Re: [Full-Disclosure] Why is IRC still around?
From: vord (vordhosbn_at_gmail.com)
Date: 11/22/04
- Previous message: Paul Schmehl: "RE: [Full-Disclosure] Windows user privileges"
- In reply to: Bart.Lansing_at_kohls.com: "Re: [Full-Disclosure] Why is IRC still around?"
- Next in thread: n3td3v: "Re: [Full-Disclosure] Why is IRC still around?"
- Reply: n3td3v: "Re: [Full-Disclosure] Why is IRC still around?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Mon, 22 Nov 2004 11:54:00 -0600
bart
the point was obviously wasted on you. firstly, "that it would be
appropriate to consider doing away with all of them [forms of
communication] .." is by no means a logical conclusion to draw from my
premise[s], nor did i ever express or imply such nonsense. however, i
did state rather explicitly that it is NECESSARY to demand their
continued evolution and potential [perhaps eventual] demise as they
become obsolete.
second, each and every form of communication has dispensable flaws in
addition to its inherent and perhaps indispensable ones. where IRC is
concerned, some flaws of the former variety are undeniably major
contributing factors to the rampant malware plague and therefore
worthy of some [more] attention, and [please note] not impossible to
eliminate ... if only people were concerned.
third, personal responsibility is precisely the issue here. placing
all the blame on people who use guns to kill will never solve the
problem of gun-related crime -- the same is true of placing all the
blame for the existence of malware on malware creators, especially
considering how long it has been allowed to flourish -- it is
concordantly irresponsible behavior to continue to do so [fool me
once, twice, three times]. naivety and idealism might make you happy
inside, bart, but they NEVER solve anything.
in conclusion, we should be trying to solve the problem from more than
one angle. trying to convince people not to write worms, waiting until
worms are released and issuing patches/inoculations, and all attempts
at early detection/prevention are certainly noble endeavours. but
history proves that they are not enough. a new angle of attack is
necessary: the potential avenues for abuse should not ONLY be
considered during development, but more importantly after deployment
-- the internet itself [and most technology, i should say] has more or
less been fire and forget [until its abused] ... and this is primarily
why the computer security industry exists [lack of foresight].
i have nothing more to say on the subject, all replies should be
directed off list if you insist upon making one.
btw, the infrastructure simply doesn't exist to move all business off
the internet ... the net is now built-in to the world economy, and has
been for some time; don't be confused about this.
deaf ears, no doubt.
--vord
#hackphreak/undernet
sucka
On Mon, 22 Nov 2004 09:01:31 -0600, bart.lansing@kohls.com
<bart.lansing@kohls.com> wrote:
>
> Vord,
>
> Let's extend your logic a bit...
>
> Given your diatribe, one can easily make the following assertion and assume
> your full support:
>
> {It is clear that the internet...being composed of largely uncontrollable,
> independent nodes...may easily be subverted for uses that are counter to the
> greater good of society. Therefore, as alternate means of communications
> and conducting legitmate business are in fact available, the internet will
> be closed until further notice. Please feel free to create a new internet
> which cannot be subverted or otherwise used in any manner which does not
> conform to the societal conventions we have chosen to enforce. }
>
> There is no communications channel which can not be subverted in some way or
> another, be it digital, analog, or paper. Your arguements/pontifications
> below, if carried to their logical conclusion, suggest that it would be
> approriate to consider doing away with all of them due to the potential
> which exists for abuse/misuse.
>
> How about a little focus on the people who are responsible, instead...you
> know, encouraging personal responsibility...that sort of thing?
>
> In any society, whether meat-based or bit-based, freedom does indeed have
> the side-effect of making it harder to prevent bad people from doing bad
> things. Nonetheless, I'll gladly take the headaches of dealing with bad
> people and bad things while enjoying the relative freedoms I have.
>
>
> full-disclosure-admin@lists.netsys.com wrote on 11/20/2004 02:03:00 AM:
>
>
>
> > ive never seen so many repetitive and knee-jerk reactions to one
> > [potentially baseless] post in all my years of watching FD [the
> > obvious exceptions being the OT political nonsense occurring here,
> > especially as of late] as witnessed during my reading of this thread.
> >
> > but moving right along ... :D
> >
> > my take is that Danny merely suggests burning the security candle at
> > both ends. it is complete nonsense to approve of ANYTHING simply
> > because it has some, or even a vast lot, of legitimate users/uses.
> > some things are just not worth defending or perpetuating, and perhaps
> > IRC is one of them? [this is his question].
> >
> > and for the record, "they would move to another resource" is not a
> > coherent argument against his position [his question, rather]
> > concerning the elimination of a problem-child medium. perhaps the cost
> > to society via the spread piracy and virii [more importantly the
> > altter] isnt worth the measly gain IRC affords its legitimate users?
> > [well?]
> >
> > it IS incoherent, however, to argue that IRC (1) is the kiddiots means
> > of choice for controlling his worms because it is the easiest or most
> > efficient way to do so, while also contending (2) that an IRC sunset
> > would not cause the immediate dissappearance of substansial
> > internet-wide problems. making it harder MAKES IT HARDER and must
> > therefore to some degree reduce the probability of abuse. therefore
> > the gain afforded to legitimate users by this medium should be
> > weighted against the direct affect its eradication would have on REAL
> > problems -- and, clearly, no one here is qualified to make this
> > judgement, else they would have offered such proof in immediate
> > response to the original post as opposed to blabbing incessantly about
> > incredibly obvious bullshit. the only potentially useful point anyone
> > has made [not that it wasnt obvious] concerns the difficulty in
> > removing the medium ... but this is irrelavent, of course, since it is
> > more likely that the security community would suggest [and perhaps
> > assist in the developement of] a replacement [most importantly] to the
> > larger IRC networks.
> >
> > if shooting people is evil, OBVIOUSLY guns are flawed, but only
> > insofar as people are capable of abusing them, willing to abuse them,
> > and effective in their attempts at doing so. so to burn the candle at
> > both ends you have to fight the spread of trojans and virii by fixing
> > the holes they exploit and providing detection services, while also
> > continually analyzing and evolving the structure on which it all
> > rests. ie, the internet at its core... protocols, etc.
> >
> > im sure the original ford model-T had plenty of legitimate users who
> > didnt drive drunk or generally cause mayhem ... i dont see it around
> > anymore though ... hmm, i wonder if that correlates directly to the
> > increased safety of automobiles ... hmm hmm, indeed. </sardonicism>
> >
> > the issue is certainly not at all as cut and dry as most of you have
> > made it out to be.
> >
> > --vord
> > #hackphreak/undernet
> > invulnerable to the accidents of people and books.
> >
> > On Fri, 19 Nov 2004 22:08:33 -0000, Darren Wolfe
> > <darren@thecosmicgerbil.com> wrote:
> > > I have never replied to anything on this list (I read it to keep up to
> date
> > > on vulnerabilities, but im not really qualified to contribute anything)
> but
> > > this particular message has peaked my interest.
> > >
> > > 1. Agreed, by using flaws in IE they then go on to subvert mirc into
> > > spamming people.
> > > 2. They do.
> > > 3. A tremendous amount :)
> > > 4. This is only because IRC provides the perfect medium in which to
> control
> > > those zombies (a single message from one person is immediately sent to
> > > everyone in the channel at the same time). If a better medium was
> available,
> > > they'd use that.
> > >
> > > IRC is as close to a real time group conversation as you can get that
> > > doesn't used closed protocols. It's fast, simple and used by an
> enormous
> > > number of people - particuarly those who play online games, and for
> open
> > > source projects (#gentoo on freenode regularly has over 900 people in
> it).
> > >
> > > In answer to your final question - IRC is very useful for quick
> > > conversations in real time with groups of people. Sure there are other
> > > things - usenet, web based forums, email based mailing lists, IM
> networks
> > > etc but none have that group feeling as much as IRC.
> > >
> > > It's problem is twofold - firstly, mirc (the most popular client) has a
> > > number of flaws that make it easy to steal peoples "auth passwords".
> But
> > > these are not automated! The user must be tricked into typing some
> commands
> > > to set the exploit in motion.
> > > This is also the second problem - a link may be mentioned in a channel
> and
> > > people will click on it - from there, if your browser is vulnerable,
> you can
> > > be hit by any number of trojans. There was a winamp trojan going about
> a
> > > few months ago (which I reported and is now fixed - go me :D ) which
> > > involved clicking a link in irc that opened winamp through a file
> > > association that exploited a security flaw that installed a script for
> mirc
> > > that spammed the same link to everyone in the channel.
> > >
> > > Like any other medium, it is a combination of a lack of knowledge by
> the
> > > users and exploits/vulnerabilities in software, the only difference, is
> that
> > > on IRC it tends to spread quickly because of its real time nature.
> > > So in conclusion, no, IRC should not be killed off, mirc's scripting
> > > vulnerabilities should be closed in some way, and vulnerabilities in
> other
> > > software should continue to be discovered and fixed.
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: full-disclosure-admin@lists.netsys.com
> > > [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Danny
> > > Sent: 19 November 2004 17:40
> > > To: Mailing List - Full-Disclosure
> > > Subject: [Full-Disclosure] Why is IRC still around?
> > >
> > > Well, it sure does help the anti-virus (anti-malware) and security
> > > consulting business, but besides that... is it not safe to say that:
> > >
> > > 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further
> havoc?
> > > 2) A considerable amount of "script kiddies" originate and grow through
> IRC?
> > > 3) A wee bit of software piracy occurs?
> > > 4) That many organized DoS attacks through PC zombies are initiated
> through
> > > IRC?
> > > 5) The anonymity of the whole thing helps to foster all the illegal and
> > > malicious activity that occurs?
> > > The list goes on and on...
> > >
> > > Sorry to offend those that use IRC legitimately (LOL - find something
> else
> > > to chat with your buddies), but why the hell are we not pushing to
> sunset
> > > IRC?
> > >
> > > What would IT be like today without IRC (or the like)? Am I
> narrowminded to
>
>
> > > say that it would be a much safer place?
> > >
> > > ...D
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.netsys.com/full-disclosure-charter.html
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.netsys.com/full-disclosure-charter.html
> > >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Paul Schmehl: "RE: [Full-Disclosure] Windows user privileges"
- In reply to: Bart.Lansing_at_kohls.com: "Re: [Full-Disclosure] Why is IRC still around?"
- Next in thread: n3td3v: "Re: [Full-Disclosure] Why is IRC still around?"
- Reply: n3td3v: "Re: [Full-Disclosure] Why is IRC still around?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
