Re: IRC problems & other fun?

[lcm () intac com (Lawrence C Mc Abee)]

In message <199410120028.AA04930 () lupine org>, "That Whispering Wolf..." stated:
> We've had a few account violations at a site I administer, and I believe 
> that the problem has been pinpointed as being IRC. One user pointed this out
> as the access point into his own account, and this seems to be confirmed by
> a co-worker who also had his account broken, in apparently the same meathod.
>
> So, the question is -- Have there been any new holes in IRC (the newest non-
> beta version... IRCII 2.2.9, I think) discovered recently? I'm aware of the
> "ON EXEC" problems, and the like, but the co-worker who's account was broken
> ran no scripts, nor executed any command to disable EXEC_PROTECTION or 
> anything simular (he's a very lightweight IRC user).
>
> I'd -really- like to find the specific meathod of entry here -- Disabling
> IRC is really not an option.
>
> Anyone have ideas?

        A while back the IRC main US ftp site, cs-pub.bu.edu was broken into
 and the irc clients there were replaced with code that had a back door.

 If you got the code that you now run in say early summer, 1994, you may
 want to grab new source and recompile.

Normal 2.2.9 code has no backdoors that I am aware of, of course as you stated
, 'on exec' is a constant problem. You could hack exec out of the code you
 install as your system client.

                                Mac.

--
Lawrence C. Mc Abee <lcm () intac com>|The United States:
Operations Staff.      1800-50INTAC| Not the world's policeman..
INTAC Access Corporation.          | more like the world's big brother.
PGP Key:http://www.intac.com/~lcm  |