[9991] in bugtraq
Re: abuse of nickserv
daemon@ATHENA.MIT.EDU (StudNo1)
Fri Mar 26 15:15:24 1999
Date: Thu, 25 Mar 1999 21:07:08 -0600
Reply-To: StudNo1 <StudNo1@dal.net>
From: StudNo1 <studno1@INTELLEX.COM>
X-To: Nelson Little <nel74@TIG.COM.AU>
To: BUGTRAQ@NETSPACE.ORG
I am a DALnet Csop. Let me clarify something. No one should ever use /msg to
services on dalnet. DALnet has had built into the ircd for about a year now
the command /nickserv /chanserv and /memoserv to replace the need for /msg.
If these are used as has been advised for along time there will be no
problems at all with this. Just a FYI.
-----Original Message-----
From: Nelson Little <nel74@TIG.COM.AU>
To: BUGTRAQ@netspace.org <BUGTRAQ@netspace.org>
Date: Thursday, March 25, 1999 7:47 PM
Subject: abuse of nickserv
>Hi,
>
>Many people that IRC on Dalnet have scripts which automatically identify
>their nicknames via "/msg nickserv identify your_password" This works fine,
>however,if you also IRC on Undernet you can run into a problem. Undernet
>has no nickserv so if someone on Undenet decides to use the nick "nickserv"
>they will be exposed to countless passwords from all the people that
>automatically identify themselves. Once the evil user has these passwords
>they can jump on Dalnet and steal that person's nick and change the
>password. With a bit of brain power, and I won't go into how, they can also
>abuse op in any channels that person has op access in.
>
>Dalnet has been advised and starting on April 15th, you'll need to identify
>to NickServ using /msg NickServ@services.dal.net IDENTIFY instead of just
>using /msg NickServ IDENTIFY.
>
>All the other IRC networks that I tested have a nickserv bot which halts
>the abuse mentioned above.
>
>Regards
>Nelson
>
