Re: IRC Security Loophole

[mark () zang kcc hawaii edu (Mark)]

> I read somewhere that there is a security loophole in IRC. I don't know 
> anything else about it but I would like to find out more information 
> about this. I heard that information about this IRC loophole can be found 
> by FTP at ftp.cert.org, but I couldn't find anything relevant there.

The security concerns with IRC relate almost exclusively to ircII
clients that have been modified in the source code or scripts.

A source code backdoor to let people gain access to your account
can be made to be very invisible, (but usually instantly spottable
by anyone with knowledge of C code), but to date most backdoors
relate to responding to loud noisy one line commands over IRC.

Script backdoors can be more intricate because it doesnt take as much
skill to develop usually and the intricacies and subtleties of the
scripting language can hide holes quite readily. Again they can be
spotted and most to date have been boorishly primitive.

To protect yourself from the source code attack, the best thing is
to replace your client if you are in doubt as to its origins. You
can find a client on anonymous ftp at coombs.anu.edu.au in the
/pub/irc/ircII directory. Installing is left as an exercise to the
reader. This machine is generally considered to be the safest place
to obtain a client.

To protect yourself from scripts with dangerous holes in them, basically
dont run scripts from other people unless you are competent enough
with the language to understand the workings. I myself dont run any
scripts and have been using irc for over six years. You dont need them and
often they are annoying and will lead to you being removed from channels.
(i.e. textbox). Also there are people of doubtful intelligence that enjoy
sending people trojan scripts via IRC's DCC that immediately open your
account to the world and inform the world of such. Dont run any scripts
as a rule.

Hope this helps,
Mark