lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6.1.0.6.0.20040524073143.02b38b80@mail.adelphia.net>
From: m0rtis at adelphia.net (Mortis)
Subject: irc over ssl

 > are there any known issues concerning rootkits, backdoors,
 > cmd execution concerning an irc(with ssl) client ? I use the
 > irssi client to conect to a irc server with ssl.Is there a way for
 > the admins of the irc server to open/intrude somehow to my
 > pc(through the high port that the client opens to conect to the
 > server)?

You never know, do you?  That's half the fun.

No noise lately with irssi.  They had a small number of ooboos in the past 
if you google around.  There was once a backdoor planted in the 
configuration script.  That was some funny sh*t that week.

The author seems to think the code is tight:
 > I'm quite confident that there's no security bugs in Irssi.
 > No buffer overflows, no format bugs (%s%s%s), no remote
 > exploits, nothing.

I'm sure some turkey will hack it this week just to spank him for the 
claim.  Pretty code.  Lots of lists and pointers.

You may be vulnerable to any of the bugs that affect openssl.  Are you 
using the most current version?  Hit me offline if you don't know how to check.

Don't sit around IRCing by yourself.  It can make you go blind.
--
Mortis
http://m0rtis.proboards30.com/
http://full-disclosure.50megs.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ