lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200405241312.58273.fulldisc@ultratux.org>
From: fulldisc at ultratux.org (Maarten)
Subject: irc over ssl

On Monday 24 May 2004 12:41, Giannakis Eleftherios wrote:
> Hello everybody,
>
> are there any known issues concerning rootkits, backdoors, cmd execution
> concerning an irc(with ssl) client ? I use the irssi client to conect to a
> irc server with ssl.Is there a way for the admins of the irc server to
> open/intrude somehow to my pc(through the high port that the client opens
> to conect to the server)? The server listens to TCP port 9999.
> Thanks a lot!

I cannot comment on your specific setup, but be aware that irc, by its very 
nature, can pose a hazard.  For instance through an exploitable local script, 
getting someone to run something with social engineering, and a whole bag of 
tricks in DCC connections, depending on how bugfree your client is...

There is also the issue of stepping on the wrong toes and possibly getting 
DDoS'ed out of existence by some 'l33t irc g0d', but that is not a security 
hole, it's more of a social thing.

-- 
Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ