Re: irc over ssl

[Mortis <m0rtis () adelphia net>]

> are there any known issues concerning rootkits, backdoors,
> cmd execution concerning an irc(with ssl) client ? I use the
> irssi client to conect to a irc server with ssl.Is there a way for
> the admins of the irc server to open/intrude somehow to my
> pc(through the high port that the client opens to conect to the
> server)?

You never know, do you?  That's half the fun.

No noise lately with irssi.  They had a small number of ooboos in the past 
if you google around.  There was once a backdoor planted in the 
configuration script.  That was some funny sh*t that week.

The author seems to think the code is tight:
> I'm quite confident that there's no security bugs in Irssi.
> No buffer overflows, no format bugs (%s%s%s), no remote
> exploits, nothing.

I'm sure some turkey will hack it this week just to spank him for the 
claim.  Pretty code.  Lots of lists and pointers.

You may be vulnerable to any of the bugs that affect openssl.  Are you 
using the most current version?  Hit me offline if you don't know how to check.

Don't sit around IRCing by yourself.  It can make you go blind.
--
Mortis
http://m0rtis.proboards30.com/
http://full-disclosure.50megs.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html