mIRC Home    About    Download    Register    News    Help

Print Thread
Page 2 of 3 1 2 3
Re: Backdoor bug? Imposters able to post text as y #32471 28/06/03 12:33 AM
Joined: Jan 2003
Posts: 73
R
rogue Offline
Babel fish
Offline
Babel fish
R
Joined: Jan 2003
Posts: 73
Quote:
...And well guess what? That server runs Unreal3.1.5.1-Valek which I happen to be the author of; and I know for a fact that it does NOT do what you described.


lol codemastr... I was scrolling down this thread, waiting for that to happen. wink

Re: Backdoor bug? Imposters able to post text as you. #32472 28/06/03 02:10 AM
Joined: Jun 2003
Posts: 2
B
BleachX Offline OP
Bowl of petunias
OP Offline
Bowl of petunias
B
Joined: Jun 2003
Posts: 2
We actually run UnrealIRCD at usachat.net.
I have scanned my system with 3 different antivirus scanners and already have the latest Norton Antivirus Corporate Edition v8.1 with dat files dated 6/26/03 rev. 18 and I have no virus or trojan according to any of them. It totally blew me away when I saw that and got kicked from the channel with (Stop repeating!) from the actual owner of the server's script. LoL - I'll find out soon enough how those kids did it. Eventually, I'm sure I'll find a raw code that does it. I know it used to be able to be done on EFNet back in the day. Maybe someone just found that exploit on UnrealIRCD. We'll see..

Re: Backdoor bug? Imposters able to post text as you. #32473 28/06/03 02:41 AM
Joined: Jan 2003
Posts: 3,012
KingTomato Offline
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2003
Posts: 3,012
You might try @debug, and when they send you the trigger again to make you do the event, look in the raw window at what you're sending. From there, do a search through your scripts with that text >:D


-KingTomato
Re: Backdoor bug? Imposters able to post text as you. #32474 28/06/03 03:29 AM
Joined: Feb 2003
Posts: 2,669
Raccoon Offline
Hoopy frood
Offline
Hoopy frood
Joined: Feb 2003
Posts: 2,669
I haven't seen you in #dmsetup or #mircfix, so I'm guessing you've ruled out an mIRC script trojan/backdoor. This is what it most likely is.


Well. At least I won lunch.
Good philosophy, see good in bad, I like!
Re: Backdoor bug? Imposters able to post text as you. #32475 28/06/03 05:12 AM
Joined: Jan 2003
Posts: 3,012
KingTomato Offline
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2003
Posts: 3,012
Raccoon can u change ur location to something shorter pls? The left margin is expanded cause of it >:\


-KingTomato
Re: Backdoor bug? Imposters able to post text as you. #32476 28/06/03 05:18 AM
Joined: Apr 2003
Posts: 210
S
saxon Offline
Fjord artisan
Offline
Fjord artisan
S
Joined: Apr 2003
Posts: 210
Your probably right. I remember when I was a newbie to IRC something similair happened to me. My nick name contained an uppercase I . And in the font i was using a number 1 looked exactly like an uppercase I. So under certain fonts nicks like this 'IDIOT' 'ID1OT' would look identical. The same goes for some other letters, like capital I and lowercase L.

Re: Backdoor bug? Imposters able to post text as you. #32477 29/06/03 12:56 AM
Joined: Feb 2003
Posts: 2,669
Raccoon Offline
Hoopy frood
Offline
Hoopy frood
Joined: Feb 2003
Posts: 2,669


Well. At least I won lunch.
Good philosophy, see good in bad, I like!
Re: Backdoor bug? Imposters able to post text as you. #32478 29/06/03 07:56 AM
Joined: Dec 2002
Posts: 2,985
Watchdog Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 2,985
If this issue turns out to be an exploit it might be best to discuss it with the people that code Unreal rather than post the exploit or any details of the exploit here. Alot of business enterprises depend on the inegrity of software and if anyone was to 'give away' any details before the software authors had a chance to patch (if necessary) then such exploits could prove to be extremely damaging.

Having said that, if an exploit exists then it is not necessarily the fault of the authors. Bored/unemployed teenagers have endless hours on hand to use to stuff things up and experiment for the wrong reasons so such events are inevitable.

Remember that it's only really an exploit if it is abused, otherwise it is just harmless code.

Re: Backdoor bug? Imposters able to post text as you. #32479 29/06/03 11:49 AM
Joined: Dec 2002
Posts: 2,962
S
starbucks_mafia Offline
Hoopy frood
Offline
Hoopy frood
S
Joined: Dec 2002
Posts: 2,962
Quote:
Remember that it's only really an exploit if it is abused, otherwise it is just harmless code.

That's a very Microsoft way of looking at things.
"It's not a bug until a few thousand servers get taken off the internet, costing millions of pounds worth of damages. THEN we might create a patch" - Microsoft bugfix motto.


Spelling mistakes, grammatical errors, and stupid comments are intentional.
Re: Backdoor bug? Imposters able to post text as you. #32480 29/06/03 12:22 PM
Joined: Dec 2002
Posts: 2,985
Watchdog Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 2,985
It's an everything way of looking at it. It's no different to a gun not being dangerous unless in the hands of a nutter. I'm not saying that holes shouldn't be patched, you missed the gist of my post completely. If you want to look at software with holes you should be looking at things like Sendmail before knocking Micro$oft.

Re: Backdoor bug? Imposters able to post text as you. #32481 29/06/03 04:01 PM
Joined: Feb 2003
Posts: 2,669
Raccoon Offline
Hoopy frood
Offline
Hoopy frood
Joined: Feb 2003
Posts: 2,669
Considering that Unreal is open source, and we have a guy who (claims) to be THE author (though I don't see him listed under /info or /credits), discussing bugs and exploits in a public forum is a surefire way to get them patched quickly... as anyone with relatively mediocre C skills could write a patch (if only to disable responsible commands).

We cannot be responsible for organizations that don't have an alert and ready response team standing by to handle Server Triage. Companies that don't properly allocate minds where they are needed, at the expense of the CEO's new Mercedes payments, should and will ultimately suffer. (Unfortunately, large companies simply claim inflated losses in order to recover quasi damages in tax write-offs)

- Raccoon


Well. At least I won lunch.
Good philosophy, see good in bad, I like!
Re: Backdoor bug? Imposters able to post text as you. #32482 29/06/03 06:58 PM
Joined: Dec 2002
Posts: 3,138
C
Collective Offline
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 3,138
Quote:
a guy who (claims) to be THE author (though I don't see him listed under /info or /credits)

=-=-=-= Unreal3.2-beta17a =-=-=-=
| Brought to you by the following people:
|
| Head coders:
|
| * Stskeeps <stskeeps@see-below>
| * codemastr <codemastr@see-below>

No way of telling if that's the real codemastr, but his name is there..

Re: Backdoor bug? Imposters able to post text as you. #32483 29/06/03 07:01 PM
Joined: Dec 2002
Posts: 2,809
C
codemastr Offline
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
Yes that is me, and just a minor favor, would you mind editting your post and remove mine (and Stskeeps') email addresses, I already get enough spam as it is.

Re: Backdoor bug? Imposters able to post text as you. #32484 30/06/03 09:31 AM
Joined: Dec 2002
Posts: 2,985
Watchdog Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 2,985
The British had a saying in World War 2:

"Loose lips sink ships"

If people say things in the wrong arena then software patches need to be released ALOT quicker than normally anticipated.

Re: Backdoor bug? Imposters able to post text as you. #32485 30/06/03 03:13 PM
Joined: Dec 2002
Posts: 2,809
C
codemastr Offline
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
As a coder, let me just say I HATE when people decide to discuss an exploit publically rather than contacting me. Reason is, by the time we hear about it we don't hear about it from people who actually know how the exploit works, we hear about it from people who are saying "someone crashed my server!!!" I'm not saying that exploits should be hidden from everyone, just saying that sometimes it's better to notify the right people before you go and tell everyone you know, because while you might have the proper ethics to know exploiting other people's software isn't a good thing, the people you told might not feel the same way.

Re: Backdoor bug? Imposters able to post text as you. #32486 01/07/03 07:12 PM
Joined: May 2003
Posts: 2,265
P
pheonix Offline
Hoopy frood
Offline
Hoopy frood
P
Joined: May 2003
Posts: 2,265
irc.redfuse.org is back up.


new username: tidy_trax
Re: Backdoor bug? Imposters able to post text as you. #32487 02/07/03 04:19 AM
Joined: Dec 2002
Posts: 2,985
Watchdog Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 2,985
because while you might have the proper ethics to know exploiting other people's software isn't a good thing, the people you told might not feel the same way.

I told them that or am I missing something?

Re: Backdoor bug? Imposters able to post text as you. #32488 02/07/03 06:01 AM
Joined: Feb 2003
Posts: 2,669
Raccoon Offline
Hoopy frood
Offline
Hoopy frood
Joined: Feb 2003
Posts: 2,669
he meant it figeratively.

sometimes it's better to notify the right people before [color:red]you go and tell[/color] everyone you know, because while you might have the proper ethics to know exploiting other people's software isn't a good thing, the people [color:red]you told[/color] might not feel the same way.

You could easily replace 'you' with 'they', etc.


Well. At least I won lunch.
Good philosophy, see good in bad, I like!
Re: Backdoor bug? Imposters able to post text as you. #32489 02/07/03 09:02 AM
Joined: Dec 2002
Posts: 2,985
Watchdog Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 2,985
I hope so cos I was supporting him. grin

Re: Backdoor bug? Imposters able to post text as you. #32490 02/07/03 02:17 PM
Joined: Dec 2002
Posts: 2,809
C
codemastr Offline
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
I was doing the "too lazy to actually pick the correct person to respond to so just pick the last guy who said something" (tm) method smile

Page 2 of 3 1 2 3