Re: abuse of nickserv

[studno1 () INTELLEX COM (StudNo1)]

I am a DALnet Csop. Let me clarify something. No one should ever use /msg to
services on dalnet.  DALnet has had built into the ircd for about a year now
the command /nickserv /chanserv and /memoserv to replace the need for /msg.
If these are used as has been advised for along time there will be no
problems at all with this.  Just a FYI.


-----Original Message-----
From: Nelson Little <nel74 () TIG COM AU>
To: BUGTRAQ () netspace org <BUGTRAQ () netspace org>
Date: Thursday, March 25, 1999 7:47 PM
Subject: abuse of nickserv


> Hi,
>
> Many people that IRC on Dalnet have scripts which automatically identify
> their nicknames via "/msg nickserv identify your_password" This works fine,
> however,if you also IRC on Undernet you can run into a problem. Undernet
> has no nickserv so if someone on Undenet decides to use the nick "nickserv"
> they will be exposed to countless passwords from all the people that
> automatically identify themselves. Once the evil user has these passwords
> they can jump on Dalnet and steal that person's nick and change the
> password. With a bit of brain power, and I won't go into how, they can also
> abuse op in any channels that person has op access in.
>
> Dalnet has been advised and starting on April 15th, you'll need to identify
> to NickServ using /msg NickServ () services dal net IDENTIFY instead of just
> using /msg NickServ IDENTIFY.
>
> All the other IRC networks that I tested have a nickserv bot which halts
> the abuse mentioned above.
>
> Regards
> Nelson