Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

abuse of nickserv
From: nel74 () TIG COM AU (Nelson Little)
Date: Tue, 23 Mar 1999 22:13:29 -0800

Hi,

Many people that IRC on Dalnet have scripts which automatically identify
their nicknames via "/msg nickserv identify your_password" This works fine,
however,if you also IRC on Undernet you can run into a problem. Undernet
has no nickserv so if someone on Undenet decides to use the nick "nickserv"
they will be exposed to countless passwords from all the people that
automatically identify themselves. Once the evil user has these passwords
they can jump on Dalnet and steal that person's nick and change the
password. With a bit of brain power, and I won't go into how, they can also
abuse op in any channels that person has op access in.

Dalnet has been advised and starting on April 15th, you'll need to identify
to NickServ using /msg NickServ () services dal net IDENTIFY instead of just
using /msg NickServ IDENTIFY.

All the other IRC networks that I tested have a nickserv bot which halts
the abuse mentioned above.

Regards
Nelson

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]