Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Why is IRC still around?
From: "Darren Wolfe" <darren () thecosmicgerbil com>
Date: Fri, 19 Nov 2004 22:08:33 -0000

I have never replied to anything on this list (I read it to keep up to date
on vulnerabilities, but im not really qualified to contribute anything) but
this particular message has peaked my interest.  

1. Agreed, by using flaws in IE they then go on to subvert mirc into
spamming people.
2. They do.
3. A tremendous amount :)
4. This is only because IRC provides the perfect medium in which to control
those zombies (a single message from one person is immediately sent to
everyone in the channel at the same time). If a better medium was available,
they'd use that.

IRC is as close to a real time group conversation as you can get that
doesn't used closed protocols.  It's fast, simple and used by an enormous
number of people - particuarly those who play online games, and for open
source projects (#gentoo on freenode regularly has over 900 people in it).

In answer to your final question - IRC is very useful for quick
conversations in real time with groups of people. Sure there are other
things - usenet, web based forums, email based mailing lists, IM networks
etc but none have that group feeling as much as IRC.

It's problem is twofold - firstly, mirc (the most popular client) has a
number of flaws that make it easy to steal peoples "auth passwords". But
these are not automated! The user must be tricked into typing some commands
to set the exploit in motion.
This is also the second problem - a link may be mentioned in a channel and
people will click on it - from there, if your browser is vulnerable, you can
be hit by any number of trojans.  There was a winamp trojan going about a
few months ago (which I reported and is now fixed - go me :D ) which
involved clicking a link in irc that opened winamp through a file
association that exploited a security flaw that installed a script for mirc
that spammed the same link to everyone in the channel.

Like any other medium, it is a combination of a lack of knowledge by the
users and exploits/vulnerabilities in software, the only difference, is that
on IRC it tends to spread quickly because of its real time nature.
So in conclusion, no, IRC should not be killed off, mirc's scripting
vulnerabilities should be closed in some way, and vulnerabilities in other
software should continue to be discovered and fixed.

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Danny
Sent: 19 November 2004 17:40
To: Mailing List - Full-Disclosure
Subject: [Full-disclosure] Why is IRC still around?

Well, it sure does help the anti-virus (anti-malware) and security
consulting business, but besides that... is it not safe to say that:

1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
2) A considerable amount of "script kiddies" originate and grow through IRC?
3) A wee bit of software piracy occurs?
4) That many organized DoS attacks through PC zombies are initiated through
IRC?
5) The anonymity of the whole thing helps to foster all the illegal and
malicious activity that occurs?
The list goes on and on...

Sorry to offend those that use IRC legitimately (LOL - find something else
to chat with your buddies), but why the hell are we not pushing to sunset
IRC?

What would IT be like today without IRC (or the like)? Am I narrow minded to
say that it would be a much safer place?

...D

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault