www.IRC-Junkie.org Forum Index
March 2004

?
Post new topic???Reply to topic ???www.IRC-Junkie.org Forum Index -> Old News
View previous topic :: View next topic ?
Author Message
Asmo
Site Admin


Joined: 26 Oct 2004
Posts: 663
Location: Undernet
PostPosted: Wed Oct 27, 2004 10:26 am?? ?Post subject: March 2004 Reply with quote
EFnet lost a french server and gained a german.

Wednesday, March 31 2004 by Hardy

Earlier today irc.isdnet.fr announced their delink from EFnet. The server have been linked since October 2001, following the tracks of irc.ec-lille.fr.

The reason for this delink is that the company have changed hands twice since linked, first to Cable & Wireless and now the division hosting the server was bought by Tiscali two months ago, so getting a hold of a technical or administrative contact needed for the minimal maintainance the server required was getting to hard.

This leaves EFnet with no current french server.

Also, happening today was the german internet provider Aixit/Gatel getting approval to link efnet.aixit.de to a 60 day trial link to the european portion of EFnet. This is the first german server to link since irc.gigabell.de delinked in July 2001.

NickServ on Undernet? (updated)

Wednesday, March 31 2004 by April

Rumors are spreading of a new network service coming in effect soon on this network. Nick services always have been a point of discussion on the network.

I asked Isomer, one of the head coders on the network if the rumors are true: "I can neither confirm nor deny the existence of a nickserv on Undernet", he starts. "If we were to do a nickserv it would have to take a lot of time and planning so that users don't register other peoples nicks. It would be something we'd have to think about very hard."

In the past, a nickservices module have been coded into GNUWorld, the service that provide the services to Undernet. We asked Isomer if that code could be used as Nickservices on Undernet: "Nah, not at the moment. There is a nickserv module in gnuworld tho that I think is used for another network."

A /whois shows:

[15:45:14] ?•?•?• ········································
[15:45:14] ?•?•?• nickserv is chanserv@nicks.undernet.org
[15:45:14] ?•?•?• nickserv is «/msg nickserv help»
[15:45:14] ?•?•?• nickserv on channels.undernet.org
[15:45:14] ?•?•?• ········································

Which used to be only a juper, it also has the syntax for sending the service the help command, adding to the rumors something is coming up.

Update: An anonymous user emailed IRCJunkie: "Hey, I tried to put 'nickserv' behind the normal CService login page, and it worked!" And indeed there seems to be a NickServ login page excisting on the Undernet website. You can find it here.

Information on this seems to be leaked to FAQS.org:

"How can I "register" my nickname? What's Nickserv?

Unfortunately, there is no way to guarantee that you can use the same nickname when you're on IRC. Although it is considered extremely impolite to use someone else's nickname, it does happen occasionally on IRC. This can cause confusion, and hence you're advised to make sure that your friends recognise you by your user@host.

However, all is not lost. There does exist a service call Nickserv which will register nicknames and warn other users who attempt to use the same nickname that the nickname's registered by you. On the Undernet, Nickserv's still in an experimental stage. Use
/msg nickserv@undernet.org help
for more information. Remember that it is not a guarantee that your nickname will not be used. Steps are underway to strengthen the undernet Nickserv, if possible. To repeat, Nickserv cannot be guaranteed to be even present all the time. In fact, it is absent most of the time, since it is only in an experimental stage. Do not depend on its existence."

New worm?

Tuesday, March 30 2004 by Asmo

"I think it's a new worm spreading on undernet. The worm PRIVMSG user with an ip address and port like this (ip and port never change) : [07:53] http://69.157.174.169:2233/", Gadi Evron wrote to BugTraq, a premier security list.

Charles Hamby wrote in a follow up email: "This leads me to believe it may a malicious website setup in an attempt to exploit a flaw in IE that was discovered last month ("MSIE Unspecified File Processing Arbitrary Code Execution Vulnerability")and not a worm. You can get more info on it here: http://www.securityfocus.com/bid/9658/info/"

These types of bots are actually a common thing on IRC networks. This particular URL contains a exploit in IE where you only have to visit the site and have a unpatched IE to get infected.
Other ways include a bit of social engineering where the user is tricked in believing the execution of a file will show him a video for example.

Always have the latest patches/updates installed for your operating system, and run a firewall and antivirus software. The last two come for free even. The links page has a list of free firewalls and antivirus packages.

Version changer script responsible for the mIRC exploit

Monday, March 29 2004 by Asmo

Last Wednesday news came known about a mIRC exploit which allowed malicious users to gain full control over the victim's system. At first it was thought the exploit was from within mIRC itself, but soon it became known it was not mIRC, but a third party script that contained the exploit.

The script in question is vchanger.mrc version 1.1.2e and earlier. This script allows the user to change the CTCP VERSION reply.

"An attacker can execute remote commands (system commands included) through the mIRC client of a user of the vchanger script by sending a malicious CTCP/DCC command", the CERT-IRC group explained in an public advisory. With sending a specially crafted CTCP PING in combination with the $findfile() mIRC command the malicious user can perform any command on the victim's computer, including shell commands.

The latest version 1.1.2f of the script has the exploit removed. Any users of the script are strongly advised to update the script as soon as possible.

Darkbot 7f1 released

Sunday, March 28 2004 by Asmo

Darkbot 7f1 has been released. "Color specific responses" is one of the very few new features in the bot. The WHATSNEW file shows a large list of bug fixes and changes due to domain shifts etc.

Darkbot is a type of Artificial Intelligence bot which is excellent for help type channels where it can help answering FAQ's. The bot can be a fun toy too however!

BitchX 1.1-final released

Saturday, March 27 2004 by Asmo

"We are pleased to announce that the final release of the BitchX 1.x source will be released to the public as 1.1-final. While this is the final release it does not mean we will not release patch level releases for serious problems in the future", the website of BitchX reports.

During today the FTP, website and CVS will be updated with the new version. Work on the next major version, 2.0, is undergoing as well.

"We will announce here when the 2.0-Alpha client is ready to be tested in the public. In the mean time if you're a coder that would like to get involved with the project please feel free to join EFnet #BitchX-dev and #BitchX."

RPG gaming for the lazy

Friday, March 26 2004 by Asmo

Undernet's news page announced a role playing game for those who "haven't been able to find time in your hectic private and social life for some serious roleplaying action lately."

LexTbomb is a IRC server operator on Undernet, and initiated this game in #idlerpg on Undernet. We asked him how the game is played. "The game is about your avatar doing great adventures in a fantasy world. With no interaction from you, you are even punished for interact with the bot other then login and saying stuff in the channel. Its a game for the absolute top-idlers of the world. The game is perfect for the hectic life of the professional. Who can enjoy a game without having to play it all the time. Just look it over once a week to check whats happened and make sure you are logged in to the bot" he answered to IRCJunkie.

Among the players are several operators of the network, and even X, the channel service of the network, who said: "It's the best things since sliced bread!", according to LexTbomb!

More information on this game can be found here.

mIRC DCC exploits revisited (updated (again))

Wednesday, March 24 2004 by Asmo

A new DCC security issue has been discovered in mIRC. This is a completely new DCC exploit unrelated to previous exploits, and all versions are vulnerable to this new discovery, including the new 6.14.

Malicious users have already been found who abuse this exploit against users.

This new exploit is rather serious as it does not just crash a mIRC client, but allows the malicious user to execute arbitrary code, as well as perform any mIRC command.

At this point no patch is available to close the exploit. Ignoring all DCC requests, or having a proxy in between the client and the user which blocks DCC requests will prevent the exploit being abused.

You can either ignore DCC's from the configuration panel which can be accessed through ALT-O, or use the following command from any window: /ignore -wd *

Update: There is some speculation whether this new found exploit is a hoax or not. The sources where this came from are usually very accurate in these matters, and don't "jump the gun" to quickly. The exploit has been reproduced and seen being abused "in the wild" by malicious users. Of course, if this exploit will indeed turn out to be a hoax we will report about that as soon as we get that confirmed.

Some websites, like the DALnet Exploits Team, have currently retracted the alert.

QuakeNet updated their post about the exploit and reports now that the "exploit itself lies in a particular CTCP VERSION reply changer script, we can't disclose which one." If this turns out to be the case, the exploit is there, but for those using that particular script, and not the general mIRC using users.

An discussion on this article have been started on SearchIRC.com.

Update 2: It is now confirmed the exploit is not coming from mIRC, but a third party script. We apologize for any inconvenience this post may have caused to you.

Additionally: some people like to think IRCJunkie brought this news first out to the public and caused unnecessary commotion doing so, which is certainly not the case. Once we saw news about this exploit being globally noticed on top 5 IRC networks, *and* popping up on forums we decided we could not stick behind and give our readers the choice to protect them self by something as simple as ignoring DCC's. For any questions or comments feel free to contact us.

XChat 2.0.8 released

Sunday, March 21 2004 by Asmo

Xchat released version 2.0.8 today. changes include a new Perl interface, better error messages on the Windows port and several bug fixes.

McVeigh Video really a Trojan

Tuesday, March 16 2004 by Asmo

Social engineering is a trick where malicious users try to let users perform some actions where they will infect them self, instead of the promised video, for example.

Bradley Chapman, a student at Brigham Young University, came into a channel named #mcveigh, and saw in the topic a URL to supposedly a video of the execution of McVeigh. He then contacted the ISP hosting the file, which promptly removed it.

These types of trojans are very common on IRC, where apparently users click before they think. These days coders of such viruses do everything they can to prevent the user know he has been infected, as he has more sinister plans with the computer he gained control off.

Usually these computers will make a connection to a hidden IRC channel where it waits for commands from the malicious user. Private information such as bank account information, password or credit card information can be retrieved with a simple command. In much the same way the computer can be used in DDoS attacks.

Even if a user gets infected, a firewall like ZoneAlarm (which comes in a free edition), could have stopped the trojan from connecting to the outside world, effectively making it harmless ...

Undernet GNUWorld Live-Event

Sunday, March 14 2004 by Asmo

"The Undernet User Committee is proud to present the next LiveEvent on Undernet with Isomer and other developers of the GNUWorld project."

GNUworld deliver services such as oper services and can be used to monitor the network.

The event will be held in #liveevents on April the 24th at 8PM GMT.

New logfile for your pleasure

Saturday, March 13 2004 by Asmo

(NRFC): Will toilet paper ever become obsolete?

Read all about it here ...

jIRCii 5 Beta released

Saturday, March 13 2004 by Asmo

jIRCii is a cross platform Java based IRC client. Version 5 Beta has been released with mostly bug fixes, and a few additions. An updated servers.ini, a "perform on connect" and scripting commands for "on unload" and accessing the servers.ini file.

IRC Defender 1.3.6 released

Friday, March 12 2004 by Asmo

"IRC Defender version 1.3.6 has just been released", developer Craig Edwards said in a reaction to IRCJunkie.

IRC Defender is a module written in Perl that can help IRC networks to take care of viruses, trojans, floods and other security related issues.

Version 1.3.6 introduces a module that detects IRC join/part flood network wide (and could optionally close the channel for a while) and nickflood detection. Also, support is added for Bahamut and Ultimate IRCd's.

"This new version also has debian-like dependencies within its modules, where each module PROVIDEs a set of features, and other modules DEPEND on the features, and can choose to bail if these features are not satisfied."

UnrealIRCD 3.2-RC2fix released (updated)

Tuesday, March 9 2004 by Asmo

The UnrealIRCD team have released a new version, 3.2-RC2, and shortly thereafter, 3.2-RC2fix.

"Due to a bug that was discovered in RC2 shortly after it was released, we were forced to release an updated version (RC2fix). If in /version you see 'Unreal3.2-RC2' then you must upgrade. If you see 'Unreal3.2-RC2fix' then you are fine. All of the downloads on the website have been updated with the fixed version. Additionally, for *nix users, you can simply apply the Patch available at http://www.unrealircd.com/32rc2fix.patch and recompile. We appologize for the inconvenience. Additionally, we would like to announce the addition of forums for the UnrealIRCd project. The forums can be accessed from forums.unrealircd.com."

We got in contact with codemastr, one of the developers of UnrealIRCD, and asked him to elaborate a bit more on the bugs that made the team release the fix version.

"First I'll disspell rumours that it would cause crashes, that's simply not true. An RC2 server will not crash as a result of this problem. Basically, (and the only reason I'm even mentioning this is because, to the best of my knowledge, everyone who was running RC2 has upgraded), it broke modes that prevent users from joining channels (+l, +k, +b, etc.) obviously that was serious enough to warrant an immediate fix. Also note, this did not affect every RC2 server. If you had any modules that made use of the HOOKTYPE_PRE_LOCAL_JOIN hook, then you would NOT experience this problem. So anyone who had Angrywolf's jointhrottle, for example, would not be affected."

A second less serious bug was the inability to compile on Solaris. A bug that was actually already present on RC1, but only got known 15 minutes after releasing RC2.

The first mentioned bug was discovered 1,5 hours after releasing RC2, and the fix was ready in 5 minutes. "But it took about another 25-30 minutes to build all the new releases and have it uploaded to all the mirrors and get the notification email out. Luckily, it seems SourceForge's mailing lists were rather lagged at the time RC2 was released and so the majority of the mailing list subscribers didn't even receive the release notification email until after RC2fix was already released."

"The one thing I would like to stress from this incident is, never underestimate the power of testing! There are dozens of people who run the CVS version of Unreal. This problem existed in the CVS for about 3-4 days before the release, but no one reported it."

"Again, like we've said before, we apologize to everyone who was inconvenienced by this and we will do everything we can to ensure it never happens again.

-- codemastr"

The Matrix meets IRC

Tuesday, March 9 2004 by Asmo

If you like the Matrix trilogy (OK well, maybe just the first movie then?), and have some spare time, this should be a fun read!

Some people just have way too much free time on their hands ...

Eggdrop log viewer

Tuesday, March 9 2004 by Asmo

Seitan end Yvl released a PHP based system that allows users to view eggdrop log files over the world wide web. It is a multiuser system where each user can have seperate rights on what he can and can't see. The script can be found on Egghelp.org.

NewsForge dives into the script kiddie culture

Sunday, March 7 2004 by Asmo

NewsForge recently published a interesting interview with someone who dived into the script kiddie underground for a while. Although a lot might be familiar to you, it remains a interesting read.

mIRC 6.14 released

Thursday, March 4 2004 by Asmo

Skipping version 6.13, version 6.14 got released today. A fresh new version of mIRC released today! With this new release we hope to address the comments, requests and remarks we received after the release of version 6.12. This new version fixes lots of the small but nevertheless annoying buggies found in the previous version. Among them the much discussed tooltip gpf bug and a daylight savings time offset bug" Tjerk Vonck announces in the whatsnew.txt document.

Among the new features are a function to reload the last bit of a log into a window (seems nice for reloading text after a window got closed after disconnection, etc), SSL support, a sort dialog which allows you to re-order the switchbar buttons and buttons and query windows can now have individual font settings. More changes can be found in the whatsnew.txt document.

JBouncer 1.0 released

Tuesday, March 2 2004 by Asmo

JBouncer is a Java implementation of an IRC bouncer/proxy and runs on any OS with the Java Runtime Environment installed.

"It now supports multiple user accounts, multiple servers and multiple sessions. All private channel messages can now be logged. Resumed sessions will be populated with previous messages so you can catch up with what happened. All users get to see their own set of independent sessions and everything can be accessed from the same port number so it's a piece of cake to set it up behind a firewall/NAT/etc." Paul Mutton, the author of JBouncer told to IRCJunkie.

Paul has more goodies for download available from his website, such as a "Social Network Bot" which draws diagrams of interaction between users in a channel and a bot that draws comics of chat in a channel.
_________________
Asmo

webmaster www.IRC-Junkie.org
Back to top
View user's profile Send private message Visit poster's website



Display posts from previous: ??
Post new topic???Reply to topic ???www.IRC-Junkie.org Forum Index -> Old News All times are GMT + 1 Hour
Page 1 of 1

?
Jump to:??
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB ? 2001, 2002 phpBB Group

Personal Loans | Web Site Marketing | Modded Xbox | Wien Hotels | Free Advertising