BitchX 1.0c19 IRC Client Backdoored 338
JRAC writes "A recent Bugtraq submission has indicated that the popular IRC client, BitchX, contains a backdoor. So far, only certain 1.0c19 files, downloaded from ftp.bitchx.com are reported to contain the malicious code. The BitchX developers have been notified, so hopefully a fix will be issued soon. Looks like irssi wasn't the only one ;)"
The name.... (Score:3, Interesting)
BitchX - "I 0NZ0R J00, B1TCH!"
Most interesting... (Score:5, Interesting)
Sad that the developers didn't notice sooner, and it makes you wonder how many boxes have now additionally been 0wned because of this.
It's Odd (Score:3, Interesting)
From the post, "There is something very strange going on with the FTP server on ftp.bitchx.org. In some cases, it serves up the trojaned version; in others, the original, safe version. It seems to be client / client-behavior based (we're not sure exactly what)."
The post continues, "To add a little more to this; we've confirmed that if you come off of what appears to be a cablemodem/dsl IP you are likely to get a trojan'd copy. If you come off of a more static link, you are likely to get a clean copy."
Very strange.
Re:XSS in Slashcode (Score:4, Interesting)
----- BEGIN BugTraq POST -----
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Uns
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Del
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 31935 invoked from network); 2 Jul 2002 08:55:04 -0000
Message-ID: <20020702085626.305.qmail@web21002.mail.yahoo.c om>
Date: Tue, 2 Jul 2002 01:56:26 -0700 (PDT)
From: gcsb <gcsbnz@yahoo.com>
Subject: XSS in Slashcode
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-UIDL: "[K!!WR\"!nkN"!NSF"!
There is a nasty Cross Site Scripting(XSS) vuln in
Slashcode. This was used a day or so go on
slashdot.org and resulted in most of the site being
taken down for an hour or so. The maintainers of
slashcode have patched the problem in CVS but have not
even mentioned it anywhere that I can find. This
leaves all sites using slash vulnerable to this
exploit.
An example exploit (incomplete) is as follows:
<p > onMouseOver..insert javascript here...>
I am dissapointed that the slachcode maintainers have
silently fixed this on slashdot.org yet made no
mention of the problem elsewhere so that other sites
can patch themselves. No wonder there are so many
"trolls" on slashdot.org...ah well.
If you run a site using slashcode, get the latest CVS.
That is all. Move along.
_______________________________________________
Do You Yahoo!?
Sign up for SBC Yahoo! Dial - First Month Free
http://sbc.yahoo.com
----- END BugTraq POSTING -----
You didn't even reformat the exploit code so that it showed up properly... sheesh.
- Jester
Backdoor. (Score:4, Interesting)
While the vast majority of these "easter eggs" are completely harmless, it's only logical to assume that they present an opportunity for malicous activities. I mean, who among us doesn't have SOME "H4X0R" history? Doesn't it follow that some of that will come out when the opportunity to put in a "gift" presents itself?
Also, this seems to me to be one of the down sides of the Open Source fight. Most of the accomplished hackers that I know are strong advocates of Open Source. It leads me to believe that most of the proponents of Open Source are or were at some time at least a script kiddie with delusions of grandeur.
Nobody I know has the time to actually check every line of code in a 200 Meg build for one or two lines of backdoor code, especially when the application is DESIGNED to make and break connections.
Re:Backdoor. (Score:2, Interesting)
There was another relatively famous piece of software compromised the same way recently as well. Somebody is going through some great lengths to put backdoors in the source of some good OSS. Makes you wonder how much is being missed.
HA HA HA HA HA (Score:1, Interesting)
Security - I'm quite confident that there's no security bugs in Irssi. No buffer overflows, no format bugs (%s%s%s), no remote exploits, nothing.
Modularity - Irssi is highly extensible, you could change almost anything in Irssi with a runtime loadable module. And you can probably change anything you actually need to change with a Perl script.
Open source only? (Score:2, Interesting)
The popular emulator Dos/Windows "Nesticle" comes to mind.
Re:The name.... (Score:3, Interesting)
I'd think any average user could cut and paste that.
* Of course, you shouldn't let them on IRC or any other chat without supervision, but y'all knew that.
Re:The name.... (Score:2, Interesting)
It's difficult to find a name that doesn't have negative connotations in some language spoken around the world, as many product managers have unwittingly discovered [snopes2.com]. Big businesses employ branding agencies to help them find good brand and product names, Open Source advocates can't afford the exhorbitant fees they demand (and then they come up with names like "Opteron", gack).
Regarding "mingetty": in Swiss German (at least in the dialects spoken in the eastern parts of Switzerland) it's understood as "My godfather" if pronounced the right way.