www.IRC-Junkie.org – IRC News

All about Internet Relay Chat

Monthly Archives: November 2008

freenode testing a new IRCd

freenode, the network hosting the channels for many free / opensource projects – who just recently announced that they have surpassed the 50,000 users mark – do have big news again.

Existing since 1995 as a stand-alone network, it’s gone through a few IRCds already – from ircu to dancer-ircu then dancer-hybrid and hyperion now.

Being in use since August 2005 now, hyperion could see it’s end-of-life on freenode pretty soon as this blog post, asking for users to get aboard the freenode testnet, might indicate.

ircd-seven is the name the new IRCd is called, which is based on charybdis which in turn is based on ircd-ratbox. This should prove as being a very stable codebase as ratbox is the main IRCd used on EFNet and therefore is used on a large scale for quite some time now.

Since “neither ratbox nor Charybdis implements freenode’s more unique features, such as ban-forwarding or hidden IRC operators” a small team of developers started modifying the code, consisting of only one main dev, a few upstream contributors and the occasional contribution by volunteers. Today, according to christel of freenode, the project is “fairly close to completion, it needs a few tweaks to some staff-only functionality, but most of it’s there”. Asked about an anticipated release date, christel replied that they’re “looking at early next year if everything is going after plan”.

A few of the new features already have been publicized, amongst them are SSL-support for both servers and clients where hyperion only did S2S compression and haven’t had any encryption neither for users nor servers so that’s a big leap forward to the 21st century. Also the channel ban system has been reworked and the username prefixes (i= and n=) are gone for good ;) and ~ is used to indicate a non-identd username instead as most other IRCds do too.

The way you can identify on connect also has been changed and you can now sign in to an account without having to use a nickname that is linked to it by specifying it in the form of accountname:password in the server-password field. You can also do that using SASL provided your client supports it – only irssi and Conspire do that as of now.

Being asked if there are even more features coming up or if the features in the posting are complete, christel replied “Oh, theres definitely a few more surprises in store!”.

To check out the new IRCd yourself, connect to testnet.freenode.net on port 9002 for normal connections or 9003 for SSL encryption. The ircd-seven bugtracker is located here – you can also download the IRCds sourcecode there.

Thanks to TheXception for the tip & thanks to christel for the interview! :)

KVIrc 3.4.2 URI handler in combination with IE exploitable [Updated]

Not even a month ago, it was KVIrc 3.4.0 in it’s Windows release which has been vulnerable to what has been at least a DoS/crash.

As of yesterday, there have been new exploits posted on the usual sites around the internet – but this time it is not the fault of KVIrc’s URI handler, because the bug is only exploitable if the malicious link is opened with Microsoft’s Internet Explorer and is possible because of its unique way to handle double quotes (“) in links.

This time it is not possible to just let the client of a victim crash but to execute a command of the attackers choice – opening a whole can of worms as one can execute each and any command with the privileges of the attacked user.

In an interview conducted on IRC with members of the KVIrc team they said that “the ‘vulnerability’ is present in any programs URI handling engine until they decide to work around IE’s oddities”, which, according to this posting on their mailinglist, involves using DDE to pass links back and forth between applications.

Since only a few members of the KVIrc team do have the possibility to compile the client for the Windows operating system it might take a little while until a fix pops up, but they assured IRC-Junkie that this issue is being worked on.

Update 11/22/2008, ~8 hours later: There is an updated package released for testing which contains “all the latest fixes for the bugs found in 3.4.2.”. Link to the download is in this mailinglist posting.

Client Review: Rooms for the iPhone

When the iPhone first hit the stores, it was a long time where there was no native IRC client available for it and there was no other option than jailbreaking the phone to get one.

Luckily for all IRC users among the iPhone owners, Björn Teichmann created Rooms to fill that gap.

Now being available in version 0.6.8 (and 0.7.0 in a few days) from the AppStore, it already has matured quite a bit, is pretty usable and incorporates most features one could think of to make it a full-blown client that caters to almost everyones needs.

It supports auto connect on start as well as auto join, multiple nets and channels at the same time and even lets you connect using SSL if the network of your choice supports it. Joining keyed (+k) channels isn’t a problem either and even lets you save those so you’ll also be autojoined on connect in these if you want it to. It has a built-in browser which you can use to go to websites directly from within the Rooms GUI so you don’t have to close it down in order to check a link someone pasted in a channel.

Logging your conversations is possible too, auto identifying to NickServ as well as password support for servers which lets you connect to your bouncer easily. If that isn’t enough you can also make it supply arbitrary commands on connect so the possibilities are really endless in that regard.
It supports actions (/me), private messages and has a raw console if you really have to perform a command that is not possible otherwise.

Now with Rooms nearing it’s 0.7.0 release it there have been a boatload of bugfixes and feature additions (complete changelog here). The UI has undergone quite a few changes here and there in the upcoming version of which i will include a few screenshots below.

The main chat window:

Rooms main chat window

Rooms main chat window

As users of the current 0.6.8 version will notice, Rooms now supports colors and has gotten a new icon on the lower left instead of the old “i” (0.7.0 was sent in for review with an apple as the icon which Apple didn’t seem to like, as it is the reason why they delayed/halted the release…).

A look at the popup windows that let you select some options and the nick you want to PRIVMSG:

Rooms nicklist

Rooms nicklist

Rooms main menu popup

Rooms main menu popup

And finally, let’s have a look at the revised settings dialog (the screenshot just shows parts of it, there’s quite a bit more to fiddle with):

Rooms settings dialog

Rooms settings dialog

Another thing users of non-jailbroken phones will love is the possibility to turn off the at times annoying spellcheck – fix this on a global scale please, Apple :)

Oh and you can now, provided you have sufficient rights in that channel, kick and op users too – so Rooms is really getting there to become a full-featured client that doesn’t need to hide itself from it’s desktop counterparts. The author encourages Rooms users to submit bug reports and feature requests on his bugtracker so stuff that needs to be worked on might be just an update or two away.

Summing it up i have to say that chatting on the iPhone with Rooms is quite a pleasure and you sometimes forget that you are doing so on a mobile handheld device. Also, being available for just $2.99 (2.39€) it is more than worth it’s price (calling it cheap would be insulting i guess ;) ).

How to protect an IRC network from spam

Dealing with spam is something every IRC network had to do in the past, present or even maybe in the future.

If it is somebody that is trying to give your network a bad name, a trojan horse that tries to infect your users or just someone that tries to annoy you and your users doesn’t quite matter, spam probably has been an issue as long as IRC has existed.

Luckily, there are quite a few methods and ways to counter-act on it.

First thing should be educating your users to not click on anything that has been sent to them unsolicited – or performing any commands that promise them to “get free ops” and what else is going to be tempting to some – or they also might unwillingly and unknowingly join the spammers.

There are many (semi-) automated means to combat spam, mostly depending on what software you use – or are willing to use – on your network.

Some IRCd’s, such as Unreal or InspIRCd, already have built-in functionality to filter spam in any part that is visible to other IRCers – those however require that someone notices the spam and adds a regular expression to block and act upon it.

Completely automated ways to combat drones and malicious users include setting up a proxy scanner using DNS blacklists, or DNSBLs for short. There are extensive lists of various blacklists available on the internet but only some of them are meant to be used exclusively for IRC so choose wisely.

But what if the IRCd of your choice doesn’t support spamfilters and you don’t want to use DNS-based blacklists? IRCDefender is a software that could provide you with such functionality by adding a “pseudo-server” to your network which sole purpose would be checking for spam and everything else you configure it to do.

Neostats is another service that can help you combat malicious activity – it might even already be installed so you only would need to add the SecureServ module to it to have an additional layer of protection available.

So, since preventing spam also somewhat pertains to security, the same rules apply to it: you rather have a few layers to prevent something bad from happening than depend on a single line of defense.

Please share your tips what you do about spam on your network as well as stuff i might have missed :)

  Copyright secured by Digiprove

Quassel IRC CTCP Command Injection Vulnerability

Another day, another IRC client vulnerability…

Researchers have found a remotely exploitable vulnerability in the Quassel IRC client.

Quoted from the projects homepage:

Well, looks like 0.3.0.2 was not the last 0.3.0 release after all. coekie found an issue with CTCP handling in Quassel Core that allows attackers to send arbitrary IRC messages on your behalf. This issue is present in all versions prior to 0.3.0.3 and Git older than October 26th (rev. d7a0381).

Details on the vulnerability are provided on the webpage of the exploits author:

A CTCP ping where the value contains a CTCP quoted newline (’20′ + ‘n’) will let the Quassel core reply with a message containing an unquoted newline (‘\n’). The IRC server interprets this as a command separator.

Having a newline seperator injected in your IRC session means that anybody that sends a carefully crafted, malicious CTCP ping to your vulnerable client will be able to add an arbitrary command to it that will be executed with your privileges by the client – just as if you had typed it yourself.

The vulnerability is patched in version 0.3.0.3 which is available for download here.

As noted on the homepage, some distributions already have the new version available in their package repositories, other should update manually.

Gentoo and *buntu already ship the new version, with more distributions hopefully following ASAP. If you still use a 0.2-rc1 core, please consider updating to 0.3.x as soon as possible. Note that we provide unstable, but fixed packages for Debian now, thanks to dileX.