lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <41A24A2C.1080400@sdf.lonestar.org>
From: bkfsec at sdf.lonestar.org (bkfsec)
Subject: Why is IRC still around?

vord wrote:

>and for the record, "they would move to another resource" is not a
>coherent argument against his position [his question, rather]
>concerning the elimination of a problem-child medium. perhaps the cost
>to society via the spread piracy and virii [more importantly the
>altter] isnt worth the measly gain IRC affords its legitimate users?
>[well?]
>  
>
This would be correct, if the move to a new medium wasn't 0-sum.  
However, it is a 0-sum move because IRC bots have already been 
retrofitted with remote control mechanisms using both IM and P2P 
technologies.  This isn't "hypothetically they'd move to another medium" 
-- this is "they already HAVE moved to other mediums."


>it IS incoherent, however, to argue that IRC (1) is the kiddiots means
>of choice for controlling his worms because it is the easiest or most
>efficient way to do so, while also contending (2) that an IRC sunset
>would not cause the immediate dissappearance of substansial
>internet-wide problems. making it harder MAKES IT HARDER and must
>therefore to some degree reduce the probability of abuse. therefore
>the gain afforded to legitimate users by this medium should be
>weighted against the direct affect its eradication would have on REAL
>problems -- and, clearly, no one here is qualified to make this
>judgement, else they would have offered such proof in immediate
>response to the original post as opposed to blabbing incessantly about
>incredibly obvious bullshit. 
>
Actually, I was one of the first respondants and I *DID* provide proof 
of this in mentioning the WASTE P2P protocol and IM methods used for 
remote control of said IRCbot networks. 

The existance of these utilities (which are available and somewhat 
documented) reduces the "makes it harder" portion of the equation to 
almost nothing.  Hell, the gaobot infector implemented these as a 
secondary backdoor method quite some time ago.

If you don't consider that to be proof of the point, then I suggest that 
you're a troll and that I shouldn't be here feeding you right now.

>the only potentially useful point anyone
>has made [not that it wasnt obvious] concerns the difficulty in
>removing the medium ... but this is irrelavent, of course, since it is
>more likely that the security community would suggest [and perhaps
>assist in the developement of] a replacement [most importantly] to the
>larger IRC networks.
>  
>
That's not an irrelivent point - any kiddie with a dedicated PC can 
setup their own IRC server.  Replacing the existance of all of the 
current IRC servers won't remove the ability for a cracker to easily 
setup their own.  If the proposal is "negate IRC", then that proposal 
has to have a realistic plan for doing so.

>im sure the original ford model-T had plenty of legitimate users who
>didnt drive drunk or generally cause mayhem ... i dont see it around
>anymore though ... hmm, i wonder if that correlates directly to the
>increased safety of automobiles ... hmm hmm, indeed. </sardonicism>
>  
>
No doubt, but there are people out there who choose to drive classic 
automobiles and forego their personal; safety in order to do so.  How 
would you suggest stopping that?

Most people don't use IRC.  Many do.  If that's the point you're trying 
to prove here, you're right - but the point is effectively moot.

>the issue is certainly not at all as cut and dry as most of you have
>made it out to be.
>
>
>  
>
Sure it is.  :)

             -Barry



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ