lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: dsolaro at coffeehaus.com (Denis Solaro)
Subject: irc over ssl

On Mon, 24 May 2004 13:16:40 +0100
"Dave Howe" <DaveHowe@....sharp-uk.co.uk> wrote:

> Giannakis Eleftherios wrote:
> > are there any known issues concerning rootkits, backdoors, cmd
> > execution concerning an irc(with ssl) client ?
> The answer to the question as posed is No
> However, the *real* answer to the question is to componentize the four
> items we are discussing, and query each individually.
> 1. The IRC Client
> The client may well have overflow or other vulnerabilities, either
> currently or in the version you are using.
> 

Or it can be called mIrc and be coded by someone who obviously never read one
rfc or document on secure programming.   This is one of the problems behind the
reputation of IRC.

We have used internal IRC servers in one of my past jobs where we used to
manage links from the US to Frankfurt and to London.  IRC is awesome (if used
internally) to get whole teams of Network admins / Sysadmins to work together
without annoying one to one calls or having to move to a separate conference
room.  You can cut and paste switch config, firewall config lines just like
that.

Unfortunately because of mIrc's reputation, some high management decided to have
use disuse it.... Great, especially since we are all Solaris or Cisco kids and
nothing to do with Microsoft based half compliant IRC stuff. 

So if you can get the author or mIrc extradited to some secret jail under the
Homeland Security policy, I wouldn't mind doing the beating up and medieval
stuff. I have some nasty shielded SCSI cables I could use as a whip.

PS: Just for the "mIrc colors" invention that man deserves the "hungry lion at
the Colosseum" treatment. 

-- 
Denis Solaro -- denis.solaro@...adoo.fr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ