Bugtraq mailing list archives
Re: [Unet-Opers] abuse of nickserv (fwd)
From: danny () CHATSYSTEMS COM (danny)
Date: Thu, 25 Mar 1999 20:50:36 -0600
Actually, Undernet IRC went a step further, and voted earlier as a team that we would protect the nicknames of select services for dalnet. Every Undernet server is required to have a configuration line which disables users from being able to use the specified nicknames. It was brought to our attention that McLean.va* was missing this configuration lines, and it has been notified and requested to add it promptly. When this is fully in place, it will not be possible to use the restricted nicknames on an Undernet server. thus much more effective then trying to use a pseudo client or fake bot to jupe the nickname. Danny Mitchell. Undernet Services Developer. <WildThang () undernet org> Scott Fendley was known to have stated:
---------- Forwarded message ---------- Date: Tue, 23 Mar 1999 22:13:29 -0800 From: Nelson Little <nel74 () TIG COM AU> To: BUGTRAQ () NETSPACE ORG Subject: abuse of nickserv Hi, Many people that IRC on Dalnet have scripts which automatically identify their nicknames via "/msg nickserv identify your_password" This works fine, however,if you also IRC on Undernet you can run into a problem. Undernet has no nickserv so if someone on Undenet decides to use the nick "nickserv" they will be exposed to countless passwords from all the people that automatically identify themselves. Once the evil user has these passwords they can jump on Dalnet and steal that person's nick and change the password. With a bit of brain power, and I won't go into how, they can also abuse op in any channels that person has op access in. Dalnet has been advised and starting on April 15th, you'll need to identify to NickServ using /msg NickServ () services dal net IDENTIFY instead of just using /msg NickServ IDENTIFY. All the other IRC networks that I tested have a nickserv bot which halts the abuse mentioned above. Regards Nelson
-- --------------------=================================-------------------------- DannyM -- http://www.chatsystems.com/danny/resume.html Unix Administrator - TCP/IP client-server Programmer --------------------=================================-------------------------- Everything that I post is of my personal opinion, and not that of my employer! Mouse Potato: The on-line, wired generation's answer to the couch potato.
Current thread:
- Re: [Unet-Opers] abuse of nickserv (fwd) danny (Mar 25)