Linked by Jordan Spencer Cunningham on Mon 14th Jun 2010 23:58 UTC
Bugs & Viruses Recently, the Linux version of UnrealIRCd was discovered to have had a Trojan worm its way into the source code. Even more embarrassing for the developers of Unreal is that the Trojan's been holding open the backdoor in the source code since November of 2009-- not very recently. And, of course, bloggers and press in general are taking the opportunity of another breach in Linux security to point out doomsday devices that don't really exist.
Thread beginning with comment 430249
To view parent comment, click here.
To read all comments associated with this story, please click here.
Aristocracies
Member since:
2010-06-15

What I find more amazing is now you are trying to reframe the argument. This conversation is about irc daemons and the people who would be at risk. If you're running an ircd, chances are you could be at risk. Regardless of how this attack vector occurred, this is still a blow to the most popular ircd for folks running irc networks so far as their perceived reputation.

Regardless of how many people are actually running the daemon itself, there sure as hell are quite a few more people actually using the servers as clients who also would be impacted by this.

Fact is, you still don't know what you're discussing but you've got your panties in a twist now that someone who actually has real experience here has called you on this. Enjoy. Good to know OSNews puts up with you.

Reply Parent Score: 1

lemur2 Member since:
2007-02-17

What I find more amazing is now you are trying to reframe the argument. This conversation is about irc daemons and the people who would be at risk. If you're running an ircd, chances are you could be at risk.


Absolutely. You are ESPECIALLY at risk if you are in the habit of downloading unsigned binary packages and installing them, unchecked in any way, on your system. I couldn't agree more. This applies for ANY OS, and for any type of applictaion, not merely IRC server applications.

Regardless of how this attack vector occurred, this is still a blow to the most popular ircd for folks running irc networks so far as their perceived reputation.


What reputation? They haven't got a reputation worth schmick if they simply ignore the secure distribution methods for Linux applications that are freely available to them, and they simply plonk an unsigned binary package on a server somewhere, and then fail to check it for many months. No-one in their right mind would be using a package such as that, or indeed running their software. That would be utterly crazy, asking for trouble.

Regardless of how many people are actually running the daemon itself, there sure as hell are quite a few more people actually using the servers as clients who also would be impacted by this.


What, we are up to 0.000026% now (ten times as many users who run it in client mode). Whoopee. That really takes it well out of the "obscure" class now ... NOT!!!!

Fact is, you still don't know what you're discussing but you've got your panties in a twist now that someone who actually has real experience here has called you on this. Enjoy. Good to know OSNews puts up with you.


Diddums is going to have another ad hominem potshot at me now? How quaint.

Edited 2010-06-16 06:04 UTC

Reply Parent Score: 2

saynte Member since:
2007-12-10

Sorry, but Aristocracies is absolutely right. He has provided data to back-up the claim that the daemon is popular in its field, and (as he stated) even if the numbers of servers aren't large, the clients would be more considerable (Wikipedia has some estimate of a half-million IRC clients).

He is also correct that you went off on several tangents unrelated to the topic of potential impact of this vulnerability, calling IRC obscure, anyone who installed this incompetent, a few guesses based on total IP space, etc.

Your argument is appears incredibly weak compared to his, you may want to stop discussing this if you can't produce better formed responses that are actually on-topic.

Reply Parent Score: 1