Stories
Slash Boxes
Comments

News for nerds, stuff that matters

Freenode Network Hijacked, Passwords Compromised?

Posted by CmdrTaco on Sun Jun 25, 2006 10:09 AM
from the hope-your-password-wasn't-important dept.
tmandry writes "The world's largest FOSS IRC network, FreeNode, was hijacked (for lack of a better term) by someone who somehow got a hold of the privileges of Robert Levin, AKA lilo, the head honcho of FreeNode and its parent organization, PDPC. To make matters worse, the passwords of many users may have been compromised by someone posing as NickServ, the service that most clients are configured to send a password to upon connecting, while they reconnected to the servers that hadn't been killed. Of course, if someone was able to nab lilo's password, every user password may have been ripe for the taking. The details are still unknown, but these events raise scary questions about the actual security of FreeNode and other organizations like it."

Related Stories

[+] Linux: Rob Levin, lilo of FreeNode, Passes 365 comments
sneak was the first of many to tell us of the death of Rob Levin, known as lilo, the head of FreeNode and of its parent organization, PDPC. A transcript from the channel: ".:17:18:40:. [freenode] -christel(i=christel@freenode/staff/gentoo.christe l)-
[Global Notice] On the 12th September Rob Levin, known to many as Freenode's
lilo, was hit by a car while riding his bike. He suffered head injuries and
passed away in hospital on the 16th. For more information please visit
#freenode-announce
17:19:39==> Topic for #freenode-announce: Together with the PDPC board we are
currently preparing a general announcement, please also feel assured that we will
continue working with PDPC to ensure continuous service on freenode, in line with Rob's
mission."
Richard Hartmann writes, I just wanted to add that we of FreeNode will create a condolence book. All wellwishes can be sent to condolences@freenode.net."
This discussion has been archived. No new comments can be posted.
Display Options Threshold:
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • by Anonymous Coward on Sunday June 25 2006, @10:10AM (#15600546)
    Even if someone hijacked it, who could ever tell the difference?
  • Oh no! (Score:2, Insightful)

    by Rendo (918276) on Sunday June 25 2006, @10:12AM (#15600551)
    Not my fake password I use for insecure places all over the internet! What ever will I do!
  • Password on IRC and you're worried? (Score:5, Insightful)

    by garcia (6573) on Sunday June 25 2006, @10:12AM (#15600554)
    (http://www.lazylightning.org/)
    Ok, seriously, who here uses an important password on Freenode (or any IRC network) for NickServ? I certainly don't. Hell, my Slashdot password is more important than the one I use on IRC and the one I use here isn't even that secure...

    I have no sympathy for someone that has an "at risk" password on IRC.
  • yeah well (Score:5, Insightful)

    by scenestar (828656) on Sunday June 25 2006, @10:13AM (#15600555)
    (http://easyvpshost.com/ | Last Journal: Friday August 26 2005, @06:58PM)
    *Don't auto ident during connect
    *Don't use multiple passwords
    *Change password after someone got ahold of it
    *Realise that it's just a goddamn nickname
    • Re:yeah well by MrShaggy (Score:1) Sunday June 25 2006, @10:37AM
    • Re:yeah well (Score:5, Informative)

      by A.K.A_Magnet (860822) on Sunday June 25 2006, @10:46AM (#15600709)
      (http://www.mithrandir.net/)
      *Don't auto ident during connect
      And if you auto-identify in your perform, do something like : /identify *pass* which is a server-side macro for "PRIVMSG NickServ@<services-fakeserver-hostname> :password".

      The IRC protocol allows to send messages to Nick@server (means "send a message to 'Nick' if and only if he's on 'server'"), so you can do the same with services. Then if the Nickserv nickname is hijacked, it won't matter, because the services "fake server" cannot be hijacked without knowledge of hub configuration (C/N lines) and if ever it happens, IRC admins/opers will notice (that's not something you can't miss).

      So either choose the macro (/identify) or the whole command. Or identify manually :)
      [ Parent ]
      • Re:yeah well by FooAtWFU (Score:2) Sunday June 25 2006, @11:52AM
        • Re:yeah well by A.K.A_Magnet (Score:2) Sunday June 25 2006, @11:59AM
        • Re:yeah well (Score:4, Interesting)

          by sbennett (448295) <spb@gento o . o rg> on Sunday June 25 2006, @03:16PM (#15601711)
          Unfortunately this won't work. The way Hyperion, Freenode's IRCD, is designed, server passwords not used as such get passed directly on to whoever happens to be using the nickname defined in the config as the 'identify service'. In Freenode's case, this just causes a PRIVMSG to be sent from your nick to NickServ, whichever server he happens to be using, with the identify command and password. It's no harder to hijack than a regular /msg. The same goes for the 'raw' nickserv commands, which are similarly translated to PRIVMSG.

          This is compounded by the fact that due to the way Hyperion's server-hide works, it is in theory impossible for normal users to know which server another client is using, so '/msg NickServ@services.' doesn't work either.
          [ Parent ]
    • Re:yeah well by aymanh (Score:1) Sunday June 25 2006, @11:08AM
    • one problem... by verbatim_verbose (Score:3) Sunday June 25 2006, @01:06PM
    • 1 reply beneath your current threshold.
  • ircd's and security (Score:5, Insightful)

    I am more that familiar with ircd and security
    (having run a server network for better than 5 years).

    Rule #1, the admin password is NEVER stored in nickserv.
    anyone who does this deserves whatever it is they get!

    its better to mod the conf file and do a command rehash
    from the cli.
  • You know... (Score:2, Interesting)

    by demongeek (977698) on Sunday June 25 2006, @10:14AM (#15600563)
    There will probably be a wave of two major camps -- those who say "oh this is nothing! Look at what happens to closed-source leakages from banks, etc, ad nauseum!!1"; there will also be a wave of people who say "this is a major break and someone should be shot..." While I understand both camps' thoughts and opinions, I have a single comment: is there really an expectation (whether FOSS or Closed Source) that it should be secure?

    Granted, that person/company is probably relying on the money from ads or what have you so he hopes that things are secure. Really, though, if you don't think the service is secure, go to another one or start your own!
    • Re:You know... by TheoMurpse (Score:2) Monday June 26 2006, @12:15PM
    • 1 reply beneath your current threshold.
  • Explaining the jargon... (Score:4, Funny)

    by kaden (535652) on Sunday June 25 2006, @10:15AM (#15600566)
    FOSS = Free and Open Source Software, in case anyone was wondering...
  • spam (Score:5, Funny)

    by Punto (100573) <puntob AT gmail DOT com> on Sunday June 25 2006, @10:19AM (#15600580)
    (http://anime.com.ar/)
    o noes, If someone got a hold of lilo's password, they could start spamming the users with useless server-wide notices nobody cares about!!1!
    • Re:spam by peterfa (Score:1) Sunday June 25 2006, @11:39AM
    • I was there by SB_SamuraiSam (Score:1) Sunday June 25 2006, @12:08PM
    • Re:spam by rogerramrod (Score:1) Sunday June 25 2006, @03:04PM
      • Re:spam by Earered (Score:1) Sunday June 25 2006, @06:51PM
        • Re:spam by makomk (Score:2) Monday June 26 2006, @04:15AM
          • Re:spam by Earered (Score:1) Monday June 26 2006, @02:52PM
    • Re:spam by Eil (Score:2) Sunday June 25 2006, @10:33PM
    • Re:spam by hixie (Score:2) Sunday June 25 2006, @11:27PM
    • Re:spam by Baloo Ursidae (Score:2) Monday June 26 2006, @12:33AM
    • Re:spam by stonecypher (Score:2) Monday June 26 2006, @02:16AM
    • Re:spam by cortana (Score:2) Monday June 26 2006, @05:55AM
    • 2 replies beneath your current threshold.
  • by kjart (941720) on Sunday June 25 2006, @10:25AM (#15600607)
    Now somebody else will be able to idle as sk8trgrl69!!!!11111one
    • 1 reply beneath your current threshold.
  • You've reached freenode, a service of Peer-Directed Projects Center (PDPC).

    But some "peers" are more "peer" than others, like Mr. Levin.

    Welcome to Animal Farm.

  • by RobotRunAmok (595286) on Sunday June 25 2006, @10:30AM (#15600637)
    D00d...?

    I say we strip the DRM from all passwords! Down With Evil Password IP!!

    Who's with me?

    OK, compromise: Everytime we use your password, we promise to give you credit and link to your blog. Deal?

    Face it, until people start making passwords available for a fair price in all nations everywhere, this kind of piracy will be rampant...
  • by SailorFrag (231277) on Sunday June 25 2006, @10:30AM (#15600638)
    (http://slashdot.org/)
    As an admin on another IRC network, I'm actually quite surprised that the ircd would let someone take the nick nickserv... or at least, if it's permitted to happen, that there isn't some alternate authentication mechanism that guarantees it only goes to a legitimate recipient (i.e. /nickserv or /msg nickserv@services.ircnetwork.net or whatever). Fortunately, my password on there is intentionally weak.

    On the other hand, I understand what it's like to have compromised servers on the IRC network. I wish them the best in their efforts to get things working smoothly again. Tracking down the culprits can be exceedingly hard and time intensive, and reloading rooted servers is never fun.
  • uhh (Score:1, Insightful)

    by joshetc (955226) on Sunday June 25 2006, @10:32AM (#15600644)
    Since when does any administrator have actual access to anyones password? I can see them having the ability to change their password to something else.. but comon. Shouldn't / wouldn't these be encrypted and only accessable remotely?
  • I was there. (Score:5, Interesting)

    by Avillia (871800) on Sunday June 25 2006, @10:33AM (#15600651)
    Mass delinking.
    Mass throttling.
    Mass glining and killing.
    Mass notices of DCC SEND.
    GNAA denying fault.
    Bantown claiming fault.
    The hilarity of not being auto-removed from #wikipedia thanks to a lack of ChanServ.
    Having up to 20 variations of one persons name.
    Lilo being killed off with a hilarious message.
    And the topic wars...

    Good times.
  • Good Riddance (Score:1, Insightful)

    The largest FOSS IRC network stores all its user passwords in plaintext, not a hash against which incoming passwords can be checked? Its superuser could look at any password they wanted?

    It's a good think that firetrap finally collapsed publicly. It should have happened much earlier, before its loss damaged so many people.
  • Most just isnt that important
  • by Anonymous Coward on Sunday June 25 2006, @10:38AM (#15600676)
    Please somebody alert the who-gives-a-shit dept.


    The much more stoid moment that will be used to summarize the gravity of the matter came when our beloved lilo was taken down:
    * lilo has quit (Killed by ratbert (die ))


    Let's all have a moments silence.


    Woah! If someone did manage to gather people's NickServ passwords, it could mean major trouble, for the victims themselves and possibly for FreeNode as well.


    Woah! I fear a deluge of angst-ridden blogs are about to swamp cyberspace.
    /me runs away

  • What questions? (Score:5, Funny)

    by supabeast! (84658) on Sunday June 25 2006, @10:40AM (#15600684)
    "The details are still unknown, but these events raise scary questions about the actual security of FreeNode and other organizations like it."

    I don't think that there have been any questions about the security of anything involving IRC for a long time. Everyone with half a brain knows that IRC is a cesspool of hackers, phreakers, crackers, and script-kiddies just looking to stir up shit.
    • Re:What questions? (Score:4, Informative)

      by LoadWB (592248) * on Sunday June 25 2006, @10:57AM (#15600755)
      (http://df0.info/ | Last Journal: Saturday November 10, @02:11AM)
      Pretty much why I quit IRC a number of years back. Not to be mistaken, IRC has many valuable functions and features -- beyond downloading warez and moviez -- but not for casual chat. If you know the specific channel to go to, you are most likely fine. But for the casual chatter, browse around open channels and you will invariably end up with mass invites, notices, spam, DOS, MSG/CTCP/DCC floods, and my favorite, the mIRC scripts sent via DCC.

      I only used mIRC briefly in my IRC career. It had little to no built-in protection at the time and I went back to AmIRC (Amiga.) Using WildIRC and Kuang11, AmIRC could not be beat. Later scripts for mIRC became much more solid and advanced, and I am sure the program is much better today?

      Brings back some memories, actually. Back around 1997 we used to use a simple ICMP ECHO (ping) packet with a payload of "+++ATH0". Anyone with a modem which did not follow the Hayes specification for the escape sequence (+++ followed by two seconds of "silence") would immediately hang up as the TCP/IP stack sent an ICMP ECHO RESPONSE with the same payload. Was great fun for two or three times.
      [ Parent ]
    • Only the large networks are like that by WilliamSChips (Score:1) Sunday June 25 2006, @08:23PM
  • I'm with the 'who cares' camp (Score:2, Interesting)

    by alex_vegas (891476) on Sunday June 25 2006, @10:43AM (#15600692)
    My freenode password only exists because of channels that strive to keep out spambots, and it's 'password'. If someone is lame enough that they have nothing better to do than impersonate me on freenode, that is in itself punishment for the crime... It might be fun to impersonate twkm and give icy answers to the entire western worlds obscure C questions, but in order to do that one would have to know as much obscure C crap as twkm does...
  • Nothing new here, move along... (Score:3, Insightful)

    by Shoten (260439) on Sunday June 25 2006, @10:43AM (#15600693)
    I don't understand why there would be any greater implications from this event than any other. All kinds of organizations have been compromised; this is far from news, and just another example of why most security experts recommend a "multi-tiered" password scheme for users. A set of passwords, of varying importance...for the most critical things, a longer and stronger password, another middle-level password to use at other sites of lesser importance (like webmail) and a throwaway password for things that don't matter to you so much. Best of all, use unique passwords for the high-importance site, if you use something like Password Safe [schneier.com] for Windows, KeePass [sourceforge.net] for Linux, or Keyring [sourceforge.net] for PalmOS to keep track of them securely.
  • Not Sure (Score:3, Interesting)

    I am not really bothered at the prospect of my freenode nick or password being available to someone else. Mainly as its hardly going to do any lasting damage to me other than potentially being a little annoying. The only problem I see is that someone could theoretically impersonate me and make me look like a bit of a git, but that should be easily remedied over a short amount of time. Plus unless these username / password combinations are posted publicly and no one changes their passwords its unlikely to happen given the number of users... Oh and anyone using an important password with their freenode account probably needs a wakeup call anyway

    It might be a bigger problem if this happened here on slashdot (someone gathering email addresses or similar would have a decent mailing list to sell - with a fairly specific target audience... but then I use a public mail address here anyway so it might actually imporve the quality of spam I get...) and it would be a catastrophe if it would have been a finance related system or similar.

    On the other hand it sounds from the summary and the blog thats linked that the break of a single username / password combo from remote was the root cause of this breach. If I am accurate in my understanding and that is really the case then we need to take a long hard look at how we can change that. You should not be able to compromise a system from remote with a single set of credentials regardless of how non-sensitive (insensitive?) the system is.

    But then I'd like to see more details about what happened, when it happened (if it really happened?) what was exposed (or could have been exposed) during the attack before I take too hard a line either way.
    • Re:Not Sure by tres3 (Score:2) Sunday June 25 2006, @11:33AM
  • Nickserv passwords. (Score:4, Insightful)

    by me22 (984903) on Sunday June 25 2006, @10:59AM (#15600763)

    It says "the passwords of many users may have been compromised by someone posing as NickServ".

    This doesn't mean that someone found a plaintext list of all the passwords. If you want to find out if there even is one, then download the source code for hyperion and look for yourself.

    What it does suggest is that someone /nick'ed to NickServ and consequently could see all the passwords of people joining then they were /msd'ed.

  • by dmd (404) <dmd@3e.oUUUrg minus threevowels> on Sunday June 25 2006, @11:03AM (#15600773)
    (http://www.3e.org/)
    Nobody should be using the same password on ANY two sites. You have no control over what the remote side is doing with your password.

    Use something like http://www.hashapass.com/ [hashapass.com] to generate your passwords instead, and you only have to remember one thing, but your password is different on every site.
  • by Anonymous Coward on Sunday June 25 2006, @11:05AM (#15600779)


    That's what you get with open source software - anyone can easily exploit it. Come on kids! Use software that wasn't done by a pimple-faced basement dweller.

  • "A trusted component is one which can break the security policy."

    A truely secure system should have no trusted components. A Client's faith should never be placed in anyone expect themselves, and even then, only reluctantly. Freenode had a trusted component; namely, Robert Levin's privilages. This should never have been present in the system and was simlpy a disaster waiting to happen.

    If you really want security you've got to accept three things. Trust No One. The Enemy Knows the System. The System Can Be Broken. If you think otherwise, you haven't got security, you've just got a fancy codec.
  • I'm not a big browser of IRC's, but do we honestly still use clear text passwords anywhere? I mean unless IRC is such an old service that it can't make use of any of the dozen some odd technologies that have been standardized on in the past 20 years.. come on!!
  • WTF (Score:4, Insightful)

    by Anonymous Coward on Sunday June 25 2006, @11:11AM (#15600806)
    If this had happened to a Microsoft Server the comments would be off the wall about how this PROVES BEYOND DOUBT THAT WINDOWS REALLY SUCKS. (Bold characters intended to fool moderation drones). The hypocrisy on Slashdot is incredible.

    • Re:WTF by WilliamSChips (Score:1) Sunday June 25 2006, @11:38AM
    • Re:WTF by hyfe (Score:2) Sunday June 25 2006, @12:49PM
      • Re:WTF by Ash-Fox (Score:2) Sunday June 25 2006, @07:07PM
      • 1 reply beneath your current threshold.
    • Re:WTF by Cal Paterson (Score:3) Sunday June 25 2006, @02:37PM
    • Re:WTF by ems2 (Score:1) Sunday June 25 2006, @03:17PM
    • 3 replies beneath your current threshold.
  • IRC4Life!

    Also, back in the day, on Dalnet one could use /quote nickserv identify [passwd] or on most clients just /nickserv identify [passwd]

    I'm not certain if this is done on Freenode, but it helped prevent passwords from being hijacked via situations like this or a simple typo.

  • Uh oh. (Score:5, Funny)

    by SwartKrans (758994) on Sunday June 25 2006, @12:03PM (#15601019)
    (http://www.ambientchill.com/)
    Oh no! Someone stole my Freenode password! Now they can login and have no control over anything!
  • My thoughts.. (Score:4, Insightful)

    People should not use /msg nickserv pass on connect. They should be using scripts that check that nickserv is on a certain server (services.int, services.* etc etc) and its hostname matches.The IRC server should also have *serv juped/qlined so nobody can set their nick to *serv.
    Of course, if someone was able to nab lilo's password, every user password may have been ripe for the taking.
    What im wondering is, WHY THE FUCK ISNT HIS O:LINE IP RESTRICTED? Did he use one password for both the ircd ssh and his operline (if they were the same hacker could add himself a oline or add his ip to his oline..)? Either way, hes a moron.
    The details are still unknown, but these events raise scary questions about the actual security of FreeNode and other organizations like it."
    Not really. If he had his shit setup correctly this would have never happened in the first place.
    • Re:My thoughts.. by The MAZZTer (Score:2) Sunday June 25 2006, @03:41PM
    • Re:My thoughts.. (Score:5, Informative)

      Hi! I used to be freenode staff, and I figured I would comment on this.

      You obviously have no idea how freenode's infrastructure is managed -- the infrastucture isn't a land of ZOMG I BOUGHT SHELLZ FROM SHELLFX.NET garbage. Most of these servers exist solely to host freenode, do not use ssh passwords (instead private keys are used), and do not use the same passwords as lilo's o:line password.

      The fact is that they rooted servers close to freenode servers (i.e., on the same switch); then used ettercap to sniff o:line passwords. This was exacerbated by the fact that o:lines are (NOT masked *@*, but masked ?=levin@*), so basically all that had to be done was use the username levin, and boom you're opered up.

      That is what the issue is, the o:lines are insecure masked. Nothing more.

      HOWEVER, since they were sniffing, it is possible that they may have lifted services passwords as well -- people should probably change them. Then again, how do you know that they still aren't sniffing. Quite simply, nobody except the people behind this know.

      Also, the group freenode is dealing with is known as Bantown, which has a reputation of causing whatever hell they wish wherever they feel like doing so. So no, none of what you said is truly relevant, as this group is a tad more unpleasant than the GNAA is. Infact the GNAA is a bunch of nice guys in comparison to Bantown.
      [ Parent ]
  • by irq (68200) on Sunday June 25 2006, @12:21PM (#15601094)
    lilo, hi, remember me?

    What goes around, comes around.
  • Priceless! (Score:1)

    by thedarb (181754) on Sunday June 25 2006, @12:25PM (#15601115)
    (http://www.pclinuxonline.com/)
    AHAHAHAHA! That's okay, EFNet is use to taking other IRC networks refugees. Welcome back all you little run-aways. I just love anarchy! This is why it's better to war over a nick than to have a NickServ.
  • I'm not sure what algorythm, but I have Anope set up to use MySQL, I'm looking at the anope_ns_core table right now and passwords are stored as a 128-bit hash.
  • Serves them right! (Score:2, Interesting)

    by onthost (928770) on Sunday June 25 2006, @12:32PM (#15601138)
    This is the SECOND time in a month this has happened. Anyone know why? Freenode uses OPEN O:Lines, meaning they can be accessed from any user@host instead of using proper O:Lines specifying the users ident (which is useless since it can be changed) and their hostname (which is harder to spoof/use).
    Also during the whole thing lilo actually asked for donations. My questions is if their servers are donated, where does the money that is donated goto? They don't pay for bandwidth, servers, anything really. Curious really.
    • Dude by /dev/trash (Score:2) Sunday June 25 2006, @01:02PM
    • It goes to lilo (Score:5, Insightful)

      by a16 (783096) on Sunday June 25 2006, @01:03PM (#15601257)
      The money goes 100% to Lilo. *All* of their servers and hardware are donated. I believe they may pay for their web server, but even then, that's $99/month max?

      This is what annoys me most about Lilo's "donation" pledges - he has set up a non-profit organisation with himself as the only paid employee, and receives thousands in donations yearly which all go to him. Oh, and "supplies", which of course are used by the only employee of the organisation. Yet he doesn't make this clear, at all. I believe most people genuinely think they are donating to the network, not the guy who sits there all day running it.

      Lets also not forget his latest project, for us to all pay off his debt and buy him a new trailer to live in. Seriously, I'm not joking [spinhome.org].

      Freenode really, really needs new leadership, fast. Something not controlled by one person, or even if it is, someone competent would be a nice change :)
      [ Parent ]
      • Re:It goes to lilo by ameyer17 (Score:2) Sunday June 25 2006, @02:23PM
      • Re:It goes to lilo by Anonymous Coward (Score:1) Sunday June 25 2006, @03:39PM
      • Re:It goes to lilo (Score:4, Insightful)

        by BoldAndBusted (679561) on Sunday June 25 2006, @07:38PM (#15602757)
        (http://www.boldandbusted.com/)
        On some points, you are probably correct, but on the last one, on "Spinhome", what's the big deal? It's not like he says that the money is going to support the network and then turns around and spends it on his land yacht. That site makes it pretty clear what the money will go towards.

        And, do you think that Freenode would run as well as it does (today excepted) without some guy "who sits there all day running it"? Oh, people don't deserve money, but, yesyesyes buymoreservers/bandwidth? He's being paid for the service he provides. And so far, that's been a decent service.

        Wow, he recieves thousands in donations yearly. Literally *thousands*. Why, he could be... a Thousandaire! What a mogul.
        [ Parent ]
    • Re:Serves them right! by Ilgaz (Score:1) Monday June 26 2006, @05:10AM
    • 1 reply beneath your current threshold.
  • If nickserv used some kind of challenge authentication (it sends you a random challenge, and you hash the password with it), we wouldn't have these problems. Of course, this is irc, and that might be somwehat difficult to implement.
  • I think the Freenode community deserves to see a mention of this on freenode.net, and an explanation of the circumstances that led to it. I understand that compromises happen, but knowing how they happened will put a lot of people at ease, and the act of explaining it will make Freenode appear more professional, because they aren't trying to hide their mistakes.

    In the middle of this, I would like to remind people that Freenode is an awesome service. It is a gigantic network, and a great facilitator of free software efforts.

  • Let me be clear (Score:1)

    by tmandry (710511) <tmandry@gmail . c om> on Sunday June 25 2006, @02:03PM (#15601485)
    The possibility of passwords having been compromised is just that, a possibility. It is speculation based on possible facts. Please don't take it as more than that, though if you went through the ordeal last night then you should probably change your password(s).
  • Having admin privileges exist in-band is asking for trouble really.

    IRC server's should have out of band control.

    We don't even have anyone with OPs in "our" freenode channel.

  • by RotJ (771744) on Sunday June 25 2006, @02:27PM (#15601574)
    (Last Journal: Tuesday September 21 2004, @06:13PM)
    [01:26] -lilo- [Global Notice] Hi all. We just experienced a brief outage between our US and EU hubs....we're investigating. Apologies for the difficulties, and thank you for your patience.
    -
    [01:28] -lilo- [Global Notice] We're told that the service interruption affected EFNet as well....in the absence of further problems, we'll pass you any information we receive on wallops (/mode yournick +w)....thanks!
    -
    [23:44] -ratbert- [Global notice] I am a fat asshole, who loves abuse, die
    -
    [23:44] -ratbert- DCC SEND YOUAREALLJUDENLOL
    -
    [01:07] -lilo- [Global Notice] Hi all. As you may be aware, freenode has experienced a crack attack and we're working on tracking down the details. At this point, we cannot guarantee that more problems will not occur.
  • I swear it was him! (Score:3, Funny)

    by Anonymous Coward on Sunday June 25 2006, @02:35PM (#15601592)
    http://uncyclopedia.org/wiki/Peer [uncyclopedia.org]
    Unfortunately he's still at large.
  • This could have easily been prevented if IRC wasn't being pushed to be what it isn't (namely secure and scalable).
    • Jabber has a built-in authentication method instead of relying on bad, afterthought hacks like NickServ.
    • Jabber has built in multiuser chat management without having to rely on afterthought hacks like ChanServ.
    • Jabber can't netsplit.
    So why is Freenode still stuck in the stone age on this? Better, more reliable IM software exists than IRC these days.
  • by mav[LAG] (31387) on Sunday June 25 2006, @03:40PM (#15601783)
    Everyone in #lisp was polite.
  • Seriously though, is it not the problem that so many FOSS projects rely on FN, a network what relies on a single point of failure to survive?
  • OWNED BY BANTOWN (Score:1, Interesting)

    by Anonymous Coward on Sunday June 25 2006, @06:56PM (#15602588)
    Not a troll, but the culprits were bantown.

    They prolly did some social engineering on lilo or one of his fellow staff members. AGAIN.

    Like the incident a while back when grog from the GNAA tricked him.

    That is kinda scary though, that freenode has fallen into GNAA/Bantown traps several times.

    Seriously, Should we be trusting them with projects and chats if they cant even tell when someone is playing them like a card to get their info?
  • An excercise in free speech (Score:2, Interesting)

    by Legal (643729) on Monday June 26 2006, @12:03AM (#15603568)
    An excerpt from the largely eneventful briefing session on #freenode-moderated tonight about said incident (brackets are mine, intended for illumination):

    HedgeMage: We believe that 25 nickserv passwords were compromised during a limited window, but all concerned individuals are encouraged to change their nickserv passwords just in case.
    HedgeMage: thanks, Astinus
    HedgeMage: We'll open up the floor for questions, one at a time, in a moment. Please keep your question concise, and type it ahead of time so we can move as quickly as is practical.

              [several questions, answers, and no-comments]

    HedgeMage: Since most of these seem to be repeats, we're going to close for now. I'd like to reiterate that we encourage all concerned users to change passwords

              [...]

    Astinus: This room will go -m shortly, so ya'll can chat before we have another session.
    HedgeMage: try not to get blood on the carpet
    Astinus: Or we'll send in the cleaners, with pointy brooms
              Astinus has removed operator privileges to HedgeMage
              Astinus has de-activated the following mode : Moderated
    nunsoup: DCC SEND "startkeylogger" 0 0 0
    QuantumBeep: (o__o)
    J: BACON
    b33fc0d3: O.o
    bureado hugs channel
    enderst: heh
    Naconkantari: ceiling cat is watching you.
    WeblionX: First blood!
    snorkle: !!!!!!LOLDONGS!!!!!VIVA EL CHE!!!!!!LOLDONGS!!!!!
    rooly: spam
    rooly: spam
    rooly: spam
    rooly: spam
    rooly: spam
    jeebusmobile: wewt
    snorkle: !!!!!!LOLDONGS!!!!!VIVA EL CHE!!!!!!LOLDONGS!!!!!
    snorkle: !!!!!!LOLDONGS!!!!!VIVA EL CHE!!!!!!LOLDONGS!!!!!
    Eidolos: omg deluge
    snorkle: !!!!!!LOLDONGS!!!!!VIVA EL CHE!!!!!!LOLDONGS!!!!!
    snorkle: !!!!!!LOLDONGS!!!!!VIVA EL CHE!!!!!!LOLDONGS!!!!!
    DosBubba: 'Grats out to the GNAA for their newly acquired property, irc.vaccus.com #chat . /server -m irc.vaccus.com -j #chat Attacks will continue if you don't join.
    DosBubba: I would like to thank Freenode for taking the time to gather the whole of IRC, it has been our pleasure to take part in such a trolling opportunity.
    DosBubba: Remember: /server -m irc.vaccus.com -j #chat Attacks will continue if you don't join. !startkeygen
    DosBubba: IRC was founded on the principles of trolling, and we thank Freenode from the bottom of our hearts for carrying the fine tradition into the 21st century - hopefully beyond.
    bitplane: wooo
              lilo has activated the following mode : Moderated
              lilo has activated the following mode : Invite Only
    lilo: got to love that
    HedgeMage: so much for that.
    Astinus: some people need to grow up :/

              [and then the channel fell silent again]
  • boten anna (Score:1)

    by MrHali (985004) on Monday June 26 2006, @01:56AM (#15603856)
    after reading this, why does this story remind me of this -> http://video.google.com/videoplay?docid=6880888700 625496919 [google.com]
  • See? Now I'm happy I stopped using freenode. Back then the problem was that it was just consuming too much of my time. However, now after FreeNode's huge failure to protect its users, I actually have a VERY good reason to just stay away from it. By the way, I wonder where ##otw is going to be at now.. :P
  • What the hell is a "news" page for on http://www.freenode.net/ [freenode.net] if you're not going to put, "WARNING: Do not identify with a password on IRC right now!!" on the page. The last news posted is from early May!
  • by av2 (906596) on Monday June 26 2006, @11:36AM (#15606353)
    I'm not sure what IRCd Freenode is using but most networks have what you call q-lined nicknames setup on the servers. NickServ would of course be one of those qlined nicknames. You can't use it unless you are a client connected from a services server, it doesn't allow incoming client connections, only pseudo clients from the services daemon itself. I'm guessing the NickServ hack was made by tricking the other servers thinking it was linking the services daemon.
  • by Apoklypse (853837) <`moc.liamtoh.MAP ... `nogardhceteht'> on Tuesday June 27 2006, @09:17AM (#15612483)
    fuggahs done this? 'fess up! ...
  • Re:Puts MS hat on (Score:2, Funny)

    by rmsmith (930507) on Sunday June 25 2006, @10:35AM (#15600658)
    Nah, man. That's FLOSS*. * Free Libre Open Source Software
    [ Parent ]
  • Re:XMPP (Score:2)

    by Ant P. (974313) <anthony.parsons@manx.net> on Sunday June 25 2006, @12:19PM (#15601084)
    If XMPP had anywhere near the bandwidth efficiency that IRC has, that'd be a good idea.
    [ Parent ]
    • Re:XMPP by rakaur (Score:1) Sunday June 25 2006, @05:24PM
    • 1 reply beneath your current threshold.
  • 10 replies beneath your current threshold.