www.IRC-Junkie.org – IRC News

All about Internet Relay Chat

Monthly Archives: November 2004

AngryWolf quits Unreal Module development

On his website AngryWolf announced he will stop development of modules for the popular UnrealIRCD server package. “I’ve been so busy for more than one month that I couldn’t do any updates on the site and on my modules since then”, AngryWolf explains. “I just can’t do these anymore. They mean too much work for me, even because I’m having university.”

One of the Unreal developers Codemastr said in a reaction: “He did a lot of good for Unreal. He was the first one, outside of the Unreal developers, to write modules. I think it was because of him that so many people are now writing modules. I know of many people who don’t even look at the module documentation when they want to write a module, instead they just look at Angrywolf’s existing ones and base it on them.”

The reason for AngryWolf to start module development was “to bring out more of a Hungarian IRC network than UnrealIRCd had offered me that time.” At first he modified the IRCD code, but later changed to using modules as that gave him more possibilities to add new features. “Then, since I noticed that what I code might be useful to others, I shared them with the public.”

Some of the modules he is most proud of himself includes the module that lists available ircoperators with the /ircops command, and jointhrottle which was also considered to be included into the IRCD by one of the developers, Syzop. “Of course, m_chgshois, which you can use to change anyone’s SWHOIS information, also proved to be helpful, but only on those networks not having Anope IRC Services, because it has an extra module for that purpose.”

One of the more controversial modules AngryWolf coded was the m_spy module, of which we posted an article with a interview with him on January 8th of this year. “I can still hear/see opinions like ‘you shouldn’t have coded it’. I was thinking for a long time that even thought people say such things about the module, it could do more good than harm, but I had to be disappointed. Now I admit it was a very bad idea even to bring that module into existence.” AngryWolf as a result removed the possibility to download the module from his website and you have to privately contact him to get the module after that.

There are no current plans to continue development of existing modules made by AngryWolf, and no plans exist for development to be taken over by another person. “Of course I allow anyone to use, improve and update my codes, what I only require is my name represented in their works to indicate, I did something, too”, AngryWolf explained.

“Sorry a lot, and thanks to everyone for helping and supporting me. This page will be closed soon”, the announcement on AngryWolf’s website ends.

CIA funds monitoring of IRC (updated 2)

A university in New York is going to be working on a program to analyse IRC chat which is being funded by the CIA channeled through the National Science Foundation. This document outlines the project including the sum of money involved which is $157673 USD.

“The aim of this proposal is to develop new techniques for information gathering, analysis and modeling of chatroom communications”, the document explains. What the document did not lined out was that it was the CIA who was behind the funding.

Leland Jameson, NSF programme director said last Wednesday that the two year program will probably not see a new term.

In June 2004 the two researchers mentioned in the document , Yener and Krishnamoorthy, released a paper (NSF funded) that described a project where users on the Undernet IRC network were monitored. In the paper they described their work as “could aid (the) intelligence community to eavesdrop in chatrooms, profile chatters and identify hidden groups of chatters in a cost-effective way.”

To monitor chat on Undernet the researchers would need to actually have a client inside the channels they want to monitor. Private messaging between two users is not possible to follow for an outsider, unless the ircd contains code to do so. As the ircd in use on Undernet, ircu, is open source, this seems highly unlikely.

Al Teich, director of science and policy programmes at the American Association for the Advancement of Science has in general nothing about the CIA funding anti-terrorism, but “Whether the CIA ought to be funding research in universities in a clandestine manner is a different issue.”

Several articles can be found using Google News for further reading. Thanks to Ed for initially bringing it to my attention :)

Update: “Undernet has never knowingly been a part of any snooping project for the government. We were totally unaware of this”, said an Undernet official in a reaction to IRC-Junkie.

A PDF explains the initial research and includes the explanation on why they picked out #usa, #philosophy and #political on the Undernet IRC network.

Update2: People have asked me what hosts the bots are using. It is not hard to find the bots online, as the bots are not set +i at all. Doing a who *.rpi.edu quickly shows the next connection:

resh is ~camtes@opt.cs.rpi.edu

resh is Seyit A. Camtepe

End of WHO matching *.rpi.edu – 1 user(s) found

From the PDF we know Ahmet Camtepe is one of the researchers, and that camtes@cs.rpi.edu is his email address. Whoisses of the last few days show that the bots are moving around channels, and have abandoned the 3 channels mentioned in the PDF.

Password leak at QuakeNet (updated)

“As you may have noticed, earlier today the password for every Q account was changed. This was due to a suspected leak of some encrypted passwords from the QuakeNet website, shortly beforehand, causing the passwords to be changed as a precautionary measure whilst we investigated”, magpie reports at the QuakeNet website.

The site also recommends that if you use this same password for other services, on IRC or not, to change those passwords as well.

“We would like to assure users that we are working hard to ensure this cannot happen again, and we apologise for any inconvenience caused”, magpie finishes.

Update 23 Nov: We have been able to contact Magpie now concerning this issue. There was quite some rumour that the leak was caused by the currently know phpBB exploit.

“… yes, the initial point of entry was through the forum. I’m not completely blaming phpBB here, we obviously have to take most of the blame; although it was mainly due to an unfortunate set of circumstances whereby the copy of the password hashes was in the process of being moved (intending to be left on the same box as the forums for a short period of time, alas this period of time was too long)”, Magpie replies to IRC-Junkie in a reaction.

The database in question was however not Q’s main database Magpie assured IRC-Junkie. “This is always kept physically separate, and always will be.”

“… we’re taking steps to ensure this doesn’t happen again, and that we’re deeply sorry for any inconvenience this has caused”, Magpie finishes.

EFnet tests OpenChanfix

EFnet reports it will be testing the OpenChanfix variant of its Chanfix service. It is not a test to see if the opensource variant can replace the current Chanfix however.

Garion, one of the two OpenChanfix coders, said in a reaction to IRC-Junkie: “This is not a replacement, but a test to see whether OCF is really ready for production. Of course we have tested it extensively, but it is extremely difficult to create a good test environment which is a perfect copy of EFnet. That’s why we’ve decided to test it on EFnet itself.”

After the two week test period the original service will replace the OpenChanfix service again. “What will happen after that cannot be said yet of course. OCF can turn out to be a disaster, or it can be so good that admins decide to vote on using it instead of (or in conjunction with) the current chanfix code. Therefore any changes afterwards will only occur if EFnet admins vote for the changes”, Garion continues.

Garion does not expect much difference in the meanwhile for any users using the service. “The OpenChanfix service tries to behave as similar to the original chanfix as possible. This, and the fact that we’ll be using the nick CHANFIX2, will hopefully make sure not too much confusion occurs among EFnet users”, Garion ends.

Update: The “old” Chanfix is also opensource these days.

BNC 2.8.9 remote buffer overflow

The well known bouncer BNC contains a remote buffer overflow exploit.

“There is a buffer overflow vulnerability in getnickuserhost() function that is called when BNC is processing response from some IRC server. When BNC is connected to some IRC server, it will send ‘USER’ and ‘NICK’ command. Server response is at some point processed with getnickuserhost() function.” This post at Security Focus explains.

The overflow is present in version 2.8.9 and below. “Vulnerability can be exploited if attacker tricks user to connect to his fake IRC server that will exploit this vulnerability. If the attacker has access to BNC proxy server, this vulnerability can be used to gain shell access on machine here BNC proxy server is set.“, the Security Focus post explains.

This vulnerability has been fixed in version 2.9.0.