Re: [Full-Disclosure] Why is IRC still around?

[Jeff Donahue]

That's because the Internet is free and no one can control what survives on 
it. What survives isn't what is *ethical* but what is *useful*. And IRC is 
very useful for some people, so it's here to stay.

The problem is not IRC; the problem is the misuse some people make of it. We 
cannot make knives dissapear, because they are useful; instead, we must get 
rid of people that uses knives to kill.

- Original Message - 
From: "Danny" <[EMAIL PROTECTED]>
To: "Mailing List - Full-Disclosure" <[EMAIL PROTECTED]>
Sent: Friday, November 19, 2004 2:40 PM
Subject: [Full-Disclosure] Why is IRC still around?


Well, it sure does help the anti-virus (anti-malware) and security
consulting business, but besides that... is it not safe to say that:
1) A hell of a lot of viruses/worms/trojans use IRC to wreck further 
havoc?
2) A considerable amount of "script kiddies" originate and grow through 
IRC?
3) A wee bit of software piracy occurs?
4) That many organized DoS attacks through PC zombies are initiated 
through IRC?
5) The anonymity of the whole thing helps to foster all the illegal
and malicious activity that occurs?
The list goes on and on...

Sorry to offend those that use IRC legitimately (LOL - find something
else to chat with your buddies), but why the hell are we not pushing
to sunset IRC?
What would IT be like today without IRC (or the like)? Am I narrow
minded to say that it would be a much safer place?
...D
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html 
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[shrek]

Even better idea: Get "sunset" internet1

/me just solved problems 1-5


On Fri, 19 Nov 2004 12:40:26 -0500, Danny <[EMAIL PROTECTED]> wrote:
> Well, it sure does help the anti-virus (anti-malware) and security
> consulting business, but besides that... is it not safe to say that:
> 
> 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
> 2) A considerable amount of "script kiddies" originate and grow through IRC?
> 3) A wee bit of software piracy occurs?
> 4) That many organized DoS attacks through PC zombies are initiated through 
> IRC?
> 5) The anonymity of the whole thing helps to foster all the illegal
> and malicious activity that occurs?
> The list goes on and on...
> 
> Sorry to offend those that use IRC legitimately (LOL - find something
> else to chat with your buddies), but why the hell are we not pushing
> to sunset IRC?
> 
> What would IT be like today without IRC (or the like)? Am I narrow
> minded to say that it would be a much safer place?
> 
> ...D
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Mister Coffee]

Danny wrote:
Well, it sure does help the anti-virus (anti-malware) and security
consulting business, but besides that... is it not safe to say that:
1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
>
And?  There are a hell of a lot of "normal" users on IRC too who don't 
wreck havoc.  A lot of spam comes in email.  Does that make email bad?

2) A considerable amount of "script kiddies" originate and grow through IRC?
>
And AIM, ICQ, Jabber, web-forums, mailing lists, etc.  IRC is one medium 
amungst many.

3) A wee bit of software piracy occurs?
Some, perhaps.  But unlike, say BitTorrent or Kazaa, IRC's primary role 
is communication rather than file transfer.  You could make the same 
argument for ANY of the IM clients that support file transfer.

4) That many organized DoS attacks through PC zombies are initiated through IRC?
>
Many do.  Yes.  But many also originate through other media, and, again, 
 it's not the medium's fault that people use it for nefarious purposes. 
 Hitmen get calls on their cell phones.  Should we eliminate cell 
phones to stop the hitmen?

5) The anonymity of the whole thing helps to foster all the illegal
and malicious activity that occurs?
The list goes on and on...
Anonymity is not a bad thing in many, man, respects.  And the list of 
legitimate uses goes on and on as well.

Sorry to offend those that use IRC legitimately (LOL - find something
else to chat with your buddies), but why the hell are we not pushing
to sunset IRC?
No offense.  But the arguments aren't especially strong.  We're not 
pushing to sunset the IRC protocol because there are still thousands and 
thousands of -legitimate- users in the world.  Unlike most IM systems, 
the IRC nets are completely independant.  There are some serious 
advantages to that.

What would IT be like today without IRC (or the like)? Am I narrow
minded to say that it would be a much safer place?
Yes?
IRC is a protocol.  A tool like any other.  Last I looked there were 
still hundreds to thousands of IRC users at any given time who were 
there just to hang out and BS with their friends.   It's still a valid 
"community" if you will, in spite of the nefarious uses other people 
have put it to.

If you sunset something like IRC, the 3v1L [EMAIL PROTECTED] will just move their 
bots and trojans somewhere else.

...D
Cheers,
L4J
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[james edwards]

> Sorry to offend those that use IRC legitimately (LOL - find something
> else to chat with your buddies), but why the hell are we not pushing
> to sunset IRC?

It is not IRC that is the problem, it is the people on IRC that cause
problems.
Guns don't kill people all by by themselves; people kill people.



>
> What would IT be like today without IRC (or the like)? Am I narrow
> minded to say that it would be a much safer place?
>
> ...D

I would be lost w/o freenode.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Why is IRC still around?

[Bowes, Ronald (EST)]

How exactly do you propose to accomplish this?  IRC is an open protocol and
there are many open clients and open servers which can run on any port, and
run encrypted with SSL.  

So do you intend to scan every computer on the Internet on port 6667, and
shut down every server found running, the move on to random ports that
zombies probably use, and start attacking sites that provide open source
clients that use an open protocol?

Your suggestion makes no sense, and it's something that's impossible to
implement.  Why not just make knives illegal?  I mean, they're frequently
used as a weapon, right?


Ron Bowes
Information Protection Centre
Government Of Manitoba


-Original Message-
From: Danny [mailto:[EMAIL PROTECTED] 
Sent: Friday, November 19, 2004 11:40 AM
To: Mailing List - Full-Disclosure
Subject: [Full-Disclosure] Why is IRC still around?

Well, it sure does help the anti-virus (anti-malware) and security
consulting business, but besides that... is it not safe to say that:

1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
2) A considerable amount of "script kiddies" originate and grow through IRC?
3) A wee bit of software piracy occurs?
4) That many organized DoS attacks through PC zombies are initiated through
IRC?
5) The anonymity of the whole thing helps to foster all the illegal
and malicious activity that occurs?
The list goes on and on...

Sorry to offend those that use IRC legitimately (LOL - find something
else to chat with your buddies), but why the hell are we not pushing
to sunset IRC?

What would IT be like today without IRC (or the like)? Am I narrow
minded to say that it would be a much safer place?

...D

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[huhu]

Danny wrote:
Well, it sure does help the anti-virus (anti-malware) and security
consulting business, but besides that... is it not safe to say that:
?
1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
email, http, aol users;)?
2) A considerable amount of "script kiddies" originate and grow through IRC?
and criminals through phones
3) A wee bit of software piracy occurs?
p2p?
4) That many organized DoS attacks through PC zombies are initiated through IRC?
just a control network, could also (and is) handeld through p2p-technologie
5) The anonymity of the whole thing helps to foster all the illegal
anonymity?;)
and malicious activity that occurs?
The list goes on and on...
Sorry to offend those that use IRC legitimately (LOL - find something
else to chat with your buddies), but why the hell are we not pushing
to sunset IRC?
What would IT be like today without IRC (or the like)? Am I narrow
minded to say that it would be a much safer place?
yes, you are.
...D
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Jason]

Unfortunately IRC is not the problem. Removing IRC will cause the 
systems that use it to leverage another control channel. The people that 
abuse it will use another forum...

The problem is that systems exist that can be mass exploited and used to 
coordinate attacks and that there are people happy to exploit those systems.

You can use any of the following to coordinate the same attacks:
- a web page
- ping
- DNS
- newsgroups
- ftp
- AIM
- Jabber
- P2P
- Email
- blog
...
Danny wrote:
Well, it sure does help the anti-virus (anti-malware) and security
consulting business, but besides that... is it not safe to say that:
1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
2) A considerable amount of "script kiddies" originate and grow through IRC?
3) A wee bit of software piracy occurs?
4) That many organized DoS attacks through PC zombies are initiated through IRC?
5) The anonymity of the whole thing helps to foster all the illegal
and malicious activity that occurs?
The list goes on and on...
Sorry to offend those that use IRC legitimately (LOL - find something
else to chat with your buddies), but why the hell are we not pushing
to sunset IRC?
What would IT be like today without IRC (or the like)? Am I narrow
minded to say that it would be a much safer place?
...D
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[shrek]

Oh, crap s/Get/Why not/

Sorry


On Fri, 19 Nov 2004 12:49:32 -0600, shrek <[EMAIL PROTECTED]> wrote:
> 
> 
> Even better idea: Get "sunset" internet1
> 
> /me just solved problems 1-5
> 
> On Fri, 19 Nov 2004 12:40:26 -0500, Danny <[EMAIL PROTECTED]> wrote:
> > Well, it sure does help the anti-virus (anti-malware) and security
> > consulting business, but besides that... is it not safe to say that:
> >
> > 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
> > 2) A considerable amount of "script kiddies" originate and grow through IRC?
> > 3) A wee bit of software piracy occurs?
> > 4) That many organized DoS attacks through PC zombies are initiated through 
> > IRC?
> > 5) The anonymity of the whole thing helps to foster all the illegal
> > and malicious activity that occurs?
> > The list goes on and on...
> >
> > Sorry to offend those that use IRC legitimately (LOL - find something
> > else to chat with your buddies), but why the hell are we not pushing
> > to sunset IRC?
> >
> > What would IT be like today without IRC (or the like)? Am I narrow
> > minded to say that it would be a much safer place?
> >
> > ...D
> >
> > ___
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Danny]

On Fri, 19 Nov 2004 12:17:09 -0800, Mister Coffee
<[EMAIL PROTECTED]> wrote:
> Danny wrote:
> > Well, it sure does help the anti-virus (anti-malware) and security
> > consulting business, but besides that... is it not safe to say that:
> >
> > 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
>  >
> And?  There are a hell of a lot of "normal" users on IRC too who don't
> wreck havoc.  A lot of spam comes in email.  Does that make email bad?
> 
> > 2) A considerable amount of "script kiddies" originate and grow through IRC?
>  >
> And AIM, ICQ, Jabber, web-forums, mailing lists, etc.  IRC is one medium
> amungst many.
> 
> > 3) A wee bit of software piracy occurs?
> >
> Some, perhaps.  But unlike, say BitTorrent or Kazaa, IRC's primary role
> is communication rather than file transfer.  You could make the same
> argument for ANY of the IM clients that support file transfer.
> 
> > 4) That many organized DoS attacks through PC zombies are initiated through 
> > IRC?
>  >
> Many do.  Yes.  But many also originate through other media, and, again,
>   it's not the medium's fault that people use it for nefarious purposes.
>   Hitmen get calls on their cell phones.  Should we eliminate cell
> phones to stop the hitmen?
> 
> > 5) The anonymity of the whole thing helps to foster all the illegal
> > and malicious activity that occurs?
> > The list goes on and on...
> > 
> Anonymity is not a bad thing in many, man, respects.  And the list of
> legitimate uses goes on and on as well.
> 
> > Sorry to offend those that use IRC legitimately (LOL - find something
> > else to chat with your buddies), but why the hell are we not pushing
> > to sunset IRC?
> > 
> No offense.  But the arguments aren't especially strong.  We're not
> pushing to sunset the IRC protocol because there are still thousands and
> thousands of -legitimate- users in the world.  Unlike most IM systems,
> the IRC nets are completely independant.  There are some serious
> advantages to that.
> 
> > What would IT be like today without IRC (or the like)? Am I narrow
> > minded to say that it would be a much safer place?
> > 
> Yes?
> 
> IRC is a protocol.  A tool like any other.  Last I looked there were
> still hundreds to thousands of IRC users at any given time who were
> there just to hang out and BS with their friends.   It's still a valid
> "community" if you will, in spite of the nefarious uses other people
> have put it to.
> 
> If you sunset something like IRC, the 3v1L [EMAIL PROTECTED] will just move 
> their
> bots and trojans somewhere else.

Well said. Thanks for your time.

...D

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Valdis . Kletnieks]

On Fri, 19 Nov 2004 12:40:26 EST, Danny said:

> 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
> 2) A considerable amount of "script kiddies" originate and grow through IRC?
> 3) A wee bit of software piracy occurs?
> 4) That many organized DoS attacks through PC zombies are initiated through 
> IRC?
> 5) The anonymity of the whole thing helps to foster all the illegal
> and malicious activity that occurs?

And is there *anything* on that list that is in the least bit IRC-specific,
or can any *other* IM system work just as well?

> What would IT be like today without IRC (or the like)? Am I narrow
> minded to say that it would be a much safer place?

Only if you *also* manage to stomp out AIM, and MSN Messenger, and Yahoo,
and Jabber, and...  Because if you don't, they'll just pick up and move
elsewhere.


pgpYYNSove8Iw.pgp
Description: PGP signature

Re: [Full-Disclosure] Why is IRC still around?

[Michael Rutledge]

Wow, I think you have a great point!  To add to the list, Los Angeles
has quite a bit of crime, so I think that it should be removed from
the face of the planet.  Of course, I think some fraud has been
occurring on eBay--remove them also.  Oh, and some Catholic priests
have been in the news for some "questionable activities", why keep
them around--Catholicism has been overated (been around too long),
nuke em.


IRC is a great communication tool that has grown and evolved over the
years.  There will always be a medium for "questionable activities"
and illegal acts to propagate regardless of what communication link
you remove.

-Michael

On Fri, 19 Nov 2004 12:40:26 -0500, Danny <[EMAIL PROTECTED]> wrote:
> Well, it sure does help the anti-virus (anti-malware) and security
> consulting business, but besides that... is it not safe to say that:
> 
> 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
> 2) A considerable amount of "script kiddies" originate and grow through IRC?
> 3) A wee bit of software piracy occurs?
> 4) That many organized DoS attacks through PC zombies are initiated through 
> IRC?
> 5) The anonymity of the whole thing helps to foster all the illegal
> and malicious activity that occurs?
> The list goes on and on...
> 
> Sorry to offend those that use IRC legitimately (LOL - find something
> else to chat with your buddies), but why the hell are we not pushing
> to sunset IRC?
> 
> What would IT be like today without IRC (or the like)? Am I narrow
> minded to say that it would be a much safer place?
> 
> ...D
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[dk]

Danny wrote:
Sorry to offend those that use IRC legitimately (LOL - find something
else to chat with your buddies), but why the hell are we not pushing
to sunset IRC?
 

Many people use IRC; and still do. It's a legitimate medium I've used 
since the 80's for it's intended purpose. Your "abolish" idea is, to be 
honest, a bit simplistic don't you think?  Let's just cut through the 
proselytizing and ban this whole "Internet" thing, that'll stop 'em. :)

What would IT be like today without IRC (or the like)? Am I narrow
minded to say that it would be a much safer place?
 

Path of least resistance. If not IRC another venue would be used.
--
dk
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Why is IRC still around?

[Poof]

Wow, NICE analogy Jeff!

While IRC is here to stay... The future seems more like servers that're only
hosted through big companies/etc as most datacenters are 'forbidding' use of
IRC(Ports 6660-6669, 7000) on their network.

Just a thought.

~

> That's because the Internet is free and no one can control what survives
> on
> it. What survives isn't what is *ethical* but what is *useful*. And IRC is
> very useful for some people, so it's here to stay.
> 
> The problem is not IRC; the problem is the misuse some people make of it.
> We
> cannot make knives dissapear, because they are useful; instead, we must
> get
> rid of people that uses knives to kill.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[J.A. Terranson]

On Fri, 19 Nov 2004, Danny wrote:

> What would IT be like today without IRC (or the like)? Am I narrow
> minded to say that it would be a much safer place?

Narrow minded or not, it's irrelevent.  Sure, the world *might* be a
little teenie bit "safer" without IRC, but then, the same could be said
about half the readership of this list (Hi Paul!): why not "sunset" them
as well?

Your argument boils down to the pre-emptive removal of anything that could
conceivably be used in an illegitimate manner - as we have all seen with
gun control, banning the *tool* is not going to stop the violence.  Might
as well ban knives, chewing gum, and "techno" "music"..

> ...D

-- 
Yours,

J.A. Terranson
[EMAIL PROTECTED]
0xBD4A95BF

 Civilization is in a tailspin - everything is backwards, everything is
upside down- doctors destroy health, psychiatrists destroy minds, lawyers
destroy justice, the major media destroy information, governments destroy
freedom and religions destroy spirituality - yet it is claimed to be
healthy, just, informed, free and spiritual. We live in a social system
whose community, wealth, love and life is derived from alienation,
poverty, self-hate and medical murder - yet we tell ourselves that it is
biologically and ecologically sustainable.

The Bush plan to screen whole US population for mental illness clearly
indicates that mental illness starts at the top.

Rev Dr Michael Ellner

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Tim]

> My mistake; I was referring to the discussion, collaboration, and
> creation, not the spread.

You mentioned DDoS attacks below.  I don't believe that use is a form of
discussion, collaboration, or creation.

> Some say we should, but I am not one of those. My point was to get rid
> of the most well established tool (and easiest to use) for these types
> of activities.

Any tool can be used by anyone for good or evil.  If one knows the
kiddies are all hanging out on IRC, then you can get a lot of good info
about what their new attacks are by loitering on their channels.


> What's the difference? IRC is so well established for the type of
> activity I am referring to.

As it is established for many productive things.  Ever check out
freenode?


> I'll leave the piracy battle for someone else - I just mentioned it as
> a part of the problem.

If you aren't prepared to defend it on this list, better not mention it.
=)


> Sure netcat is an alternative, but which one is easier to use?

Um... netcat, or raw tcp sockets.  I would argue it is easier to write
something that just opens a connection, and listens for commands to come
back, than something that has to speak IRC.  Speaking IRC has its own
advantages, but in the absence of it, it is still trivial to manage a
bot net.

> I thought I would throw out the idea. If you want to call me a troll,
> then so be it, but don't get your panties in a knot over the whole
> thing

Pardon my harsh reply.  It wasn't personal, and is directed only at your
reasoning.  It is a similar reasoning that leads to the slippery slope
toward censorship.

tim

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Gregory Gilliss]

One alternative - silc. http://www.silcnet.org/

G

On or about 2004.11.19 12:40:26 +, Danny ([EMAIL PROTECTED]) said:

> Well, it sure does help the anti-virus (anti-malware) and security
> consulting business, but besides that... is it not safe to say that:
> 
> 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
> 2) A considerable amount of "script kiddies" originate and grow through IRC?
> 3) A wee bit of software piracy occurs?
> 4) That many organized DoS attacks through PC zombies are initiated through 
> IRC?
> 5) The anonymity of the whole thing helps to foster all the illegal
> and malicious activity that occurs?
> The list goes on and on...
> 
> Sorry to offend those that use IRC legitimately (LOL - find something
> else to chat with your buddies), but why the hell are we not pushing
> to sunset IRC?
> 
> What would IT be like today without IRC (or the like)? Am I narrow
> minded to say that it would be a much safer place?
> 
> ...D
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

-- 
Gregory A. Gilliss, CISSP  E-mail: [EMAIL PROTECTED]
Computer Security WWW: http://www.gilliss.com/greg/
PGP Key fingerprint 2F 0B 70 AE 5F 8E 71 7A 2D 86 52 BA B7 83 D9 B4 14 0E 8C A3

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Danny]

On Fri, 19 Nov 2004 14:47:36 -0600, Bowes, Ronald (EST)
<[EMAIL PROTECTED]> wrote:
> How exactly do you propose to accomplish this?  IRC is an open protocol and
> there are many open clients and open servers which can run on any port, and
> run encrypted with SSL.
> 
> So do you intend to scan every computer on the Internet on port 6667, and
> shut down every server found running, the move on to random ports that
> zombies probably use, and start attacking sites that provide open source
> clients that use an open protocol?
> 
> Your suggestion makes no sense, and it's something that's impossible to
> implement.  Why not just make knives illegal?  I mean, they're frequently
> used as a weapon, right?

Yah, you are right. I just needed to rant when I see all these
trojan's written to call home (to an IRC channel) and DoS attacks
coordinated via IRC to control unpatched anti-virus-less Windows PC
zombies.

Next topic...

...D

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Eric Paynter]

On Fri, November 19, 2004 9:40 am, Danny said:
> 2) A considerable amount of "script kiddies" originate and grow through
> IRC?
> 3) A wee bit of software piracy occurs?
> 4) That many organized DoS attacks through PC zombies are initiated
> through IRC?
> 5) The anonymity of the whole thing helps to foster all the illegal
> and malicious activity that occurs?

I think you answered the question. It is still around because it is useful
for some. It's not like the ability to host an Internet server is
regulated. Anybody can create one.

-Eric

--
arctic bears - email and dns services
http://www.arcticbears.com

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Danny]

On Fri, 19 Nov 2004 15:54:54 -0500, Tim
<[EMAIL PROTECTED]> wrote:
> > 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
> 
> Isn't email the primary spreading mechanism of viruses?

My mistake; I was referring to the discussion, collaboration, and
creation, not the spread.

> should we sunset email?

Some say we should, but I am not one of those. My point was to get rid
of the most well established tool (and easiest to use) for these types
of activities.

> > 2) A considerable amount of "script kiddies" originate and grow through IRC?
> 
> And if there were no IRC, they would use AIM, or MSN messenger, or more
> likely, jabber.  What's the difference?  It is popular amongst hackers
> (of any level of morality) because it is open.

What's the difference? IRC is so well established for the type of
activity I am referring to.

> > 3) A wee bit of software piracy occurs?
> 
> And it doesn't on any other protocol?  People who want to pirate will do
> it using whatever tools are available.  Take away one, and others will
> be used.

I'll leave the piracy battle for someone else - I just mentioned it as
a part of the problem.

> > 4) That many organized DoS attacks through PC zombies are initiated through 
> > IRC?
> 
> It wouldn't be any harder to pull this off via netcat.  If it is the
> anonymity an attacker wants, they just use one of the zombies as the
> server.

Sure netcat is an alternative, but which one is easier to use?

> > 5) The anonymity of the whole thing helps to foster all the illegal
> > and malicious activity that occurs?
> 
> How is it any more anonymous than email, or web, or any other
> unauthenticated protocol?

My point was to get rid of the most well established tool (and easiest
to use) for these types of activities. You obviously can't get rid of
them all.

> Please don't tell me you trust the From: header in your email, or believe 
> that all of the IPs
> in your weblogs are directly tied to a person's home PC.

And all these years frig!
 
> > The list goes on and on...
> 
> Yes, but every one of those arguments is horribly flawed.  I am not sure
> if you are just being a troll or what.

I thought I would throw out the idea. If you want to call me a troll,
then so be it, but don't get your panties in a knot over the whole
thing

> > Sorry to offend those that use IRC legitimately (LOL - find something
> > else to chat with your buddies), but why the hell are we not pushing
> > to sunset IRC?
> >
> > Am I narrow minded to say that it would be a much safer place?
> 
> yes, you are being narrow-minded.

Fair enough.

...D

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Why is IRC still around?

[Darren Wolfe]

I have never replied to anything on this list (I read it to keep up to date
on vulnerabilities, but im not really qualified to contribute anything) but
this particular message has peaked my interest.  

1. Agreed, by using flaws in IE they then go on to subvert mirc into
spamming people.
2. They do.
3. A tremendous amount :)
4. This is only because IRC provides the perfect medium in which to control
those zombies (a single message from one person is immediately sent to
everyone in the channel at the same time). If a better medium was available,
they'd use that.

IRC is as close to a real time group conversation as you can get that
doesn't used closed protocols.  It's fast, simple and used by an enormous
number of people - particuarly those who play online games, and for open
source projects (#gentoo on freenode regularly has over 900 people in it).

In answer to your final question - IRC is very useful for quick
conversations in real time with groups of people. Sure there are other
things - usenet, web based forums, email based mailing lists, IM networks
etc but none have that group feeling as much as IRC.

It's problem is twofold - firstly, mirc (the most popular client) has a
number of flaws that make it easy to steal peoples "auth passwords". But
these are not automated! The user must be tricked into typing some commands
to set the exploit in motion.
This is also the second problem - a link may be mentioned in a channel and
people will click on it - from there, if your browser is vulnerable, you can
be hit by any number of trojans.  There was a winamp trojan going about a
few months ago (which I reported and is now fixed - go me :D ) which
involved clicking a link in irc that opened winamp through a file
association that exploited a security flaw that installed a script for mirc
that spammed the same link to everyone in the channel.

Like any other medium, it is a combination of a lack of knowledge by the
users and exploits/vulnerabilities in software, the only difference, is that
on IRC it tends to spread quickly because of its real time nature.
So in conclusion, no, IRC should not be killed off, mirc's scripting
vulnerabilities should be closed in some way, and vulnerabilities in other
software should continue to be discovered and fixed.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Danny
Sent: 19 November 2004 17:40
To: Mailing List - Full-Disclosure
Subject: [Full-Disclosure] Why is IRC still around?

Well, it sure does help the anti-virus (anti-malware) and security
consulting business, but besides that... is it not safe to say that:

1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
2) A considerable amount of "script kiddies" originate and grow through IRC?
3) A wee bit of software piracy occurs?
4) That many organized DoS attacks through PC zombies are initiated through
IRC?
5) The anonymity of the whole thing helps to foster all the illegal and
malicious activity that occurs?
The list goes on and on...

Sorry to offend those that use IRC legitimately (LOL - find something else
to chat with your buddies), but why the hell are we not pushing to sunset
IRC?

What would IT be like today without IRC (or the like)? Am I narrow minded to
say that it would be a much safer place?

...D

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Robert Wesley McGrew]

On Fri, 19 Nov 2004 12:40:26 -0500, Danny <[EMAIL PROTECTED]> wrote:
> Well, it sure does help the anti-virus (anti-malware) and security
> consulting business, but besides that... is it not safe to say that:
> 
> 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?

If you mean botnets that gather on IRC as a control channel, I believe
IRC is used because it's a relatively simple protocol to code to. It'd
be just as easy, arguably easier, to use some other protocol. Check
out steele's writeup on a web based botnet of proxies:

http://lowkeysoft.com/proxy/

The screenshots at least will give you some idea of how effective a
web control channel can be.  Do you plan on coming back in two or
three years to post "Why is HTTP still around?"

> 2) A considerable amount of "script kiddies" originate and grow through IRC?

A lot of us originated and grew through IRC, and I'll give it to you
that it's a good playground for the kiddies to play in, but I don't
really see how any other communication channel would have prevented
this.  Most of the kids of today and tommorow are probably coming up
through web forums and such anyways.  2 years: "Why is phpBB still
around?"

> 3) A wee bit of software piracy occurs?

I'll hand this one to you too, but the actual transfers go from client
to client, not through the IRC servers.  Surely this isn't any more
insidious than meeting up in some other chat protocol or web site to
transfer files from one person to another.  Compare to bittorrent
where public websites can post a torrent, and hundreds of people who
wouldn't have a clue as to how to join an IRC channel can distribute a
file with surprising efficiency, both downloading and uploading
segments to each other in an automated way.

> 4) That many organized DoS attacks through PC zombies are initiated through 
> IRC?

See 1)

> 5) The anonymity of the whole thing helps to foster all the illegal
> and malicious activity that occurs?

If you're not connecting through a proxy/3rd party system in some way,
then your anonymity on IRC is probably not as high as you might think.

> The list goes on and on...
> 
> Sorry to offend those that use IRC legitimately (LOL - find something
> else to chat with your buddies), but why the hell are we not pushing
> to sunset IRC?

Because (assuming that you could somehow stop people from running IRC
servers, which I would love to hear how) in two years we'd have to
sunset another protocol that people used as a anonymous hangout/warez
trading/malware control channel.

> What would IT be like today without IRC (or the like)? Am I narrow
> minded to say that it would be a much safer place?

I don't believe it'd be much safer.  The same things that make IRC a
nice protocol for script kiddies are the same things that make it a
nice simple tool for communication for legitimate purposes.  I believe
that anything that would prove to be as nice of a chat setup for
legitimate users, would be just as convenient for illegitimate
purposes.

-- 
Robert Wesley McGrew
http://cse.msstate.edu/~rwm8/

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Why is IRC still around?

[Bowes, Ronald (EST)]

If you DID manage to take away IRC, they'd find another way to manage their
bots.  Perhaps they'd all migrate their DDoS nets to Battle.net. 


Ron Bowes
Information Protection Centre
Government Of Manitoba

-Original Message-
From: Danny [mailto:[EMAIL PROTECTED] 
Sent: Friday, November 19, 2004 2:53 PM
To: Bowes, Ronald (EST)
Cc: Mailing List - Full-Disclosure
Subject: Re: [Full-Disclosure] Why is IRC still around?

On Fri, 19 Nov 2004 14:47:36 -0600, Bowes, Ronald (EST)
<[EMAIL PROTECTED]> wrote:
> How exactly do you propose to accomplish this?  IRC is an open protocol
and
> there are many open clients and open servers which can run on any port,
and
> run encrypted with SSL.
> 
> So do you intend to scan every computer on the Internet on port 6667, and
> shut down every server found running, the move on to random ports that
> zombies probably use, and start attacking sites that provide open source
> clients that use an open protocol?
> 
> Your suggestion makes no sense, and it's something that's impossible to
> implement.  Why not just make knives illegal?  I mean, they're frequently
> used as a weapon, right?

Yah, you are right. I just needed to rant when I see all these
trojan's written to call home (to an IRC channel) and DoS attacks
coordinated via IRC to control unpatched anti-virus-less Windows PC
zombies.

Next topic...

...D

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Micheal Espinola Jr]

An excellent question.


On Fri, 19 Nov 2004 12:40:26 -0500, Danny <[EMAIL PROTECTED]> wrote:
> Well, it sure does help the anti-virus (anti-malware) and security
> consulting business, but besides that... is it not safe to say that:
> 
> 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
> 2) A considerable amount of "script kiddies" originate and grow through IRC?
> 3) A wee bit of software piracy occurs?
> 4) That many organized DoS attacks through PC zombies are initiated through 
> IRC?
> 5) The anonymity of the whole thing helps to foster all the illegal
> and malicious activity that occurs?
> The list goes on and on...
> 
> Sorry to offend those that use IRC legitimately (LOL - find something
> else to chat with your buddies), but why the hell are we not pushing
> to sunset IRC?
> 
> What would IT be like today without IRC (or the like)? Am I narrow
> minded to say that it would be a much safer place?
> 
> ...D
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
ME2


___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[n3td3v]

I wish it was possible, but it just wouldn't work. The hackers would
move onto the next best chat system, whatever that may be at the time.

For it ever to work, you would need to ban all chat communications and
peer 2 peer on the internet, and thats unlikely to happen, and would
be hard to police.

In the meantime what would you do with the billions of legitimate
users of IRC, IM and P2P?

Tell them to go away as well? I'm anti-malicious hackers, but this
idea just would never work.

Thanks,n3td3v

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Tim]

> 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?

Isn't email the primary spreading mechanism of viruses?  should we
sunset email?

> 2) A considerable amount of "script kiddies" originate and grow through IRC?

And if there were no IRC, they would use AIM, or MSN messenger, or more
likely, jabber.  What's the difference?  It is popular amongst hackers
(of any level of morality) because it is open.

> 3) A wee bit of software piracy occurs?

And it doesn't on any other protocol?  People who want to pirate will do
it using whatever tools are available.  Take away one, and others will
be used.

> 4) That many organized DoS attacks through PC zombies are initiated through 
> IRC?

It wouldn't be any harder to pull this off via netcat.  If it is the
anonymity an attacker wants, they just use one of the zombies as the
server.

> 5) The anonymity of the whole thing helps to foster all the illegal
> and malicious activity that occurs?

How is it any more anonymous than email, or web, or any other
unauthenticated protocol?  Please don't tell me you trust the From:
header in your email, or believe that all of the IPs in your weblogs are
directly tied to a person's home PC.

> The list goes on and on...

Yes, but every one of those arguments is horribly flawed.  I am not sure
if you are just being a troll or what.

> Sorry to offend those that use IRC legitimately (LOL - find something
> else to chat with your buddies), but why the hell are we not pushing
> to sunset IRC?
> 
> Am I narrow minded to say that it would be a much safer place?

yes, you are being narrow-minded.

tim

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Chris Umphress]

> 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?

yes, some do. The three most common forms of viral use of IRC that I see are:

1. Virus/worm/trojan writers have it connect to a server and notify a
channel that it has infected xx.xx.xx.xx. This is an attempt to keep
the virus writer anonymous.
2. mIRC scripts (I'm not going to say more)
3. bot nets which are a form of DoS attack.

> 2) A considerable amount of "script kiddies" originate and grow through IRC?

True, but some of our experts gain some of their knowlege from IRC as
well. It's a two-way street.

> 3) A wee bit of software piracy occurs?

yes, but people also have Kazaa (FastTrack), Nuttella, FTP, warez
sites, and Newsgroups.

> 4) That many organized DoS attacks through PC zombies are initiated through 
> IRC?

This goes back to mIRC scripting. The ones that don't would be able to
check a website/blog/wiki to look for commands.

> 5) The anonymity of the whole thing helps to foster all the illegal
> and malicious activity that occurs?
> The list goes on and on...

Anything on the Internet has a certain level of anonymity that is
available. There are proxies, temporary e-mail accounts, etc.

> Sorry to offend those that use IRC legitimately (LOL - find something
> else to chat with your buddies), but why the hell are we not pushing
> to sunset IRC?
>
> What would IT be like today without IRC (or the like)? Am I narrow
> minded to say that it would be a much safer place?

I'm not offended. IRC has the ability to let you hold a "conference"
with people from all over the world. Or to just have fun. Sure there
are other chatting platforms that could be used, but they aren't as
flexible.
If IRC were to suddenly stop existing, Bulletin boards and Wiki would
become even more popular. Most of them allow the same level of
anonymity that IRC gives to people. Or some poor soul's blog would be
overrun with "comments". Unfortunately, all of the things you have
listed as the downside to IRC would happen anyway.

My 2c worth

-- 
Chris Umphress 

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Andrew Smith]

> 
> Sorry to offend those that use IRC legitimately (LOL - find something
> else to chat with your buddies), but why the hell are we not pushing
> to sunset IRC?
> 

because you can't, i'm not sure what you think IRC is.. but it isn't
one network run by a few geeks. It's thousands of networks accross the
world, open source IRC servers and millions/billions(?) of users. You
can't stop IRC because people do bad things there, this is the
internet.. what do you expect?

-- 
zxy_rbt2

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[vord]

ive never seen so many repetitive and knee-jerk reactions to one
[potentially baseless] post in all my years of watching FD [the
obvious exceptions being the OT political nonsense occurring here,
especially as of late] as witnessed during my reading of this thread.

but moving right along ... :D

my take is that Danny merely suggests burning the security candle at
both ends. it is complete nonsense to approve of ANYTHING simply
because it has some, or even a vast lot, of legitimate users/uses.
some things are just not worth defending or perpetuating, and perhaps
IRC is one of them? [this is his question].

and for the record, "they would move to another resource" is not a
coherent argument against his position [his question, rather]
concerning the elimination of a problem-child medium. perhaps the cost
to society via the spread piracy and virii [more importantly the
altter] isnt worth the measly gain IRC affords its legitimate users?
[well?]

it IS incoherent, however, to argue that IRC (1) is the kiddiots means
of choice for controlling his worms because it is the easiest or most
efficient way to do so, while also contending (2) that an IRC sunset
would not cause the immediate dissappearance of substansial
internet-wide problems. making it harder MAKES IT HARDER and must
therefore to some degree reduce the probability of abuse. therefore
the gain afforded to legitimate users by this medium should be
weighted against the direct affect its eradication would have on REAL
problems -- and, clearly, no one here is qualified to make this
judgement, else they would have offered such proof in immediate
response to the original post as opposed to blabbing incessantly about
incredibly obvious bullshit. the only potentially useful point anyone
has made [not that it wasnt obvious] concerns the difficulty in
removing the medium ... but this is irrelavent, of course, since it is
more likely that the security community would suggest [and perhaps
assist in the developement of] a replacement [most importantly] to the
larger IRC networks.

if shooting people is evil, OBVIOUSLY guns are flawed, but only
insofar as people are capable of abusing them, willing to abuse them,
and effective in their attempts at doing so. so to burn the candle at
both ends you have to fight the spread of trojans and virii by fixing
the holes they exploit and providing detection services, while also
continually analyzing and evolving the structure on which it all
rests. ie, the internet at its core... protocols, etc.

im sure the original ford model-T had plenty of legitimate users who
didnt drive drunk or generally cause mayhem ... i dont see it around
anymore though ... hmm, i wonder if that correlates directly to the
increased safety of automobiles ... hmm hmm, indeed. 

the issue is certainly not at all as cut and dry as most of you have
made it out to be.

--vord
#hackphreak/undernet
invulnerable to the accidents of people and books.

On Fri, 19 Nov 2004 22:08:33 -, Darren Wolfe
<[EMAIL PROTECTED]> wrote:
> I have never replied to anything on this list (I read it to keep up to date
> on vulnerabilities, but im not really qualified to contribute anything) but
> this particular message has peaked my interest.
> 
> 1. Agreed, by using flaws in IE they then go on to subvert mirc into
> spamming people.
> 2. They do.
> 3. A tremendous amount :)
> 4. This is only because IRC provides the perfect medium in which to control
> those zombies (a single message from one person is immediately sent to
> everyone in the channel at the same time). If a better medium was available,
> they'd use that.
> 
> IRC is as close to a real time group conversation as you can get that
> doesn't used closed protocols.  It's fast, simple and used by an enormous
> number of people - particuarly those who play online games, and for open
> source projects (#gentoo on freenode regularly has over 900 people in it).
> 
> In answer to your final question - IRC is very useful for quick
> conversations in real time with groups of people. Sure there are other
> things - usenet, web based forums, email based mailing lists, IM networks
> etc but none have that group feeling as much as IRC.
> 
> It's problem is twofold - firstly, mirc (the most popular client) has a
> number of flaws that make it easy to steal peoples "auth passwords". But
> these are not automated! The user must be tricked into typing some commands
> to set the exploit in motion.
> This is also the second problem - a link may be mentioned in a channel and
> people will click on it - from there, if your browser is vulnerable, you can
> be hit by any number of trojans.  There was a winamp trojan going about a
> few months ago (which I reported and is now fixed - go me :D ) which
> involved clicking a link in irc that opened winamp through a file
> association that exploited a security flaw that installed a script for mirc
> that spammed the same link to everyone in the channel.
> 
> Like any other medium, it is a co

Re: [Full-Disclosure] Why is IRC still around?

[Danny]

On Fri, 19 Nov 2004 17:10:13 -0500, Tim
<[EMAIL PROTECTED]> wrote:
> > My mistake; I was referring to the discussion, collaboration, and
> > creation, not the spread.
> 
> You mentioned DDoS attacks below.  I don't believe that use is a form of
> discussion, collaboration, or creation.
> 
> > Some say we should, but I am not one of those. My point was to get rid
> > of the most well established tool (and easiest to use) for these types
> > of activities.
> 
> Any tool can be used by anyone for good or evil.  If one knows the
> kiddies are all hanging out on IRC, then you can get a lot of good info
> about what their new attacks are by loitering on their channels.
> 
> 
> > What's the difference? IRC is so well established for the type of
> > activity I am referring to.
> 
> As it is established for many productive things.  Ever check out
> freenode?
> 
> 
> > I'll leave the piracy battle for someone else - I just mentioned it as
> > a part of the problem.
> 
> If you aren't prepared to defend it on this list, better not mention it.
> =)
> 
> 
> > Sure netcat is an alternative, but which one is easier to use?
> 
> Um... netcat, or raw tcp sockets.  I would argue it is easier to write
> something that just opens a connection, and listens for commands to come
> back, than something that has to speak IRC.  Speaking IRC has its own
> advantages, but in the absence of it, it is still trivial to manage a
> bot net.
> 
> > I thought I would throw out the idea. If you want to call me a troll,
> > then so be it, but don't get your panties in a knot over the whole
> > thing
> 
> Pardon my harsh reply.  It wasn't personal, and is directed only at your
> reasoning.  It is a similar reasoning that leads to the slippery slope
> toward censorship.

No worries. Case closed. :)

...D

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[dk]

james edwards wrote:
It is not IRC that is the problem, it is the people on IRC that cause
problems.
Guns don't kill people all by by themselves; people kill people.
 

but it's the holes they make that really do 'em in, no?   %-)
--
dk
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Christian Fromme]

Danny <[EMAIL PROTECTED]> wrote:

> What would IT be like today without IRC (or the like)? Am I narrow
> minded to say that it would be a much safer place?

To be honest: Yes, i think it is quite narrow-mindet to say that. 
Sure, there are some "scriptkiddies" and "crackers" who organize
themselves through internet relay chats.

But if you think you proposal right through to the end, you should also
consider abandoning almost every email-software, instant-messenger and the
like. Good luck with that. If you approach the problem this way, why not
cut through your network cable, which is the best way to protect yourself?
 

Best wishes,
Christian

-- 
Christian Fromme

EMail: derfromme at gmx.de
PGP-Pubkey: http://www.informatik.fh-wiesbaden.de/~cfrom001/pgp/index.html

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Harry Hoffman]

The fact that it is an open protocol makes it easy to spot, you don't 
look for specific ports you look for specific behavior (i.e. -> privmsg)

Not that I'm saying this should be done. IRC is used by many ppl in very 
 good ways!

I'm just saying that the two points shouldn't be confused. SSL is a bit 
of a different story.

--Harry
Bowes, Ronald (EST) wrote:
[snip]
So do you intend to scan every computer on the Internet on port 6667, and
shut down every server found running, the move on to random ports that
zombies probably use, and start attacking sites that provide open source
clients that use an open protocol?
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Barrie Dempster]

On Fri, 2004-11-19 at 12:40 -0500, Danny wrote:
> Well, it sure does help the anti-virus (anti-malware) and security
> consulting business, but besides that... is it not safe to say that:
> 
> 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
Not as much as email does. What about that old TCP/IP do you know how
many viruses use that? according to leading antivirus vendors I believe
the official figure is "LOTS"

> 2) A considerable amount of "script kiddies" originate and grow through IRC?
Yep, I've heard they've also migrated to HTTP as well, let's get rid of that.

> 3) A wee bit of software piracy occurs?
Nothing compared to bittorrent and the other p2p networks, it's called
sharing information, if some people want to share illegal information
that's inevitable. (Do you know how many terrorists use phones to
communicate? the figures would scare your family for generations!)

> 4) That many organized DoS attacks through PC zombies are initiated through 
> IRC?
Yeh, so we should take that communication mechanism away as they are
obviously not clever enough to use, MSN,YAHOO,JABBER,ICQ,Email,Web
Forums, BBS, Telephones, VOIP, Roger Wilco, talkd, the unix write
command, windows messaging, snail mail, Pigeons, Cups and string,
Shouting very loud, morse code, hand signals.

> 5) The anonymity of the whole thing helps to foster all the illegal
> and malicious activity that occurs?
It's more anonymous than the other communication mechanisms on the net
is it?

> Sorry to offend those that use IRC legitimately (LOL - find something
> else to chat with your buddies), but why the hell are we not pushing
> to sunset IRC?

Sorry to offend you if I do, but based on your reasons for getting rid of IRC,
we'd have to get rid of alot of communication mechanisms. The reason IRC is
used alot for the things you've described is because it's been around for a
long time and the networks and relations built on IRC have lasted, taking it
away (which is far from possible) would only mean that all the activities
would migrate to other mediums.

Can I ask if you missed the whole shadowcrew incident? they had an IRC channel
but did alot of their stuff on a web forum... Think about it for a second what
good would closing IRC down do to prevent that?

BTW... Most OSS was also built around IRC collaboration, just have a look at
freenode and ask the currently 800+ people in #gentoo, the 700+ people in
#debian or the 300+ that are in #slackware and #fedora.

Now that you've thought it through and you want to take away a massive support
mechanism from all these people, how do you propose we do it? I tried smoking
the same drugs as you and I firmly believe magic monkeys are the solution to our
problems, I'll create a #magicmonkeys IRC channel so we can co-ordinate it.

Disclaimer: If this reply seemed like it was in jest, it may be because
I consider the original message to be a joke


Barrie Dempster (zeedo) - Fortiter et Strenue

  http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]





signature.asc
Description: This is a digitally signed message part

Re: [Full-Disclosure] Why is IRC still around?

[Micheal Espinola Jr]

Is IRC bad?  Yes.
Is SMTP bad?  Yes.

Why?  Because they are simple and basic protocol  implementations
created decades ago.  Not that they aren't efficient and easy, but
they certainly have their shortcomings in terms of security and AAA.

Yes, people can certainly switch to other mediums which will in turn
be subject to abuse and exploits - but at least a more modern medium
will likely have more controls and accountability in place.

Whether or not there is any legitimate use of the IRC, we all know
that it has been a haven for illegal activity and abuse for at least
(2) decades now.

We need to move forward with technology.  Or would you rather be like
Microsoft - and attempt to be backward compatible for all-time - and
continue to use products that have fundamental flaws in them?


On Fri, 19 Nov 2004 12:17:09 -0800, Mister Coffee
<[EMAIL PROTECTED]> wrote:
> Danny wrote:
> > Well, it sure does help the anti-virus (anti-malware) and security
> > consulting business, but besides that... is it not safe to say that:
> >
> > 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
> >
> And?  There are a hell of a lot of "normal" users on IRC too who don't
> wreck havoc.  A lot of spam comes in email.  Does that make email bad?
> 
> > 2) A considerable amount of "script kiddies" originate and grow through IRC?
> >
> And AIM, ICQ, Jabber, web-forums, mailing lists, etc.  IRC is one medium
> amungst many.
> 
> > 3) A wee bit of software piracy occurs?
> >
> Some, perhaps.  But unlike, say BitTorrent or Kazaa, IRC's primary role
> is communication rather than file transfer.  You could make the same
> argument for ANY of the IM clients that support file transfer.
> 
> > 4) That many organized DoS attacks through PC zombies are initiated through 
> > IRC?
> >
> Many do.  Yes.  But many also originate through other media, and, again,
>  it's not the medium's fault that people use it for nefarious purposes.
>  Hitmen get calls on their cell phones.  Should we eliminate cell
> phones to stop the hitmen?
> 
> > 5) The anonymity of the whole thing helps to foster all the illegal
> > and malicious activity that occurs?
> > The list goes on and on...
> > 
> Anonymity is not a bad thing in many, man, respects.  And the list of
> legitimate uses goes on and on as well.
> 
> > Sorry to offend those that use IRC legitimately (LOL - find something
> > else to chat with your buddies), but why the hell are we not pushing
> > to sunset IRC?
> > 
> No offense.  But the arguments aren't especially strong.  We're not
> pushing to sunset the IRC protocol because there are still thousands and
> thousands of -legitimate- users in the world.  Unlike most IM systems,
> the IRC nets are completely independant.  There are some serious
> advantages to that.
> 
> > What would IT be like today without IRC (or the like)? Am I narrow
> > minded to say that it would be a much safer place?
> > 
> Yes?
> 
> IRC is a protocol.  A tool like any other.  Last I looked there were
> still hundreds to thousands of IRC users at any given time who were
> there just to hang out and BS with their friends.   It's still a valid
> "community" if you will, in spite of the nefarious uses other people
> have put it to.
> 
> If you sunset something like IRC, the 3v1L [EMAIL PROTECTED] will just move 
> their
> bots and trojans somewhere else.
> 
> > ...D
> 
> Cheers,
> L4J
> 
> 
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


-- 
ME2


___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Why is IRC still around?

[Keith Pachulski]

been on yahoo lately? or AOL channels or hell how bout gnutella?

-Original Message-
From: Danny [mailto:[EMAIL PROTECTED]
Sent: Friday, November 19, 2004 2:53 PM
To: Keith Pachulski
Cc: Mailing List - Full-Disclosure
Subject: Re: [Full-Disclosure] Why is IRC still around?


On Fri, 19 Nov 2004 14:47:31 -0500, Keith Pachulski <[EMAIL PROTECTED]> wrote:
> how bout because it is entertaining and it is an easy way to communicate with 
> a large group of ppl at once

So that trumps it's infestion of illegal activites?

...D

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Why is IRC still around?

[Keith Pachulski]

how bout because it is entertaining and it is an easy way to communicate with a 
large group of ppl at once

-Original Message-
From: Danny [mailto:[EMAIL PROTECTED]
Sent: Friday, November 19, 2004 12:40 PM
To: Mailing List - Full-Disclosure
Subject: [Full-Disclosure] Why is IRC still around?


Well, it sure does help the anti-virus (anti-malware) and security
consulting business, but besides that... is it not safe to say that:

1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
2) A considerable amount of "script kiddies" originate and grow through IRC?
3) A wee bit of software piracy occurs?
4) That many organized DoS attacks through PC zombies are initiated through IRC?
5) The anonymity of the whole thing helps to foster all the illegal
and malicious activity that occurs?
The list goes on and on...

Sorry to offend those that use IRC legitimately (LOL - find something
else to chat with your buddies), but why the hell are we not pushing
to sunset IRC?

What would IT be like today without IRC (or the like)? Am I narrow
minded to say that it would be a much safer place?

...D

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Why is IRC still around?

[Keith Pachulski]

lets just turn off the internet, that way we can solve the entire problem in on 
final swing =)

wow - i need to stop - my bad day is carrying over hehe

-Original Message-
From: Danny [mailto:[EMAIL PROTECTED]
Sent: Friday, November 19, 2004 2:53 PM
To: Keith Pachulski
Cc: Mailing List - Full-Disclosure
Subject: Re: [Full-Disclosure] Why is IRC still around?


On Fri, 19 Nov 2004 14:47:31 -0500, Keith Pachulski <[EMAIL PROTECTED]> wrote:
> how bout because it is entertaining and it is an easy way to communicate with 
> a large group of ppl at once

So that trumps it's infestion of illegal activites?

...D

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Andrew Smith]

Danny: there's not need to keep replying, this is a mailing list.
Here's what happens:
1) Question posted.
2) Valid replies posted.
3) 30-40 others repeat replies at 2)
4) In come the trolls..
-- 
zxy_rbt2

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Why is IRC still around?

[Richard Stevens]

In the last year or two of subscribing to FD, that is the single most idiotic 
statement I have ever read.
 
 
 
 
 
 
 
 

-Original Message- 
From: [EMAIL PROTECTED] on behalf of Danny 
Sent: Fri 19/11/2004 17:40 
To: Mailing List - Full-Disclosure 
Cc: 
Subject: [Full-Disclosure] Why is IRC still around?



Well, it sure does help the anti-virus (anti-malware) and security
consulting business, but besides that... is it not safe to say that:

1) A hell of a lot of viruses/worms/trojans use IRC to wreck further 
havoc?
2) A considerable amount of "script kiddies" originate and grow through 
IRC?
3) A wee bit of software piracy occurs?
4) That many organized DoS attacks through PC zombies are initiated 
through IRC?
5) The anonymity of the whole thing helps to foster all the illegal
and malicious activity that occurs?
The list goes on and on...

Sorry to offend those that use IRC legitimately (LOL - find something
else to chat with your buddies), but why the hell are we not pushing
to sunset IRC?

What would IT be like today without IRC (or the like)? Am I narrow
minded to say that it would be a much safer place?

...D

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[chris neitzert]

there is some great stuff developed on irc.  have you ever used a 
cvsbot? I just love those check-in privmsg notifications.

chris
==
'when all you have is a nail-gun, every problem looks like a messiah'
Danny wrote:
On Fri, 19 Nov 2004 17:10:13 -0500, Tim
<[EMAIL PROTECTED]> wrote:
My mistake; I was referring to the discussion, collaboration, and
creation, not the spread.
You mentioned DDoS attacks below.  I don't believe that use is a form of
discussion, collaboration, or creation.

Some say we should, but I am not one of those. My point was to get rid
of the most well established tool (and easiest to use) for these types
of activities.
Any tool can be used by anyone for good or evil.  If one knows the
kiddies are all hanging out on IRC, then you can get a lot of good info
about what their new attacks are by loitering on their channels.

What's the difference? IRC is so well established for the type of
activity I am referring to.
As it is established for many productive things.  Ever check out
freenode?

I'll leave the piracy battle for someone else - I just mentioned it as
a part of the problem.
If you aren't prepared to defend it on this list, better not mention it.
=)

Sure netcat is an alternative, but which one is easier to use?
Um... netcat, or raw tcp sockets.  I would argue it is easier to write
something that just opens a connection, and listens for commands to come
back, than something that has to speak IRC.  Speaking IRC has its own
advantages, but in the absence of it, it is still trivial to manage a
bot net.

I thought I would throw out the idea. If you want to call me a troll,
then so be it, but don't get your panties in a knot over the whole
thing
Pardon my harsh reply.  It wasn't personal, and is directed only at your
reasoning.  It is a similar reasoning that leads to the slippery slope
toward censorship.

No worries. Case closed. :)
...D
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Matthew Kent]

On Fri, 2004-11-19 at 17:40, Danny wrote:
> Well, it sure does help the anti-virus (anti-malware) and security
> consulting business, but besides that... is it not safe to say that:
> 
> 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
> 2) A considerable amount of "script kiddies" originate and grow through IRC?
> 3) A wee bit of software piracy occurs?
> 4) That many organized DoS attacks through PC zombies are initiated through 
> IRC?
> 5) The anonymity of the whole thing helps to foster all the illegal
> and malicious activity that occurs?
> The list goes on and on...
> 
> Sorry to offend those that use IRC legitimately (LOL - find something
> else to chat with your buddies), but why the hell are we not pushing
> to sunset IRC?

Who is 'we' and what makes you think anyone cares what you 'sunset'.

> 
> What would IT be like today without IRC (or the like)? Am I narrow
> minded to say that it would be a much safer place?

This has to be a troll. It's just too stupid.

- M

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[bkfsec]

Danny wrote:
Well, it sure does help the anti-virus (anti-malware) and security
consulting business, but besides that... is it not safe to say that:
1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
2) A considerable amount of "script kiddies" originate and grow through IRC?
3) A wee bit of software piracy occurs?
4) That many organized DoS attacks through PC zombies are initiated through IRC?
5) The anonymity of the whole thing helps to foster all the illegal
and malicious activity that occurs?
The list goes on and on...
Sorry to offend those that use IRC legitimately (LOL - find something
else to chat with your buddies), but why the hell are we not pushing
to sunset IRC?
What would IT be like today without IRC (or the like)? Am I narrow
minded to say that it would be a much safer place?
 

I don't think that it would have any impact at all with regard to 
stopping malware and crackers.

Even if the legitimate IRC servers were shut down, it would still be a 
simple matter for them to create their own servers on non-standard 
ports.  Barring their ability to do that, they'll completely move to IM 
or P2P protocols (like WASTE) to carry out their attacks.  They've 
already created the tools to do this and they're actively doing it right 
now.

In fact, in this regard IRC is a godsend with regard to tracking down 
attackers.  It's easier to determine the location of an IRC bot and to 
track unencrypted IRC traffic than it is to track WASTE packets or IM 
connections. 

Protocols (and their implementations) aren't causing the "illegal 
activity" as much as the drive to carry out illegal acts is. 

-Barry

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[stephane nasdrovisky]

Micheal Espinola Jr wrote:
Is SMTP bad?  Yes.
Why?  Because they are simple and basic protocol  implementations
 

Are or were ? smtp supports tls for example (I dropped irc because I 
have very little knowledge about it).

Not that they aren't efficient and easy, but
they certainly have their shortcomings in terms of security and AAA.
 

smtp supports both plaintext (login/password) and tls/certificate 
authentications. Configuration is not a technology issue but a sysadmin 
issue.

We need to move forward with technology.  Or would you rather be like
Microsoft - and attempt to be backward compatible for all-time - and
continue to use products that have fundamental flaws in them?
smtp is backward compatible with fossile like technology (sendmail comes 
to mind as it have a 'good' bugs record) but also 21th century 
technology aware (s/mime, tls).
Much could be said against protocols such as rpc, ftp, telnet, iiop, 
http, ... but some/most of them are also supporting some somewhat new 
technology (encryption, authentication, ...) some of them do not add 
much value when used over the internet (rpc comes to mind) these are 
more lan protocols.
Microsoft don't try to be backward compatible: w2k is not backward 
compatible with nt or dos, even xp sp2 is not backward compatible with 
xp sp1:-)

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Danny]

On Fri, 19 Nov 2004 13:54:30 -0500, bkfsec <[EMAIL PROTECTED]> wrote:
> Danny wrote:
> 
> 
> 
> >Well, it sure does help the anti-virus (anti-malware) and security
> >consulting business, but besides that... is it not safe to say that:
> >
> >1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
> >2) A considerable amount of "script kiddies" originate and grow through IRC?
> >3) A wee bit of software piracy occurs?
> >4) That many organized DoS attacks through PC zombies are initiated through 
> >IRC?
> >5) The anonymity of the whole thing helps to foster all the illegal
> >and malicious activity that occurs?
> >The list goes on and on...
> >
> >Sorry to offend those that use IRC legitimately (LOL - find something
> >else to chat with your buddies), but why the hell are we not pushing
> >to sunset IRC?
> >
> >What would IT be like today without IRC (or the like)? Am I narrow
> >minded to say that it would be a much safer place?
> >
> >
> >
> I don't think that it would have any impact at all with regard to
> stopping malware and crackers.
> 
> Even if the legitimate IRC servers were shut down, it would still be a
> simple matter for them to create their own servers on non-standard
> ports.  Barring their ability to do that, they'll completely move to IM
> or P2P protocols (like WASTE) to carry out their attacks.  They've
> already created the tools to do this and they're actively doing it right
> now.
> 
> In fact, in this regard IRC is a godsend with regard to tracking down
> attackers.  It's easier to determine the location of an IRC bot and to
> track unencrypted IRC traffic than it is to track WASTE packets or IM
> connections.
> 
> Protocols (and their implementations) aren't causing the "illegal
> activity" as much as the drive to carry out illegal acts is.

Fair enough... I just need to be enlightened. Thanks for your time.

...D

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Danny]

On Fri, 19 Nov 2004 14:47:31 -0500, Keith Pachulski <[EMAIL PROTECTED]> wrote:
> how bout because it is entertaining and it is an easy way to communicate with 
> a large group of ppl at once

So that trumps it's infestion of illegal activites?

...D

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Max Valdez]

On Friday 19 November 2004 3:31 pm, Poof wrote:
> Wow, NICE analogy Jeff!
>
> While IRC is here to stay... The future seems more like servers that're
> only hosted through big companies/etc as most datacenters are 'forbidding'
> use of IRC(Ports 6660-6669, 7000) on their network.

As any other service, you can put IRC on any port you want.

Max

-- 
Linux garaged 2.6.9-ac9 #2 SMP Tue Nov 16 17:07:13 CST 2004 i686 Intel(R) 
Pentium(R) 4 CPU 2.80GHz GenuineIntel GNU/Linux
-BEGIN GEEK CODE BLOCK-
Version: 3.12
GS/S d- s: a-29 C++(+++) ULAHI+++ P+ L++>+++ E--- W++ N* o-- K- w O- M-- 
V-- PS+ PE Y-- PGP++ t- 5- X+ R tv++ b+ DI+++ D- G++ e++ h+ r+ z**
--END GEEK CODE BLOCK--
gpg-key: http://garaged.homeip.net/gpg-key.txt

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[TheGesus]

Might as well ask yourself "Why are trolls like me still around?"

Hooked 'em good, monkey. :o)

On Fri, 19 Nov 2004 12:40:26 -0500, Danny <[EMAIL PROTECTED]> wrote:
> Well, it sure does help the anti-virus (anti-malware) and security
> consulting business, but besides that... is it not safe to say that:
> 
> 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
> 2) A considerable amount of "script kiddies" originate and grow through IRC?
> 3) A wee bit of software piracy occurs?
> 4) That many organized DoS attacks through PC zombies are initiated through 
> IRC?
> 5) The anonymity of the whole thing helps to foster all the illegal
> and malicious activity that occurs?
> The list goes on and on...
> 
> Sorry to offend those that use IRC legitimately (LOL - find something
> else to chat with your buddies), but why the hell are we not pushing
> to sunset IRC?
> 
> What would IT be like today without IRC (or the like)? Am I narrow
> minded to say that it would be a much safer place?
> 
> ...D
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[ntx0f]

I think its about time to sunset this discussion, how many people need to
send emails saying the same thing?

- Original Message -
From: "Keith Pachulski" <[EMAIL PROTECTED]>
To: "Danny" <[EMAIL PROTECTED]>; "Mailing List - Full-Disclosure"
<[EMAIL PROTECTED]>
Sent: Friday, November 19, 2004 2:47 PM
Subject: RE: [Full-Disclosure] Why is IRC still around?


> how bout because it is entertaining and it is an easy way to communicate
with a large group of ppl at once
>
> -Original Message-
> From: Danny [mailto:[EMAIL PROTECTED]
> Sent: Friday, November 19, 2004 12:40 PM
> To: Mailing List - Full-Disclosure
> Subject: [Full-Disclosure] Why is IRC still around?
>
>
> Well, it sure does help the anti-virus (anti-malware) and security
> consulting business, but besides that... is it not safe to say that:
>
> 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further
havoc?
> 2) A considerable amount of "script kiddies" originate and grow through
IRC?
> 3) A wee bit of software piracy occurs?
> 4) That many organized DoS attacks through PC zombies are initiated
through IRC?
> 5) The anonymity of the whole thing helps to foster all the illegal
> and malicious activity that occurs?
> The list goes on and on...
>
> Sorry to offend those that use IRC legitimately (LOL - find something
> else to chat with your buddies), but why the hell are we not pushing
> to sunset IRC?
>
> What would IT be like today without IRC (or the like)? Am I narrow
> minded to say that it would be a much safer place?
>
> ...D
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[n3td3v]

On Sat, 20 Nov 2004 09:58:48 -0500, ntx0f <[EMAIL PROTECTED]> wrote:
> I think its about time to sunset this discussion,

Sunsets are nice to watch in the summer months over here.

Thanks,n3td3v
http://www.geocities.com/n3td3v

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Janusz A. Urbanowicz]

On Fri, Nov 19, 2004 at 12:40:26PM -0500, Danny wrote:

> 5) The anonymity of the whole thing helps to foster all the illegal
> and malicious activity that occurs?

You answered yourself. Because such mostly unregulated, seminanonymous
medium is needed. You have problem with unpatched machines? Patch them,
then and do not waste time whining.

And what would we do without bash.org?

Alex
-- 
mors ab alto 
0x46399138


pgpLG8cJJB87E.pgp
Description: PGP signature

Re: [Full-Disclosure] Why is IRC still around?

[Nick FitzGerald]

Danny wrote:

> Well, it sure does help the anti-virus (anti-malware) and security
> consulting business, but besides that... is it not safe to say that:
> 
> 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
> 2) A considerable amount of "script kiddies" originate and grow through IRC?
> 3) A wee bit of software piracy occurs?
> 4) That many organized DoS attacks through PC zombies are initiated through 
> IRC?
> 5) The anonymity of the whole thing helps to foster all the illegal
> and malicious activity that occurs?
> The list goes on and on...
> 
> Sorry to offend those that use IRC legitimately (LOL - find something
> else to chat with your buddies), but why the hell are we not pushing
> to sunset IRC?
> 
> What would IT be like today without IRC (or the like)? Am I narrow
> minded to say that it would be a much safer place?

I daresay the world would not be much different.

The early dedicated DDoS systems had their own inter-agent 
communication channels of varying complexity and sophistication.  I'm 
sure if something easy and convenient such as IRC were not around for 
the skiddie copycats that came along later to usurp, at least one or 
two of said copycats would probably have managed to scrape together 
just enough talent to roll their own simple, lightweight distributed 
messaging system to use as a communication and coordination channel for 
their bot armies and thus we'd have ended up more or less where we are.

Likewise, other methods of more or less "anonymous" intercommunication 
between like-minded skiddies would have evolved had IRC not, as the 
nature of the underlying structure of the Internet is essentially 
anonymous communication (recall that this is a completely unintended, 
and perfectly expected, effect of the purpose of the underlying network 
technology -- it was to be used for a physically closed network, where 
the fact a machine was on the network _meant_ that machine was supposed 
to be there _and_ that its location _AND_ the names and whereabouts of 
the ranking officers responsible for the techies running it would be 
readily available).

Ditto, s/w piracy would have found other largely untraceable online 
outlets such rooted FTP and web servers, compromised SOHO machines with 
fast connections and totally clueless "admins", P2P, etc, etc...

In short, without IRC I'd expect we'd be pretty much exactly where we 
are anyway (save we would have had one less inane question to answer on 
some mailing list).


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Danny]

On Fri, 19 Nov 2004 14:55:12 -0500, Keith Pachulski <[EMAIL PROTECTED]> wrote:
> been on yahoo lately? or AOL channels or hell how bout gnutella?

Do they organize zombies, foster the creation of backdoors, round up
DoS attacks?

Sure, getting rid of the big piracy rings would be nice, but I am
focusing on the malware, zombies, bots, organized DoS attacks, etc.
aspect of IRC.

..D

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[james edwards]

> if shooting people is evil, OBVIOUSLY guns are flawed, but only
> insofar as people are capable of abusing them, willing to abuse them,
> and effective in their attempts at doing so. so to burn the candle at
> both ends you have to fight the spread of trojans and virii by fixing
> the holes they exploit and providing detection services, while also
> continually analyzing and evolving the structure on which it all
> rests. ie, the internet at its core... protocols, etc.


But, just like IRC, a gun has legit uses. I am alive today because 
I was in a situation where it was kill or be killed (I surprized so folks
robbing my house). So,  OBVIOUSLY, guns are not flawed. Your argument,
on the other had, is.

james

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[hutuworm]

IRC is a tool/channel to exchange messages, just like mailing lists,
web forums, instant messengers and etc. If there's no IRC, hackers or
who has the same ideas would also find other channels to found groups,
as you joined the Full-Disclosure mailing list. :P


On Fri, 19 Nov 2004 12:40:26 -0500, Danny <[EMAIL PROTECTED]> wrote:
> Well, it sure does help the anti-virus (anti-malware) and security
> consulting business, but besides that... is it not safe to say that:
> 
> 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
> 2) A considerable amount of "script kiddies" originate and grow through IRC?
> 3) A wee bit of software piracy occurs?
> 4) That many organized DoS attacks through PC zombies are initiated through 
> IRC?
> 5) The anonymity of the whole thing helps to foster all the illegal
> and malicious activity that occurs?
> The list goes on and on...
> 
> Sorry to offend those that use IRC legitimately (LOL - find something
> else to chat with your buddies), but why the hell are we not pushing
> to sunset IRC?
> 
> What would IT be like today without IRC (or the like)? Am I narrow
> minded to say that it would be a much safer place?
> 
> ...D
> 
> ___
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Geo.]

 >What would IT be like today without IRC (or the like)? Am I narrow
 >minded to say that it would be a much safer place?

I can easily show you the flaw in this thinking. Take it to the extreme and
ban everything except http and pop/smtp since that's all 95% of the users on
the net use anyway. If only those two existed would it stop virus or spam?

All that would accomplish is changing the infection and control vectors to
using only those two protocols. Well that and it would pretty much limit the
internet to being a newpaper/postoffice instead of maturing into a more
functional communications medium that drives innovation.

Geo.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Darren Reed]

This has got to be close to the most stupid thread ever on full-disclosure.

I'm not sure if it gets that because the original email was so
incredibly naieve or just narrow minded or just a result of very
shallow thinking.

It's almost dumb enough that you could suggest its premise to some
American Senator, that's in bed with the RIAA/MPAA, as a way of stopping
those who traffic copyrighted material from communicating and tomorrow
you'd see a bill before congree outlawing IRC.

The only way IRC will ever "go away" is when something better comes
along and even then, maybe not.  There are countless IRC chat networks,
aside from the "big X" and a lot of people are quite happy and content
with the status quo and nothing anyone says or does is going to make
them change.

The person who brought it up should be forced to clean toilets
at McDonalds for a year or something equally disgusting.

Darren 

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[vord]

vord <[EMAIL PROTECTED]> wrote:
>> if shooting people is evil, OBVIOUSLY guns are flawed, but only
>> insofar as people are capable of abusing them, willing to abuse them,
>> and effective in their attempts at doing so. so to burn the candle at
>> both ends you have to fight the spread of trojans and virii by fixing
>> the holes they exploit and providing detection services, while also
>> continually analyzing and evolving the structure on which it all
>> rests. ie, the internet at its core... protocols, etc.

On Sat, 20 Nov 2004 18:59:54 -0700, james edwards
<[EMAIL PROTECTED]> wrote:

> But, just like IRC, a gun has legit uses. I am alive today because
> I was in a situation where it was kill or be killed (I surprized so folks
> robbing my house). So,  OBVIOUSLY, guns are not flawed. Your argument,
> on the other had, is.
> 
> james

what? ...

from the perspective of someone with initiative to solve security
problems it should not matter whether or not a legitimate use for
something exists, or whether or not the number of legitimate uses for
something out number the illegitimate. all that matters is whether or
not abuse can occur. the possibility for abuse and certainly the
actuality of abuse are what constitute flaws in a something. both guns
and IRC, by all reasonable measures, are abused and therefore flawed
as well. further, whether these things have any more or any fewer
flaws than anything else is also irrelevant. IRC is abused, it is
flawed, it should be fixed or trashed, and only continually used while
a better alternative is in development.

the irony here is that IRC contributes a great deal to the
malware/virii/trojan/scriptkid problem, which seems to be a rather
large concern on this list and elsewhere, yet very little to nothing
is being done about these problems in relation to IRC specifically --
not by server admins, not by developers, and not by security
professionals -- to my knowledge. and as stated previously, "they
would move to another medium" is an incoherent defense for inaction.
please accept and understand precisely why IRC is the medium of choice
for this kind of activity: because it is easiest to abuse; and if you
don't accept this ... how else do you account for the disproportionate
amount of it taking place on IRC versus all other mediums mentioned in
this thread? anyone?

[flame] and btw james, everyone knows that people have flaws -- there
probably isn't anything more obvious than this fact; but considering
your argument above, i suggest you leave those problems to the
psychologists and start doing your job. [/flame]

--vord
#hackphreak/undernet
invulnerable to the accidents of people and books.
http://www.eleat.org [NSFW]
http://vord.rsc.cx [NSFW]

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Bart . Lansing]

Vord,

Let's extend your logic a bit...

Given your diatribe, one can easily
 make the following assertion and assume your full support:

{It is clear that the internet...being
composed of largely uncontrollable, independent nodes...may easily be subverted
for uses that are counter to the greater good of society.  Therefore,
as alternate means of communications and conducting legitmate business
are in fact available, the internet will be closed until further notice.
 Please feel free to create a new internet which cannot be subverted
or otherwise used in any manner which does not conform to the societal
conventions we have chosen to enforce. }

There is no communications channel which can not be
subverted in some way or another, be it digital, analog, or paper.  Your
arguements/pontifications below, if carried to their logical conclusion,
suggest that it would be approriate to consider doing away with all of
them due to the potential which exists for abuse/misuse.  

How about a little focus on the people who are responsible,
instead...you know, encouraging personal responsibility...that sort of
thing? 

In any society, whether meat-based or bit-based, freedom
does indeed have the side-effect of making it harder to prevent bad people
from doing bad things.  Nonetheless, I'll gladly take the headaches
of dealing with bad people and bad things while enjoying the relative freedoms
I have.


[EMAIL PROTECTED] wrote on 11/20/2004
02:03:00 AM:

> ive never seen so many repetitive and knee-jerk reactions to one
> [potentially baseless] post in all my years of watching FD [the
> obvious exceptions being the OT political nonsense occurring here,
> especially as of late] as witnessed during my reading of this thread.
> 
> but moving right along ... :D
> 
> my take is that Danny merely suggests burning the security candle
at
> both ends. it is complete nonsense to approve of ANYTHING simply
> because it has some, or even a vast lot, of legitimate users/uses.
> some things are just not worth defending or perpetuating, and perhaps
> IRC is one of them? [this is his question].
> 
> and for the record, "they would move to another resource"
is not a
> coherent argument against his position [his question, rather]
> concerning the elimination of a problem-child medium. perhaps the
cost
> to society via the spread piracy and virii [more importantly the
> altter] isnt worth the measly gain IRC affords its legitimate users?
> [well?]
> 
> it IS incoherent, however, to argue that IRC (1) is the kiddiots means
> of choice for controlling his worms because it is the easiest or most
> efficient way to do so, while also contending (2) that an IRC sunset
> would not cause the immediate dissappearance of substansial
> internet-wide problems. making it harder MAKES IT HARDER and must
> therefore to some degree reduce the probability of abuse. therefore
> the gain afforded to legitimate users by this medium should be
> weighted against the direct affect its eradication would have on REAL
> problems -- and, clearly, no one here is qualified to make this
> judgement, else they would have offered such proof in immediate
> response to the original post as opposed to blabbing incessantly about
> incredibly obvious bullshit. the only potentially useful point anyone
> has made [not that it wasnt obvious] concerns the difficulty in
> removing the medium ... but this is irrelavent, of course, since it
is
> more likely that the security community would suggest [and perhaps
> assist in the developement of] a replacement [most importantly] to
the
> larger IRC networks.
> 
> if shooting people is evil, OBVIOUSLY guns are flawed, but only
> insofar as people are capable of abusing them, willing to abuse them,
> and effective in their attempts at doing so. so to burn the candle
at
> both ends you have to fight the spread of trojans and virii by fixing
> the holes they exploit and providing detection services, while also
> continually analyzing and evolving the structure on which it all
> rests. ie, the internet at its core... protocols, etc.
> 
> im sure the original ford model-T had plenty of legitimate users who
> didnt drive drunk or generally cause mayhem ... i dont see it around
> anymore though ... hmm, i wonder if that correlates directly to the
> increased safety of automobiles ... hmm hmm, indeed. 
> 
> the issue is certainly not at all as cut and dry as most of you have
> made it out to be.
> 
> --vord
> #hackphreak/undernet
> invulnerable to the accidents of people and books.
> 
> On Fri, 19 Nov 2004 22:08:33 -, Darren Wolfe
> <[EMAIL PROTECTED]> wrote:
> > I have never replied to anything on this list (I read it to keep
up to date
> > on vulnerabilities, but im not really qualified to contribute
anything) but
> > this particular message has peaked my interest.
> > 
> > 1. Agreed, by using flaws in IE they then go on to subvert mirc
into
> > spamming people.
> > 2. They do.
> > 3. A tremendous amount :)
> > 4. This is only because IRC

Re: [Full-Disclosure] Why is IRC still around?

[n3td3v]

Vord from the in-famous script kiddie channel #hackphreak!! omg, thats
the biggest no credibility lamer channel ever.

Its channels like #hackphreak which give IRC a bad name, the exact
reason this thread started probably!!

Vord, go back to #hackphreak kiddo.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[vord]

bart

the point was obviously wasted on you. firstly, "that it would be
appropriate to consider doing away with all of them [forms of
communication] .." is by no means a logical conclusion to draw from my
premise[s], nor did i ever express or imply such nonsense. however, i
did state rather explicitly that it is NECESSARY to demand their
continued evolution and potential [perhaps eventual] demise as they
become obsolete.

second, each and every form of communication has dispensable flaws in
addition to its inherent and perhaps indispensable ones. where IRC is
concerned, some flaws of the former variety are undeniably major
contributing factors to the rampant malware plague and therefore
worthy of some [more] attention, and [please note] not impossible to
eliminate ... if only people were concerned.

third, personal responsibility is precisely the issue here. placing
all the blame on people who use guns to kill will never solve the
problem of gun-related crime -- the same is true of placing all the
blame for the existence of malware on malware creators, especially
considering how long it has been allowed to flourish -- it is
concordantly irresponsible behavior to continue to do so [fool me
once, twice, three times]. naivety and idealism might make you happy
inside, bart, but they NEVER solve anything.

in conclusion, we should be trying to solve the problem from more than
one angle. trying to convince people not to write worms, waiting until
worms are released and issuing patches/inoculations, and all attempts
at early detection/prevention are certainly noble endeavours. but
history proves that they are not enough. a new angle of attack is
necessary: the potential avenues for abuse should not ONLY be
considered during development, but more importantly after deployment
-- the internet itself [and most technology, i should say] has more or
less been fire and forget [until its abused] ... and this is primarily
why the computer security industry exists [lack of foresight].

i have nothing more to say on the subject, all replies should be
directed off list if you insist upon making one.

btw, the infrastructure simply doesn't exist to move all business off
the internet ... the net is now built-in to the world economy, and has
been for some time; don't be confused about this.

deaf ears, no doubt.

--vord
#hackphreak/undernet
sucka

On Mon, 22 Nov 2004 09:01:31 -0600, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
>  
> Vord, 
>  
> Let's extend your logic a bit... 
>  
> Given your diatribe, one can easily  make the following assertion and assume
> your full support: 
>  
> {It is clear that the internet...being composed of largely uncontrollable,
> independent nodes...may easily be subverted for uses that are counter to the
> greater good of society.  Therefore, as alternate means of communications
> and conducting legitmate business are in fact available, the internet will
> be closed until further notice.  Please feel free to create a new internet
> which cannot be subverted or otherwise used in any manner which does not
> conform to the societal conventions we have chosen to enforce. } 
>  
> There is no communications channel which can not be subverted in some way or
> another, be it digital, analog, or paper.  Your arguements/pontifications
> below, if carried to their logical conclusion, suggest that it would be
> approriate to consider doing away with all of them due to the potential
> which exists for abuse/misuse.   
>  
> How about a little focus on the people who are responsible, instead...you
> know, encouraging personal responsibility...that sort of thing? 
>  
> In any society, whether meat-based or bit-based, freedom does indeed have
> the side-effect of making it harder to prevent bad people from doing bad
> things.  Nonetheless, I'll gladly take the headaches of dealing with bad
> people and bad things while enjoying the relative freedoms I have. 
>  
>  
> [EMAIL PROTECTED] wrote on 11/20/2004 02:03:00 AM:
> 
> 
>  
>  > ive never seen so many repetitive and knee-jerk reactions to one
>  > [potentially baseless] post in all my years of watching FD [the
>  > obvious exceptions being the OT political nonsense occurring here,
>  > especially as of late] as witnessed during my reading of this thread.
>  > 
>  > but moving right along ... :D
>  > 
>  > my take is that Danny merely suggests burning the security candle at
>  > both ends. it is complete nonsense to approve of ANYTHING simply
>  > because it has some, or even a vast lot, of legitimate users/uses.
>  > some things are just not worth defending or perpetuating, and perhaps
>  > IRC is one of them? [this is his question].
>  > 
>  > and for the record, "they would move to another resource" is not a
>  > coherent argument against his position [his question, rather]
>  > concerning the elimination of a problem-child medium. perhaps the cost
>  > to society via the spread piracy and virii [more importantly the
>  > altter] isnt worth the measly

Re: [Full-Disclosure] Why is IRC still around?

[n3td3v]

> --vord
> #hackphreak/undernet
> sucka

Go back to the channel you came from.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[bkfsec]

vord wrote:
and for the record, "they would move to another resource" is not a
coherent argument against his position [his question, rather]
concerning the elimination of a problem-child medium. perhaps the cost
to society via the spread piracy and virii [more importantly the
altter] isnt worth the measly gain IRC affords its legitimate users?
[well?]
 

This would be correct, if the move to a new medium wasn't 0-sum.  
However, it is a 0-sum move because IRC bots have already been 
retrofitted with remote control mechanisms using both IM and P2P 
technologies.  This isn't "hypothetically they'd move to another medium" 
-- this is "they already HAVE moved to other mediums."


it IS incoherent, however, to argue that IRC (1) is the kiddiots means
of choice for controlling his worms because it is the easiest or most
efficient way to do so, while also contending (2) that an IRC sunset
would not cause the immediate dissappearance of substansial
internet-wide problems. making it harder MAKES IT HARDER and must
therefore to some degree reduce the probability of abuse. therefore
the gain afforded to legitimate users by this medium should be
weighted against the direct affect its eradication would have on REAL
problems -- and, clearly, no one here is qualified to make this
judgement, else they would have offered such proof in immediate
response to the original post as opposed to blabbing incessantly about
incredibly obvious bullshit. 

Actually, I was one of the first respondants and I *DID* provide proof 
of this in mentioning the WASTE P2P protocol and IM methods used for 
remote control of said IRCbot networks. 

The existance of these utilities (which are available and somewhat 
documented) reduces the "makes it harder" portion of the equation to 
almost nothing.  Hell, the gaobot infector implemented these as a 
secondary backdoor method quite some time ago.

If you don't consider that to be proof of the point, then I suggest that 
you're a troll and that I shouldn't be here feeding you right now.

the only potentially useful point anyone
has made [not that it wasnt obvious] concerns the difficulty in
removing the medium ... but this is irrelavent, of course, since it is
more likely that the security community would suggest [and perhaps
assist in the developement of] a replacement [most importantly] to the
larger IRC networks.
 

That's not an irrelivent point - any kiddie with a dedicated PC can 
setup their own IRC server.  Replacing the existance of all of the 
current IRC servers won't remove the ability for a cracker to easily 
setup their own.  If the proposal is "negate IRC", then that proposal 
has to have a realistic plan for doing so.

im sure the original ford model-T had plenty of legitimate users who
didnt drive drunk or generally cause mayhem ... i dont see it around
anymore though ... hmm, i wonder if that correlates directly to the
increased safety of automobiles ... hmm hmm, indeed. 
 

No doubt, but there are people out there who choose to drive classic 
automobiles and forego their personal; safety in order to do so.  How 
would you suggest stopping that?

Most people don't use IRC.  Many do.  If that's the point you're trying 
to prove here, you're right - but the point is effectively moot.

the issue is certainly not at all as cut and dry as most of you have
made it out to be.
 

Sure it is.  :)
-Barry
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[vord]

[flame response] firstly, n3td3v is only mad because i happened to ban
him from #hackphreak ... which is incidentally the current home of
former/current "members" of [where to begin?] rhino9, w00w00 ... and
of course, people who're currently employed at CA/ISS/M$/FS/SIDC. the
list goes on. are we script kiddies or do we maybe like to do more
than talk about computers all day? you be the judge. anyway, that has
nothing to do with this list or this discussion and im sure we'd all
benefit from you, and morons like rap1st, keeping their mouths
shut.[/flame response]

at any rate -- thank you Barry for providing some relevant information
and a legitimate, civilized response.

two things on the issue of servers: (1) bandwidth expense and (2) an
anonymity sacrifice [on someones part] would have to occur/be incurred
if they should be forced to setup their own servers. ironically, since
[as you mention] their software has already been fitted to other
mediums, there would be no incentive to setup said servers, unless of
course there are people who don't have such "retro-fitted" software at
their disposal who wish to cause problems, in which case any upgrade
to IRC itself would eliminate the threat coming from people who are
totally lame and have no resources ... would the difference be
negligible? I'm not sure.

but again, i don't care anymore ... no one is concerned ... the end.

btw, i was referring to everyone who drives a car not driving a
model-t ... im sure they'd have kept on doing it for the entire
century had someone not come along and made them change.

--vord
#hackphreak/undernet

On Mon, 22 Nov 2004 19:50:12 +, n3td3v <[EMAIL PROTECTED]> wrote:
> im a crybaby, waa waa. :o(

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Why is IRC still around?

[xtrecate]

An internet zorro.  Just what we need.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of n3td3v
Sent: Monday, November 22, 2004 9:41 AM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Why is IRC still around?

Vord from the in-famous script kiddie channel #hackphreak!! omg, thats
the biggest no credibility lamer channel ever.

Its channels like #hackphreak which give IRC a bad name, the exact
reason this thread started probably!!

Vord, go back to #hackphreak kiddo.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[n3td3v]

On Mon, 22 Nov 2004 17:14:09 -0600, vord <[EMAIL PROTECTED]> wrote:
> [flame response] firstly, n3td3v is only mad because i happened to ban
> him from #hackphreak ... which is incidentally the current home of
> former/current "members" of [where to begin?] rhino9, w00w00 ... and
> of course, people who're currently employed at CA/ISS/M$/FS/SIDC. the
> list goes on. are we script kiddies or do we maybe like to do more
> than talk about computers all day? you be the judge. anyway, that has
> nothing to do with this list or this discussion and im sure we'd all
> benefit from you, and morons like rap1st, keeping their mouths
> shut.[/flame response]

You never *banned* me from anywhere. You banned a host mask I was
using. I'm still on the channel with an open proxy and different
nickname. Remind the others why you banned me, yeah you banned me
because I was making fun of how lame you all are, and how none of you
can answer simple questions, which don't even need a technical
response, a first year uni student could answer.

All you guys do on the channel is talk about pimps and whores and
other *general chat* stuff. Nothing related to security or hacking is
discussed (and if it is, its in very general terms) that would merit
the name *hackphreak*.

You give IRC and real hackers and phreakers a bad name.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Valdis . Kletnieks]

On Tue, 23 Nov 2004 15:12:06 GMT, n3td3v said:

> All you guys do on the channel is talk about pimps and whores and

That's what it looks like if you didn't get a copy of the codebook. :)

> other *general chat* stuff. Nothing related to security or hacking is
> discussed (and if it is, its in very general terms) that would merit
> the name *hackphreak*.

"Steganography" - it's not just for JPGs anymore. :)

(Yes, I know it's not as easy to embed a hidden message into linear ascii
text as you might think, because too often the encoding forces an odd word
choice.  That's why there's so *much* trash-talking, to enable something
resembling a usable subchannel bandwidth.. ;)


pgp0peG46sOdG.pgp
Description: PGP signature

Re: [Full-Disclosure] Why is IRC still around?

[nicolas vigier]

On Fri, 19 Nov 2004, Danny wrote:

> Well, it sure does help the anti-virus (anti-malware) and security
> consulting business, but besides that... is it not safe to say that:
> 
> 1) A hell of a lot of viruses/worms/trojans use IRC to wreck further havoc?
> 2) A considerable amount of "script kiddies" originate and grow through IRC?
> 3) A wee bit of software piracy occurs?
> 4) That many organized DoS attacks through PC zombies are initiated through 
> IRC?
> 5) The anonymity of the whole thing helps to foster all the illegal
> and malicious activity that occurs?
> The list goes on and on...
> 
> Sorry to offend those that use IRC legitimately (LOL - find something
> else to chat with your buddies), but why the hell are we not pushing
> to sunset IRC?

Are you really serious ? Is it a joke ?

This remind me some stupid article I read on nytime :
http://www.nytimes.com/2004/05/06/technology/circuits/06chat.html
(account required, if you don't have one try ptramo/ptramo)

Read it, this is quite funny, they tell us that most of the bad things
on the internet come from IRC. Here are some quotes :
<<
In a room called Prime-Tyme-Movies, users offered free pirated downloads
of "The Passion of the Christ'' and "Kill Bill Vol. 2.''
[...]
And in a far less obtrusive channel, a hacker may well have been
checking his progress of hacking into the computers of unsuspecting
Internet users.
[...]
Yet that pirated copy of Microsoft Office or Norton Utilities that turns
up on a home-burned CD-ROM may well have originated on I.R.C. And the
Internet viruses and "denial of service'' attacks that periodically make
news generally get their start there, too. This week, the network's chat
rooms were abuzz with what seemed like informed chatter about the Sasser
worm, which infected hundreds of thousands of computers over the
weekend.
[...]
There seem to be I.R.C. channels dedicated to every sexual fetish, and
I.R.C. users speculate that terrorists also use the networks to
communicate in relative obscurity.
[...]
Some Internet experts believe that child pornography rings sometimes use
their own private, password-protected I.R.C. servers. Particularly wary
users can try to hide their identity by logging in to I.R.C. servers
only through intermediary computers.
[...]
But perhaps the most disruptive use of I.R.C. is as a haven and
communications medium for those who release viruses or try to disable
Web sites and other Internet servers.
>>

-- 
gpg fp: 8a7e 9719 b38d 97c6 6af0  d345 12a0 3708 2c8c 3c11
http://boklm.mars-attacks.org/

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[Danny]

On Tue, 23 Nov 2004 20:21:45 +0100, nicolas vigier
<[EMAIL PROTECTED]> wrote:
> Are you really serious ? Is it a joke ?

Dude, I am seriously a naive idiot who just wanted to rant about the
people that abuse IRC. Hopefully this was just a momentary brain fart,
otherwise I might be in trouble, eh?

Often there is humour in such circumstances; I had a few laughs in the process. 

Shit! Maybe I will meet my future wife on IRC! I would invite everyone from F-D.

> This remind me some stupid article I read on nytime :
> http://www.nytimes.com/2004/05/06/technology/circuits/06chat.html
> (account required, if you don't have one try ptramo/ptramo)

What a stupid article. The author has it all wrong! IRC is a bed of
roses with Celine Dion playing in the background.

...D

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[vord]

[flame]
n3td3v/malformed,

please think before you speak. ive already explained this to you more
than once. #hackphreak is no longer  associated with a "group" and no
longer intends to be a channel dedicated primarily to matters of
hacking/phreaking technical discussion [we therefore accommodate
"lamers" who "don't know anything" and "give IRC/hackers/phreakers a
bad name" whatever the fuck that means -- suffice it to say, its not
primarily a help channel anymore. we talk to each other about whatever
the fuck we want and answer questions when and if we damn well feel
like it. we do not congregate there for your enjoyment, we do so for
our own. moreover, most of us deal with computers all day long and
don't particularly care to talk about them 24/7.

oh hey, remind us why no one reads your forum even though you spam the
link on this list several times a day. :X

as far as "real hackers" are concerned ... it takes one to know one; i
can see why you're in the dark on this matter. please see my previous
message ... if there are real hackers anywhere its #hackphreak. if you
like, you can send all of your hacking/security related questions
directly to us from now on ... we would be glad to make you look like
an idiot on a regular basis as it would certainly be entertaining. i
will personally see to it that all of your questions are answered in a
timely fashion. [/flame]

stop replying to this on-list.

--v
#hackphreak/undernet
giving irc and real hackers/phreakers a bad name since 1998.

On Tue, 23 Nov 2004 15:12:06 +, n3td3v <[EMAIL PROTECTED]> wrote:
> On Mon, 22 Nov 2004 17:14:09 -0600, vord <[EMAIL PROTECTED]> wrote:
> 
> 
> > [flame response] firstly, n3td3v is only mad because i happened to ban
> > him from #hackphreak ... which is incidentally the current home of
> > former/current "members" of [where to begin?] rhino9, w00w00 ... and
> > of course, people who're currently employed at CA/ISS/M$/FS/SIDC. the
> > list goes on. are we script kiddies or do we maybe like to do more
> > than talk about computers all day? you be the judge. anyway, that has
> > nothing to do with this list or this discussion and im sure we'd all
> > benefit from you, and morons like rap1st, keeping their mouths
> > shut.[/flame response]
> 
> You never *banned* me from anywhere. You banned a host mask I was
> using. I'm still on the channel with an open proxy and different
> nickname. Remind the others why you banned me, yeah you banned me
> because I was making fun of how lame you all are, and how none of you
> can answer simple questions, which don't even need a technical
> response, a first year uni student could answer.
> 
> All you guys do on the channel is talk about pimps and whores and
> other *general chat* stuff. Nothing related to security or hacking is
> discussed (and if it is, its in very general terms) that would merit
> the name *hackphreak*.
> 
> You give IRC and real hackers and phreakers a bad name.

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[nicolas vigier]

On Tue, 23 Nov 2004, Danny wrote:

> 
> What a stupid article. The author has it all wrong! IRC is a bed of
> roses with Celine Dion playing in the background.

IRC is like the streets. You can find bad and good people, but it is
stupid to say that anyone walking in the street or chatting on IRC is a
criminal.

-- 
gpg fp: 8a7e 9719 b38d 97c6 6af0  d345 12a0 3708 2c8c 3c11
http://boklm.mars-attacks.org/

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[n3td3v]

On Tue, 23 Nov 2004 21:56:41 -0600, vord <[EMAIL PROTECTED]> wrote:
> [flame]
> n3td3v/malformed,
> 
> please think before you speak. ive already explained this to you more
> than once. #hackphreak is no longer  associated with a "group" and no
> longer intends to be a channel dedicated primarily to matters of
> hacking/phreaking technical discussion [we therefore accommodate
> "lamers" who "don't know anything" and "give IRC/hackers/phreakers a
> bad name" whatever the fuck that means -- suffice it to say, its not
> primarily a help channel anymore. 

Yeah, you said it. You had to move stance on it being a lamer channel,
because no one with intelligence is on the channel anymore. You make
out as if it was planned. The channel went down hill and you have no
choice but to admit its a lamer channel, full of script kiddies, who
consider themselves "real hackers".


we talk to each other about whatever
> the fuck we want and answer questions when and if we damn well feel
> like it. we do not congregate there for your enjoyment, we do so for
> our own. moreover, most of us deal with computers all day long and
> don't particularly care to talk about them 24/7.

I don't disagree with you on that. Lots of script kiddies are online
24/7. Even some of them work in computers as a job, then come home and
go straight on the computer at home and spend all night on #hackphreak
because they have no friends of social lives.

> 
> oh hey, remind us why no one reads your forum even though you spam the
> link on this list several times a day. :X

Probably because its not a public forum and its not been online for
very long, and probably because I keep deleteing and adding forum
sections alot at the moment.

Its not really ment to be a public forum with loads of authors. Its
really a place for me to post stuff i'm doing and let various vendors
read it. The majority of members are infact vendors from various
e-mails i've sent them on a security issue, and i've welcomed them to
read some posts i've put up on my forum they may be interested in. The
link I post on this list and other sites is for the homepage, not the
forum. You'll notice I don't firectly link to the forum. Its really
the homepage I intend people to read more than the forum, so people
who read my posts on mailing lists and online forums can get a taste
about what I stand for and believe in.

> as far as "real hackers" are concerned ... it takes one to know one; 

Are you calling me a hacker? If so, then you must be a hacker as well,
as it takes a hacker to know a hacker. I'm not a hacker, if you read
my homepage instead of going to the forum, you'll see I work against
hackers, and report them whenever possible to vendors, to stop them
being evil hax0rs.

 if there are real hackers anywhere its #hackphreak. if you
> like, you can send all of your hacking/security related questions
> directly to us from now on ... we would be glad to make you look like
> an idiot on a regular basis as it would certainly be entertaining. i
> will personally see to it that all of your questions are answered in a
> timely fashion.

I think you seriously don't know the difference between script kiddies
and real hackers. hackphreak has no real hackers as you admitted at
the start of this e-mail, the channel is full of lamers, who only do
general chat. The only real thing you do have is real script kiddies,
thats the only *real* thing the channel has. Yes a script kiddie can
be online infront of computers 24/7 and also work in I.T during the
day, thats pretty run-of-the-mill for a script kiddie, unless you are
thinking more of the teenger script kiddie who goes to school and
comes home at night infront of mom and dads computer, which is also a
script kiddie.

Yeah, I would glady come back on the channel and further make a fool
of you, but at the moment its only my bot on it, relaying the
transcript to me outside the channel, for me to read at any casual
time i've got spare time too. If you hadn't noticed the majority of
nicks on the channel are various peoples bots, rather than sados like
you who are *actually* on the channel, thinking youre a real cool guy
being an op. You only have say 20 real people on the channel out of
say 100.

Now whose the real mug, the saddo with no social life op(vord), or the
guy with a bot keeping logs of keywords(n3td3v), to try and to stop
script kiddies hacking the internet? My bot is joined by various other
intelligence agency bots and other security researcher bots. You
decide.

> --v
> #hackphreak/undernet
> giving irc and real hackers/phreakers a bad name since 1998.

I really feel sorry for you if you've been on the channel since 1998,
you must be so proud. No friends, no social life for all those years.
What a great thing. Yet again, the length of time you've been online
or infront of computers does not make you anything less than a script
kiddie.

Real hackers are defined by skill. Not the length of time you've been
online or on a IRC channel. Someon

Re: [Full-Disclosure] Why is IRC still around?

[vord]

this is quite possibly the most ridiculous thing ive ever read.
normally i would respond to it in more detail but i have received
literally dozens of responses from members of this list who either
sympathize with my position or have outright called you an
idiot/lamer. i therefore see no need to defend myself or #hackphreak
publicly when the public does not require it. they already know you're
a moron, i dont need to beat a dead horse by making you look the fool
over and over again.

--vord


On Wed, 24 Nov 2004 22:07:26 +, n3td3v <[EMAIL PROTECTED]> wrote:
> On Tue, 23 Nov 2004 21:56:41 -0600, vord <[EMAIL PROTECTED]> wrote:
> > [flame]
> 
> 
> > n3td3v/malformed,
> >
> > please think before you speak. ive already explained this to you more
> > than once. #hackphreak is no longer  associated with a "group" and no
> > longer intends to be a channel dedicated primarily to matters of
> > hacking/phreaking technical discussion [we therefore accommodate
> > "lamers" who "don't know anything" and "give IRC/hackers/phreakers a
> > bad name" whatever the fuck that means -- suffice it to say, its not
> > primarily a help channel anymore.
> 
> Yeah, you said it. You had to move stance on it being a lamer channel,
> because no one with intelligence is on the channel anymore. You make
> out as if it was planned. The channel went down hill and you have no
> choice but to admit its a lamer channel, full of script kiddies, who
> consider themselves "real hackers".
> 
> 
> we talk to each other about whatever
> > the fuck we want and answer questions when and if we damn well feel
> > like it. we do not congregate there for your enjoyment, we do so for
> > our own. moreover, most of us deal with computers all day long and
> > don't particularly care to talk about them 24/7.
> 
> I don't disagree with you on that. Lots of script kiddies are online
> 24/7. Even some of them work in computers as a job, then come home and
> go straight on the computer at home and spend all night on #hackphreak
> because they have no friends of social lives.
> 
> >
> > oh hey, remind us why no one reads your forum even though you spam the
> > link on this list several times a day. :X
> 
> Probably because its not a public forum and its not been online for
> very long, and probably because I keep deleteing and adding forum
> sections alot at the moment.
> 
> Its not really ment to be a public forum with loads of authors. Its
> really a place for me to post stuff i'm doing and let various vendors
> read it. The majority of members are infact vendors from various
> e-mails i've sent them on a security issue, and i've welcomed them to
> read some posts i've put up on my forum they may be interested in. The
> link I post on this list and other sites is for the homepage, not the
> forum. You'll notice I don't firectly link to the forum. Its really
> the homepage I intend people to read more than the forum, so people
> who read my posts on mailing lists and online forums can get a taste
> about what I stand for and believe in.
> 
> > as far as "real hackers" are concerned ... it takes one to know one;
> 
> Are you calling me a hacker? If so, then you must be a hacker as well,
> as it takes a hacker to know a hacker. I'm not a hacker, if you read
> my homepage instead of going to the forum, you'll see I work against
> hackers, and report them whenever possible to vendors, to stop them
> being evil hax0rs.
> 
>  if there are real hackers anywhere its #hackphreak. if you
> > like, you can send all of your hacking/security related questions
> > directly to us from now on ... we would be glad to make you look like
> > an idiot on a regular basis as it would certainly be entertaining. i
> > will personally see to it that all of your questions are answered in a
> > timely fashion.
> 
> I think you seriously don't know the difference between script kiddies
> and real hackers. hackphreak has no real hackers as you admitted at
> the start of this e-mail, the channel is full of lamers, who only do
> general chat. The only real thing you do have is real script kiddies,
> thats the only *real* thing the channel has. Yes a script kiddie can
> be online infront of computers 24/7 and also work in I.T during the
> day, thats pretty run-of-the-mill for a script kiddie, unless you are
> thinking more of the teenger script kiddie who goes to school and
> comes home at night infront of mom and dads computer, which is also a
> script kiddie.
> 
> Yeah, I would glady come back on the channel and further make a fool
> of you, but at the moment its only my bot on it, relaying the
> transcript to me outside the channel, for me to read at any casual
> time i've got spare time too. If you hadn't noticed the majority of
> nicks on the channel are various peoples bots, rather than sados like
> you who are *actually* on the channel, thinking youre a real cool guy
> being an op. You only have say 20 real people on the channel out of
> say 100.
> 
> Now whose the real mug, the sa

Re: [Full-Disclosure] Why is IRC still around?

[n3td3v]

On Wed, 24 Nov 2004 21:17:24 -0600, vord <[EMAIL PROTECTED]> wrote:
> this is quite possibly the most ridiculous thing ive ever read.
> normally i would respond to it in more detail but i have received
> literally dozens of responses from members of this list who either
> sympathize with my position or have outright called you an
> idiot/lamer. i therefore see no need to defend myself or #hackphreak
> publicly when the public does not require it. they already know you're
> a moron, i dont need to beat a dead horse by making you look the fool
> over and over again.

I'm sure all your script kiddie friends are backing you up, I don't
doubt it for a second. That doesn't mean your right, it just means you
have alot of script kiddie friends with the same views as yourself. It
sounds like you've got the script kiddie support of the FD list. What
an achievement, you must be so proud of yourself, so proud you had to
post it on FD how many private e-mails you get off-list agreeing with
you.

If i'm an idiot lamer, i'd hate to hear what they're calling you.

Thanks,
n3td3v

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[vord]

i didn't get responses from anyone i knew ... i got responses from
people who knew you, get it?

btw, our offer still stands. if you would like to try and substantiate
your claims, feel free to come back and try your hardest.

this is over and never should have begun.
DO NOT REPLY. I WILL NOT RESPOND.

--vord

On Thu, 25 Nov 2004 14:49:50 +, n3td3v <[EMAIL PROTECTED]> wrote:
> On Wed, 24 Nov 2004 21:17:24 -0600, vord <[EMAIL PROTECTED]> wrote:
> 
> 
> > this is quite possibly the most ridiculous thing ive ever read.
> > normally i would respond to it in more detail but i have received
> > literally dozens of responses from members of this list who either
> > sympathize with my position or have outright called you an
> > idiot/lamer. i therefore see no need to defend myself or #hackphreak
> > publicly when the public does not require it. they already know you're
> > a moron, i dont need to beat a dead horse by making you look the fool
> > over and over again.
> 
> I'm sure all your script kiddie friends are backing you up, I don't
> doubt it for a second. That doesn't mean your right, it just means you
> have alot of script kiddie friends with the same views as yourself. It
> sounds like you've got the script kiddie support of the FD list. What
> an achievement, you must be so proud of yourself, so proud you had to
> post it on FD how many private e-mails you get off-list agreeing with
> you.
> 
> If i'm an idiot lamer, i'd hate to hear what they're calling you.
> 
> Thanks,
> n3td3v
> 
> ___
> 
> 
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around?

[n3td3v]

On Thu, 25 Nov 2004 18:34:03 -0600, vord <[EMAIL PROTECTED]> wrote:
> i didn't get responses from anyone i knew ... i got responses from
> people who knew you, get it?
> 
> btw, our offer still stands. if you would like to try and substantiate
> your claims, feel free to come back and try your hardest.
> 
> this is over and never should have begun.
> DO NOT REPLY. I WILL NOT RESPOND.
> 
> --vord

Ok, I won't reply to call you and this e-mail childish.

Too bad, my finger slipped.

Thanks,
n3td3v

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around? (Because anything less would be uncivilized)

[Danny]

Well, fellow F-D'ers, thanks to the vast array of intelligence and
experience found on this list, my rant about abolishing IRC has been
proven to be far from a solution.

Maybe I will throw my suggestion in as "Feature Request" for Internet2. :D

...D

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around? (Because anything less would be uncivilized)

[Andrew Smith]

> Well, fellow F-D'ers, thanks to the vast array of intelligence and
> experience found on this list, my rant about abolishing IRC has been
> proven to be far from a solution.

I..can't tell if it's sarcasm or not, damn those trolls and their mind
poisoning ways.

-- 
zxy_rbt2

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] Why is IRC still around? (Because anything less would be uncivilized)

[Danny]

On Fri, 19 Nov 2004 22:48:46 +, Andrew Smith <[EMAIL PROTECTED]> wrote:
> > Well, fellow F-D'ers, thanks to the vast array of intelligence and
> > experience found on this list, my rant about abolishing IRC has been
> > proven to be far from a solution.
> 
> I..can't tell if it's sarcasm or not, damn those trolls and their mind
> poisoning ways.

I am serious. That concludes this topic.

...D

___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html