lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <addc34c604111913377fdea167@mail.gmail.com>
From: nocmonkey at gmail.com (Danny)
Subject: Why is IRC still around?

On Fri, 19 Nov 2004 15:54:54 -0500, Tim
<tim-security@...tinelchicken.org> wrote:
> > 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
> 
> Isn't email the primary spreading mechanism of viruses?

My mistake; I was referring to the discussion, collaboration, and
creation, not the spread.

> should we sunset email?

Some say we should, but I am not one of those. My point was to get rid
of the most well established tool (and easiest to use) for these types
of activities.

> > 2) A considerable amount of "script kiddies" originate and grow through IRC?
> 
> And if there were no IRC, they would use AIM, or MSN messenger, or more
> likely, jabber.  What's the difference?  It is popular amongst hackers
> (of any level of morality) because it is open.

What's the difference? IRC is so well established for the type of
activity I am referring to.

> > 3) A wee bit of software piracy occurs?
> 
> And it doesn't on any other protocol?  People who want to pirate will do
> it using whatever tools are available.  Take away one, and others will
> be used.

I'll leave the piracy battle for someone else - I just mentioned it as
a part of the problem.

> > 4) That many organized DoS attacks through PC zombies are initiated through IRC?
> 
> It wouldn't be any harder to pull this off via netcat.  If it is the
> anonymity an attacker wants, they just use one of the zombies as the
> server.

Sure netcat is an alternative, but which one is easier to use?

> > 5) The anonymity of the whole thing helps to foster all the illegal
> > and malicious activity that occurs?
> 
> How is it any more anonymous than email, or web, or any other
> unauthenticated protocol?

My point was to get rid of the most well established tool (and easiest
to use) for these types of activities. You obviously can't get rid of
them all.

> Please don't tell me you trust the From: header in your email, or believe that all of the IPs
> in your weblogs are directly tied to a person's home PC.

And all these years.... frig!
 
> > The list goes on and on...
> 
> Yes, but every one of those arguments is horribly flawed.  I am not sure
> if you are just being a troll or what.

I thought I would throw out the idea. If you want to call me a troll,
then so be it, but don't get your panties in a knot over the whole
thing

> > Sorry to offend those that use IRC legitimately (LOL - find something
> > else to chat with your buddies), but why the hell are we not pushing
> > to sunset IRC?
> >
> > Am I narrow minded to say that it would be a much safer place?
> 
> yes, you are being narrow-minded.

Fair enough.

...D


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ