mIRC Home    About    Download    Register    News    Help

Print Thread
Page 2 of 3 1 2 3
Joined: Jan 2003
Posts: 73
R
Babel fish
Offline
Babel fish
R
Joined: Jan 2003
Posts: 73
Quote:
...And well guess what? That server runs Unreal3.1.5.1-Valek which I happen to be the author of; and I know for a fact that it does NOT do what you described.


lol codemastr... I was scrolling down this thread, waiting for that to happen. wink

Joined: Jun 2003
Posts: 2
B
BleachX Offline OP
Bowl of petunias
OP Offline
Bowl of petunias
B
Joined: Jun 2003
Posts: 2
We actually run UnrealIRCD at usachat.net.
I have scanned my system with 3 different antivirus scanners and already have the latest Norton Antivirus Corporate Edition v8.1 with dat files dated 6/26/03 rev. 18 and I have no virus or trojan according to any of them. It totally blew me away when I saw that and got kicked from the channel with (Stop repeating!) from the actual owner of the server's script. LoL - I'll find out soon enough how those kids did it. Eventually, I'm sure I'll find a raw code that does it. I know it used to be able to be done on EFNet back in the day. Maybe someone just found that exploit on UnrealIRCD. We'll see..

Joined: Jan 2003
Posts: 3,012
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2003
Posts: 3,012
You might try @debug, and when they send you the trigger again to make you do the event, look in the raw window at what you're sending. From there, do a search through your scripts with that text >:D


-KingTomato
Joined: Feb 2003
Posts: 2,812
Hoopy frood
Offline
Hoopy frood
Joined: Feb 2003
Posts: 2,812
I haven't seen you in #dmsetup or #mircfix, so I'm guessing you've ruled out an mIRC script trojan/backdoor. This is what it most likely is.


Well. At least I won lunch.
Good philosophy, see good in bad, I like!
Joined: Jan 2003
Posts: 3,012
Hoopy frood
Offline
Hoopy frood
Joined: Jan 2003
Posts: 3,012
Raccoon can u change ur location to something shorter pls? The left margin is expanded cause of it >:\


-KingTomato
Joined: Apr 2003
Posts: 210
S
Fjord artisan
Offline
Fjord artisan
S
Joined: Apr 2003
Posts: 210
Your probably right. I remember when I was a newbie to IRC something similair happened to me. My nick name contained an uppercase I . And in the font i was using a number 1 looked exactly like an uppercase I. So under certain fonts nicks like this 'IDIOT' 'ID1OT' would look identical. The same goes for some other letters, like capital I and lowercase L.

Joined: Feb 2003
Posts: 2,812
Hoopy frood
Offline
Hoopy frood
Joined: Feb 2003
Posts: 2,812


Well. At least I won lunch.
Good philosophy, see good in bad, I like!
Joined: Dec 2002
Posts: 2,985
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 2,985
If this issue turns out to be an exploit it might be best to discuss it with the people that code Unreal rather than post the exploit or any details of the exploit here. Alot of business enterprises depend on the inegrity of software and if anyone was to 'give away' any details before the software authors had a chance to patch (if necessary) then such exploits could prove to be extremely damaging.

Having said that, if an exploit exists then it is not necessarily the fault of the authors. Bored/unemployed teenagers have endless hours on hand to use to stuff things up and experiment for the wrong reasons so such events are inevitable.

Remember that it's only really an exploit if it is abused, otherwise it is just harmless code.

Joined: Dec 2002
Posts: 2,962
S
Hoopy frood
Offline
Hoopy frood
S
Joined: Dec 2002
Posts: 2,962
Quote:
Remember that it's only really an exploit if it is abused, otherwise it is just harmless code.

That's a very Microsoft way of looking at things.
"It's not a bug until a few thousand servers get taken off the internet, costing millions of pounds worth of damages. THEN we might create a patch" - Microsoft bugfix motto.


Spelling mistakes, grammatical errors, and stupid comments are intentional.
Joined: Dec 2002
Posts: 2,985
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 2,985
It's an everything way of looking at it. It's no different to a gun not being dangerous unless in the hands of a nutter. I'm not saying that holes shouldn't be patched, you missed the gist of my post completely. If you want to look at software with holes you should be looking at things like Sendmail before knocking Micro$oft.

Joined: Feb 2003
Posts: 2,812
Hoopy frood
Offline
Hoopy frood
Joined: Feb 2003
Posts: 2,812
Considering that Unreal is open source, and we have a guy who (claims) to be THE author (though I don't see him listed under /info or /credits), discussing bugs and exploits in a public forum is a surefire way to get them patched quickly... as anyone with relatively mediocre C skills could write a patch (if only to disable responsible commands).

We cannot be responsible for organizations that don't have an alert and ready response team standing by to handle Server Triage. Companies that don't properly allocate minds where they are needed, at the expense of the CEO's new Mercedes payments, should and will ultimately suffer. (Unfortunately, large companies simply claim inflated losses in order to recover quasi damages in tax write-offs)

- Raccoon


Well. At least I won lunch.
Good philosophy, see good in bad, I like!
Joined: Dec 2002
Posts: 3,138
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 3,138
Quote:
a guy who (claims) to be THE author (though I don't see him listed under /info or /credits)

=-=-=-= Unreal3.2-beta17a =-=-=-=
| Brought to you by the following people:
|
| Head coders:
|
| * Stskeeps <stskeeps@see-below>
| * codemastr <codemastr@see-below>

No way of telling if that's the real codemastr, but his name is there..

Joined: Dec 2002
Posts: 2,809
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
Yes that is me, and just a minor favor, would you mind editting your post and remove mine (and Stskeeps') email addresses, I already get enough spam as it is.

Joined: Dec 2002
Posts: 2,985
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 2,985
The British had a saying in World War 2:

"Loose lips sink ships"

If people say things in the wrong arena then software patches need to be released ALOT quicker than normally anticipated.

Joined: Dec 2002
Posts: 2,809
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
As a coder, let me just say I HATE when people decide to discuss an exploit publically rather than contacting me. Reason is, by the time we hear about it we don't hear about it from people who actually know how the exploit works, we hear about it from people who are saying "someone crashed my server!!!" I'm not saying that exploits should be hidden from everyone, just saying that sometimes it's better to notify the right people before you go and tell everyone you know, because while you might have the proper ethics to know exploiting other people's software isn't a good thing, the people you told might not feel the same way.

Joined: May 2003
Posts: 2,265
P
Hoopy frood
Offline
Hoopy frood
P
Joined: May 2003
Posts: 2,265
irc.redfuse.org is back up.


new username: tidy_trax
Joined: Dec 2002
Posts: 2,985
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 2,985
because while you might have the proper ethics to know exploiting other people's software isn't a good thing, the people you told might not feel the same way.

I told them that or am I missing something?

Joined: Feb 2003
Posts: 2,812
Hoopy frood
Offline
Hoopy frood
Joined: Feb 2003
Posts: 2,812
he meant it figeratively.

sometimes it's better to notify the right people before [color:red]you go and tell[/color] everyone you know, because while you might have the proper ethics to know exploiting other people's software isn't a good thing, the people [color:red]you told[/color] might not feel the same way.

You could easily replace 'you' with 'they', etc.


Well. At least I won lunch.
Good philosophy, see good in bad, I like!
Joined: Dec 2002
Posts: 2,985
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 2,985
I hope so cos I was supporting him. grin

Joined: Dec 2002
Posts: 2,809
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Dec 2002
Posts: 2,809
I was doing the "too lazy to actually pick the correct person to respond to so just pick the last guy who said something" (tm) method smile

Page 2 of 3 1 2 3

Link Copied to Clipboard