www.IRC-Junkie.org – IRC News

All about Internet Relay Chat

Monthly Archives: September 2005

XChat Author Warns for Firefox Exploit

A second more serious security issue has been discovered which is also being fixed by the recently released Firefox 1.0.7.

The exploit, which is classified as ‘extremely critical’, exploits a security hole in the startup script of Firefox. By passing parameters in URL’s from external applications it is possible to perform commands when Firefox is configured to be the default browser.

The exploit can only be used on certain Linux and *nix systems.

“We have a work-around in xchat 2.4.5, but to really fix it you need to upgrade firefox and mozilla” XChat author Zed said to IRC-Junkie in a  reaction.

To state the obvious, this is not an issue with XChat, or any other program passing on URL’s to Firefox, but an issue with Firefox/Mozilla which is using a bash script to startup.

DDoS'er Pleaded Guilty

Richard “Krashed” Roby, 20 years old from Ohio pleaded guilty in federal court in Toledo to DDoS’ing online competitors of Jay Echouafni.

Jay Echouafni, a 38-year-old satellite TV salesman ordered Richard “Krashed” Roby to DDoS his competitors online. One of the other people who has been ordered to attack his competitors is Paul Ashley, who was in those days running the on IRC well known IRC shell company FOOnet. Echouafni offered Ashley 1000$ for the attacks.

Roby pleaded guilty in a deal with the prosecutors. Without the deal, he could have to serve jail for up to 2 years. Paul Ashley entered a similar deal, but has not pleaded guilty yet. Without the deal Ashley will have to face 70 to 87 months in jail.

Ashley admitted as part of the deal that he knew clients of his shell company were using their shells on FOOnet to control botnets.

Roby was offered a free shell on FOOnet in return of the DDoS attacks.

As we reported in November 2004, Jay Echouafni is still a fugitive, and it is believed he is still hiding in his country of origin, Morocco.

IRC Channel Relays Information From New Orleans

Not all of New Orleans is in chaos it seems. Somewhere on the 9th floor of a office building web-hosting company directNIC.com remains operational. With the help of generators on the same floor who kept dry they are able to relay news to the outside world in a blog.

The blog, available here, has been named the “Survival of New Orleans blog”. “In less perilous times it was simply a blog for me to talk smack and chat with friends,” the website starts. “Now this journal exists to share firsthand experience of the disaster and its aftermath with anyone interested.”

The blog explains about the chaos in the city. For example the 10:12am update on Thursday, September 1st: “Can confirm: The National Guard, FEMA, the NOPD, and City authorities DO NOT have the city under control. There are live radio feeds for the National Guard comms and NOPD comms which have been circulating the web, and you can listen to the chaos and disarray for yourselves. I am not going to post the links, but I’m sure others have and will. I doubt the government’s ability to reestablish order without a full active duty military presence to crush the mob mentality. This of course will mean no civil rights and everyone being treated equally — as a criminal.”

To aid in the spreading of related news an IRC channel has been formed. The channel operator pinkish initiated the channel. “The channel was first on irc.deadjournal.com but it couldn’t keep up with our growth (that server could only hold about 200 users)”, channel operator DR explained to IRC-Junkie. The channel then got moved to #interdictor on irc.freenode.net.

At the time of IRC-Junkie’s visit, #interdictor was holding almost 1000 people and had to be set moderated to keep the channel usable. Side-channels such as #interdictor-chat are initiated where users can still interact.

The main channel is being used to relay information from a wealth of online resources, mainly non-mainstream. Also, several people who are being in various locations in the affected disaster area relay information about their specific locations. User Teriander is for example relaying information from Baton Rouge. “With bridges such as LiveJournal (the blog’s home) and wiki and blogs, IRC becomes more directed, focused … intense … More facilitation / less journalism”, channel operator hfx_ben said to IRC-Junkie.

The network staff of Freenode is helping out the channel where it can. “It’s on topic as far as we’re concerned being a public service network”, Freenode staff member ZOP said to IRC-Junkie. “Staff here are aware of the channel, and we’re accommodating the channel as much as we can. [...] We’re providing clone watches and stuff like that, same as we do any other popular channel.”

The team members of the blog itself occasionally come into the channel as well, to relay information, and have a small chat. However, as they get thousands of request for information, their time is limited.

The channel operators have launched a Wiki with more information about news resources and the channel here.