't sit around IRCing by yourself. It can make you go blind.
--
Mortis
http://m0rtis.proboards30.com/
http://full-disclosure.50megs.com/
Powered by blists - more mailing lists