Re: irc over ssl

[Denis Solaro <dsolaro () coffeehaus com>]

On Mon, 24 May 2004 13:16:40 +0100
"Dave Howe" <DaveHowe () cmn sharp-uk co uk> wrote:

> Giannakis Eleftherios wrote:
> > are there any known issues concerning rootkits, backdoors, cmd
> > execution concerning an irc(with ssl) client ?
> The answer to the question as posed is No
> However, the *real* answer to the question is to componentize the four
> items we are discussing, and query each individually.
> 1. The IRC Client
> The client may well have overflow or other vulnerabilities, either
> currently or in the version you are using.

Or it can be called mIrc and be coded by someone who obviously never read one
rfc or document on secure programming.   This is one of the problems behind the
reputation of IRC.

We have used internal IRC servers in one of my past jobs where we used to
manage links from the US to Frankfurt and to London.  IRC is awesome (if used
internally) to get whole teams of Network admins / Sysadmins to work together
without annoying one to one calls or having to move to a separate conference
room.  You can cut and paste switch config, firewall config lines just like
that.

Unfortunately because of mIrc's reputation, some high management decided to have
use disuse it.... Great, especially since we are all Solaris or Cisco kids and
nothing to do with Microsoft based half compliant IRC stuff. 

So if you can get the author or mIrc extradited to some secret jail under the
Homeland Security policy, I wouldn't mind doing the beating up and medieval
stuff. I have some nasty shielded SCSI cables I could use as a whip.

PS: Just for the "mIrc colors" invention that man deserves the "hungry lion at
the Colosseum" treatment. 

-- 
Denis Solaro -- denis.solaro () wanadoo fr

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html