lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <acdc033d04111922315cd58a09@mail.gmail.com>
From: michealespinola at gmail.com (Micheal Espinola Jr)
Subject: Why is IRC still around?

Is IRC bad?  Yes.
Is SMTP bad?  Yes.

Why?  Because they are simple and basic protocol  implementations
created decades ago.  Not that they aren't efficient and easy, but
they certainly have their shortcomings in terms of security and AAA.

Yes, people can certainly switch to other mediums which will in turn
be subject to abuse and exploits - but at least a more modern medium
will likely have more controls and accountability in place.

Whether or not there is any legitimate use of the IRC, we all know
that it has been a haven for illegal activity and abuse for at least
(2) decades now.

We need to move forward with technology.  Or would you rather be like
Microsoft - and attempt to be backward compatible for all-time - and
continue to use products that have fundamental flaws in them?


On Fri, 19 Nov 2004 12:17:09 -0800, Mister Coffee
<live4java@...rmcenter.net> wrote:
> Danny wrote:
> > Well, it sure does help the anti-virus (anti-malware) and security
> > consulting business, but besides that... is it not safe to say that:
> >
> > 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
> >
> And?  There are a hell of a lot of "normal" users on IRC too who don't
> wreck havoc.  A lot of spam comes in email.  Does that make email bad?
> 
> > 2) A considerable amount of "script kiddies" originate and grow through IRC?
> >
> And AIM, ICQ, Jabber, web-forums, mailing lists, etc.  IRC is one medium
> amungst many.
> 
> > 3) A wee bit of software piracy occurs?
> >
> Some, perhaps.  But unlike, say BitTorrent or Kazaa, IRC's primary role
> is communication rather than file transfer.  You could make the same
> argument for ANY of the IM clients that support file transfer.
> 
> > 4) That many organized DoS attacks through PC zombies are initiated through IRC?
> >
> Many do.  Yes.  But many also originate through other media, and, again,
>  it's not the medium's fault that people use it for nefarious purposes.
>  Hitmen get calls on their cell phones.  Should we eliminate cell
> phones to stop the hitmen?
> 
> > 5) The anonymity of the whole thing helps to foster all the illegal
> > and malicious activity that occurs?
> > The list goes on and on...
> > 
> Anonymity is not a bad thing in many, man, respects.  And the list of
> legitimate uses goes on and on as well.
> 
> > Sorry to offend those that use IRC legitimately (LOL - find something
> > else to chat with your buddies), but why the hell are we not pushing
> > to sunset IRC?
> > 
> No offense.  But the arguments aren't especially strong.  We're not
> pushing to sunset the IRC protocol because there are still thousands and
> thousands of -legitimate- users in the world.  Unlike most IM systems,
> the IRC nets are completely independant.  There are some serious
> advantages to that.
> 
> > What would IT be like today without IRC (or the like)? Am I narrow
> > minded to say that it would be a much safer place?
> > 
> Yes?
> 
> IRC is a protocol.  A tool like any other.  Last I looked there were
> still hundreds to thousands of IRC users at any given time who were
> there just to hang out and BS with their friends.   It's still a valid
> "community" if you will, in spite of the nefarious uses other people
> have put it to.
> 
> If you sunset something like IRC, the 3v1L h@...3z will just move their
> bots and trojans somewhere else.
> 
> > ...D
> 
> Cheers,
> L4J
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
ME2
<http://www.santeriasys.net/rss.php>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ