Posts Tagged ‘irc’

How exploits effect everyone.


02 Feb

Tags: , , , ,
Posted in Rambles, Rants | No Comments »

As you may or may not know, I help run a few IRC Networks, and reading up on exploits and other security problems is a must.  Part of security is obscurity, i.e. how much can we hide the exploits so people don’t know about them, so they can’t use them, and the other part is openness.

The open source community usually responds very quickly to reports of exploits and fixes them. For instance, Joomla will not publicly announce that there is an exploit until they have fixed it, allowing webmasters a chance to patch them. This allows them to patch their sites before the exploit is known. While this works for most sites, the problem comes from what is know as a ZeroDay Exploit. In the Zero-Day case, the exploits are being used do not have a patch out there for them, and usually can be very dangerous to system administrators. They can range from sql injections to crashes to taking over a computer. Zero-Day’s suck.

Now, Background on the Firefox incident:

Firefox blocks some  nonstandard ports from being used to send commands to.  One of the ports that isn’t blocked by java script in Firefox is 6667.  6667 is the default IRC connection port.  With some java script code, attackers are able to get users to flood different IRC servers just by visiting a website.   The browser then floods the IRCD (IRC Server) with either random data, or a spam message.   Feel free to read about this more here.

I think that this type of attack is just the start, and until the Firefox and Open-Source community actually fix this type of exploit it will be used in more dangerous and evil ways.  While I do understand that sometimes a non-standard port has to be used,  for example Direct-Admin (Web interface configurator) might use port 1111, which would look like http://website.com:1111 .  I think a simple fix for this, is that any type of connection to a nonstandard HTTP port (80, 443) should have an opt in or prompt alerting that it could be used for abuse and that something including fishing could be up.

While every product will likely have some exploits and bugs with them, I do have to say that I have been very impressed with the Open-Source companies about how fast and accurately they actually fix bugs.

Adobe (Closed Source) for example, operates on a longer time frame to fix issues.  This example shows them being aware of an exploit on December 15th, but not expecting an update until Jan 12th.  That is a long time.

Just  a random rant.  Security is always important, and I wouldn’t think that going to my boss and saying, “This exploit can crash our program, and its widely known, however we don’t expect to fix it for a month” would go over to well.  I would expect a resolution or work around quickly.

Anyways. that is all for tonight. Thanks for reading and go Open Source :)


IRC as a Social Media


11 Jan

Tags: , ,
Posted in Random, Raves | 2 Comments »

As you may or may not know, I am a very frequent member of the IRC community.  IRC, or Internet Relay Chat, is a early internet technology that allows users to chat from all over the world in a simple and easy environment.   IRC has seen a new life come out recently from some social media events such as Online streaming.  UStream uses IRC to allow users to communicate within a community and show, Justin.TV uses a hacked form of IRC to communicate as well.

Depending on the network that you chat on, you can find users that chat about anything. From software development, fighting malware, talking about technology, or even discussing the latest movies and video games. IRC is a place that you can find many people to pass time and even find good bits of help and friends.

There are two networks that I frequent are GeekShed, and DevilsFreek.  GeekShed is ranked as one of the top 100 IRC networks that are rated by users and channels by SearchIRC.  DevilsFreek is more of a quiet and small community that is more of a test bed for my workings.

IRC has had a few bad bursts of publicity in the past, media often covers IRC as a place that hackers hack, and steal credit card numbers and botnets are from.  While there are a few places that this is true, the majority of IRC networks are safe and have active network administrators that keep the trouble makers away.

If you want to connect to GeekShed to take a peak at what IRC is, and what not, feel free to click the More button and a flash chat should appear below.

(more…)

Social Media


05 Jan

Tags: , , , ,
Posted in Rambles, Random | 8 Comments »

What in the world is all of this social media stuff we keep hearing about?

Social Media is defined as “A category of sites that is based on user participation and user-generated content.”

Well, that by itself doesn’t really help one understand what social media is, or why its important.  To me, social media is using any user based site (such as facebook, or twitter) to promote yourself and your ideas.

What does it do for us?  This is harder to determine what it really does for the world.  Yes, we have people that send twitter updates about their trips to the bathroom or their lunch menu, but there are also people that use twitter to communicate and spread ideas and have quite the following.   Most of the people that have mastered social media use  a combination of services to bring together a community of followers.

One of the first masters of social media that I can think of is Chris Pirillo. Since the late 1990′s, Chris has been working on a web site called “LockerGnome”.  His site has newsletters and blogs from people ranging from nobody’s to higher up people in the technology world.   In early 2007, Chris went from former TV host (TechTV) to social media master.  He created his live streaming site, Live.Pirillo.com.  He took a few different types of new and old technology to help promote himself in ways that were very new and still are somewhat strange even 3 years later.

Pirillo took live streaming video from Ustream.tv, incorporated irc from GeekShed.net, and twitter into one medium to create a real time social following, somewhat the birth of social media.

While Chris Pirillo is an extreme example of social media, most people do find themselves using social media daily. From Facebook, MySpace, Ustream, twitte,r and even IRC, many users are finding more creative ways to make their online image different and more appealing.  Technology new and old is brought together in different ways to help bridge everything together.  Is this Web2.0? Perhaps; to me, it’s more about finding ways to share ideas with friends.  After all, how many of us have clicked on a link on Facebook of a random web page that someone has found and thought it was the best in the world and shared with it others?  This is social media after all

Corey's Rants

A Web Developer's rants, raves and randomness.