I am a DALnet Csop. Let me clarify something. No one should ever use /msg to services on dalnet. DALnet has had built into the ircd for about a year now the command /nickserv /chanserv and /memoserv to replace the need for /msg. If these are used as has been advised for along time there will be no problems at all with this. Just a FYI. -----Original Message----- From: Nelson Little <nel74at_private> To: BUGTRAQat_private <BUGTRAQat_private> Date: Thursday, March 25, 1999 7:47 PM Subject: abuse of nickserv >Hi, > >Many people that IRC on Dalnet have scripts which automatically identify >their nicknames via "/msg nickserv identify your_password" This works fine, >however,if you also IRC on Undernet you can run into a problem. Undernet >has no nickserv so if someone on Undenet decides to use the nick "nickserv" >they will be exposed to countless passwords from all the people that >automatically identify themselves. Once the evil user has these passwords >they can jump on Dalnet and steal that person's nick and change the >password. With a bit of brain power, and I won't go into how, they can also >abuse op in any channels that person has op access in. > >Dalnet has been advised and starting on April 15th, you'll need to identify >to NickServ using /msg NickServat_private IDENTIFY instead of just >using /msg NickServ IDENTIFY. > >All the other IRC networks that I tested have a nickserv bot which halts >the abuse mentioned above. > >Regards >Nelson >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:40:09 PDT