[cumbria_lug] last nights virtual meet
Ian Linwood
ian_linwood_clug at dinwoodie.freeuk.com
Tue Nov 18 20:37:23 GMT 2003
Hello Michael,
Tuesday, November 18, 2003, 5:55:28 PM, you wrote:
> On Tue, 18 Nov 2003, Ian Linwood wrote:
>> http://www.itv-f1.com/
> ITV's Formula one coverage is a horrendous train wreck, and worse than
> having your teeth snapped off with pliers by the creators of WinLinux
> 2000. SIX TIMES A DAY.
Agreed. But all the F1 sites are the same. The only good one was
formula1.com, when it was independent. But since Ernie took it over
after extended legal wrangling (effectively suffocating the sites
income) it has become as dull as a McLaren driver :-(
update: until now - a little bit of Columbian always did spice things
up!
>> Because of its very nature, using an IRC client leaves your PC wide
>> open to attack/takeover.
> Care to elaborate on that? Wide open to takeover? Que? Nan desu ka?
Ok, historical and current clients have been/are vulnerable to
attacks via formatted messages, malformed messages and *man in the
middle* attacks, especially from dubious server operators or
moderators.
This can lead to one or more of; client crash, client take over, system
takeover (depending on your local privileges), DDoS and the time
honoured buffer overflows.
So whether you use mIRC, BitchX, ircII, epic, or whatever - watch out.
There are a lot of very knowledgeable IRC users/script kiddies out
there, and I've watched one of them actually browse through a persons
HD after sending a message to a client with a (previously written)
string of characters.
Having trawled copious FW-1 logs I also know that IRC is one of the
first ports of call for any potential cracker (pun intended).
Don't get me wrong the original idea of IRC was great, I used to use IRC
myself, but the technology was devised when the Internet was young and
there has been very little consideration paid to security in it's
design and implementation. SMTP, likewise, suffers in this regard. The
world would be a better place if it were phased out and something
along the lines of ASMPT (RFC 2554) implemented (yippee,
authenticated, traceable mail - end of spam).
Needless to say - I will NEVER trust IRC in its current guise.
--
Best regards,
Ian
More information about the Cumbria
mailing list