[cumbria_lug] last nights virtual meet
Michael Saunders
mike at aster.fsnet.co.uk
Tue Nov 18 22:08:05 GMT 2003
Lo Ian,
On Tue, 18 Nov 2003, Ian Linwood wrote:
>
> income) it has become as dull as a McLaren driver :-(
Har! TBH I didn't watch many races in the last season, although it was
interesting to see Schumacher breaking Fangio's record. All I can say
is, bring back Jean Alesi!
> Ok, historical and current clients have been/are vulnerable to
> attacks via formatted messages, malformed messages and *man in the
> middle* attacks, especially from dubious server operators or
> moderators.
That's true, but equally Apache and Sendmail (and a bazillion other
tools) have suffered from security problems in the past; that's no
reason to avoid WWW and email though.
> and I've watched one of them actually browse through a persons HD
> after sending a message to a client with a (previously written)
That's a client software issue, rather than any inherent problems with
the IRC protocol itself. There are also P2P utils, Web browsers and
email clients with security holes. C'est la vie, as they say. Now I
don't know a great deal about IRC's underlying mechanisms, but another
subscriber to this list (Chris Plant, who wrote an IRC server from
scratch) might be able to tell you more.
Many of the security bugs are a result of overly ambitious IRC clients
that attempt too much. If you look at the featureset of X-Chat, BitchX
and Irssi, inevitably there will be problems. But there are small,
simple clients out there; I wrote my own (Tatanga) and it's pretty
weak by modern standards, but it's so simple and basic that I know
there are no opportunities for crackers to execute arbitrary code etc.
> Needless to say - I will NEVER trust IRC in its current guise.
I know what you mean -- there have been client-side problems -- but
what's a better alternative for online real-time group discussion?
Yahoo! Chat is face-punchingly dire. Plenty of experienced UNIXers use
IRC regularly (including the Fedora developers), so it's not too
problematic yet.
Mike
--
Michael Saunders
www.aster.fsnet.co.uk
More information about the Cumbria
mailing list