mIRC Home    About    Download    Register    News    Help

Print Thread
#209645 20/02/09 01:37 AM
Joined: Feb 2009
Posts: 1
T
Mostly harmless
OP Offline
Mostly harmless
T
Joined: Feb 2009
Posts: 1
Hi all, at first I do not know it this is a common bug but it's a serious one. I use mIRC for my work and because of that reason I need to be realy sure to who I'm talking to.

Well, bug is as follows: I have a Query opened with an client, the client quits but there is another IRC user that 'steals' the nick of the client who was in my Query. What now is happening is that the 3rd user can come in my Query, and that stays the same because the nick is exactly the same. I am talking in my original Query with someone else with the same name of my Client!

If some user are knowing this, they will take advantage of that.
So thats why this is serious, it can hurt my business.

So please take a look at this, change the Query method from Nick to Ident! it can save a lot of harm in my opinion.

Greetings.

Last edited by TUXrulez; 20/02/09 01:40 AM.
Joined: Dec 2002
Posts: 2,031
R
Hoopy frood
Offline
Hoopy frood
R
Joined: Dec 2002
Posts: 2,031

Use DCC chat instead of query. This isn't a bug nor is it intentional, it just works that way.

/help /dcc chat

Last edited by RoCk; 20/02/09 01:46 AM.
Joined: Oct 2003
Posts: 3,918
A
Hoopy frood
Offline
Hoopy frood
A
Joined: Oct 2003
Posts: 3,918
You should probably not base your "business" around the quality/security of privmsg on IRC. Frankly, attempting to use hypothetical harm to your "business" in order to escalate this report lowers your credibility on the matter. If this really was a business concern for you, you'd realize how trivial this issue really is and solve the problem on your own rather than claim that it can cause "serious" harm. For instance, you can easily script the ON QUIT command to notify you that the user you're querying has left IRC, and queue up a WHOIS should that user message you again:
Code:
on *:QUIT: {
  if ($query($nick)) { 
    hadd -m queries $+(query,$cid,$nick) $true 
    echo $color(info) -e $nick * User has quit IRC. 
  }
}
on *:TEXT:*:?: {
  var %c = $+(query,$cid,$nick) 
  if ($hget(queries,%c)) { hdel queries %c | whois $nick }
}


Your suggest to change the "query method" (whatever that even means) from "nick to ident" would not even be helpful-- an ident can be impersonated just as easily (even easier in fact, since idents need not be unique on the network) as a nickname..

As mentioned, query is really not meant as a guarantee of user integrity, so there's little mIRC should do. mIRC already shows the user's hostname in the title of the window, so you should be looking there. If you need extra you should use a network with services (nickserv) where they cannot privmsg unless they've authenticated, or use DCC CHAT which directly connects you with the user. Using queries and then complaining that someone else might steal a nickname and impersonate them is like sending a plaintext password unencrypted over the wire and then complaining that someone can sniff it.


- argv[0] on EFnet #mIRC
- "Life is a pointer to an integer without a cast"

Link Copied to Clipboard