Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Permalink for comment 430269
To read all comments associated with this story, please click here.
Member since:

What I find more amazing is now you are trying to reframe the argument. This conversation is about irc daemons and the people who would be at risk. If you're running an ircd, chances are you could be at risk.

Absolutely. You are ESPECIALLY at risk if you are in the habit of downloading unsigned binary packages and installing them, unchecked in any way, on your system. I couldn't agree more. This applies for ANY OS, and for any type of applictaion, not merely IRC server applications.

Regardless of how this attack vector occurred, this is still a blow to the most popular ircd for folks running irc networks so far as their perceived reputation.

What reputation? They haven't got a reputation worth schmick if they simply ignore the secure distribution methods for Linux applications that are freely available to them, and they simply plonk an unsigned binary package on a server somewhere, and then fail to check it for many months. No-one in their right mind would be using a package such as that, or indeed running their software. That would be utterly crazy, asking for trouble.

Regardless of how many people are actually running the daemon itself, there sure as hell are quite a few more people actually using the servers as clients who also would be impacted by this.

What, we are up to 0.000026% now (ten times as many users who run it in client mode). Whoopee. That really takes it well out of the "obscure" class now ... NOT!!!!

Fact is, you still don't know what you're discussing but you've got your panties in a twist now that someone who actually has real experience here has called you on this. Enjoy. Good to know OSNews puts up with you.

Diddums is going to have another ad hominem potshot at me now? How quaint.

Edited 2010-06-16 06:04 UTC

Reply Parent Score: 2