|
Telecom and Logistics Associates |
TLAalert
Security Service
|
| |
Save Time and Money
TLAnews: Security NEWs
Service
|
|
|
|
|
 4.7.2000 Security: Which
Chat channels do hackers follow
Internet chat
clients such as instant messaging applications pose a serious security risk
for corporations, according to an advisory issued last week by Carnegie Mellon
University's Computer Emergency Response Team (CERT).
En français: Quels cannaux de
"Chat" suivent les "hackers"
Les logiciels de
"tchatche" comme les applications de "instant
messaging" posent des serieux risques de sécurité aux entreprises, selon
un avis diffusé la semaine dernière par Carnegie Mellon
University's Computer Emergency Response Team (CERT).
|
|
|
| English
version |
| Chat
clients and Internet Relay Chat (IRC) networks are coming under
scrutiny in the wake of recent viruses like the I Love You and
Life-Stages bugs. Both were programmed to take advantage of instant
messaging software and chat rooms to spread themselves rapidly
across computers and networks
Flaws in chat client software, for
instance, could be relatively easily exploited by crackers to plant
and launch malicious code in corporate networks. Similarly, users
could be tricked into communicating sensitive information or
downloading files containing malicious code via chat clients, he
added.
Users must realize that chat software
was definitely not meant for secure information exchange
|
|
| Résumé
en français |
|
A la suite des recents virus et trojan les logiciels client pour
la "tchache" sur Internet recoivent de plus en plus
d'attention de la part des experts en sécurité. Les deux virus I
Love You et Life-Stages ont été programmé pour utiliser
avantageusement les "chats" pour se propager rapidement.
Les faiblesses de ces logiciels
peuvent être facilement exploitées par les pirates pour infiltrer
les entreprises avec du code malicieux. De la même manière les
collaboraterus d'une entreprise peuvent être trompé par le but
réel de certains fichiers transfèrés.
Les utilisaterus doivent réaliser
que ces logiciels de "chat" ne sont pas fait pour
effectuer un échange sécurisé d'information.
|
|
Where do all those "young people " meet on
IRC, most of them meet on Undernet.
If you just want to have a try on channels dedicated to hacking use this link it
will take you to an applet accessing IRC. It will request from you to trust the
signed applet, in order to allow the applet to connect to IRC channels directly.
This is circumventing the security model of the Java Virutal Machine (JVM), of
your browser. We call this using signed applets.Then your browser will be able
to connect to other network servers than the one it came from.
http://www.hack-net.com/html/hncirc/
Then select a server and a channel, and you are ready to ask questions like :
<Surcouf#HackPhreack> What tool to use to crack excel password
protected files.
If you are behind a firewall you will have some problems, since normaly the
network access to IRC is closed. To open that access on a firewall you need to
have access on port 6667 or some other listed in the table below. Your company
should not accept that kind of access, but you are free to try it from home.
| Server list
for Undernet.org |
North
America
| Server
name |
Open
ports |
Hosted by |
| Arlington.VA.US.Undernet.Org |
6660-7000,
6060-6070 |
erols.com |
| Atlanta.GA.US.Undernet.Org |
6660-6669 |
mindspring.com |
| austin.tx.us.undernet.org |
6665-6669, 7000,
7777 |
io.com |
| Baltimore.MD.US.Undernet.Org |
6660-6669 |
abs.net |
| Dallas.TX.US.Undernet.Org |
6661-6669 |
airnews.net |
| LasVegas.NV.US.Undernet.Org |
6660-6669 |
lvdi.net |
| Manhattan.KS.US.Undernet.Org |
6666-6669 |
ksu.edu |
| McLean.VA.US.Undernet.Org |
6666-6669, 7000 |
cais.net |
| Montreal.QU.CA.Undernet.Org |
6660-6669 |
polymtl.ca |
| NewBrunswick.NJ.US.Undernet.Org |
6660-6669, 7000,
7070 |
att.net |
| NewYork.NY.US.Undernet.Org |
6660-6669, 7000 |
nac.net |
| SaltLake.UT.US.Undernet.Org |
6660-6669 |
aros.net |
| SanDiego.CA.US.Undernet.Org |
6660-6670 |
connectnet.com |
| Toronto.ON.CA.Undernet.Org |
6660-6669 |
total.net |
| Vancouver.BC.CA.Undernet.Org |
6650-6690 |
direct.ca |
| Washington.DC.US.Undernet.org |
6660-6669 |
aol.com |
| WebChat.MD.US.Undernet.Org |
8000 (via the
web) |
abs.net |
Europe
| Server
name |
Open
ports |
Hosted by |
| Amsterdam.NL.EU.UnderNet.org |
6660-6669, 7000 |
euronet.nl |
| Brussels.Be.Eu.Undernet.org |
6660-6669, 7000,
80 (web) |
planetinternet.be |
| Caen.FR.EU.Undernet.Org |
6660-6669, 7000 |
ensicaen.ismra.fr |
| Diemen.NL.EU.Undernet.Org |
6660-6669, 7000 |
wxs.nl |
| Flanders.Be.Eu.Undernet.org |
6660-6669, 7000 |
planetinternet.be |
| Haarlem.NL.EU.UnderNet.Org |
6660-6669, 7000,
7777, 8080 |
vuurwerk.nl |
| Gothenburg.SE.EU.Undernet.Org |
6660-6669, 7000,
7777 |
chalmers.se |
| Graz.AT.EU.Undernet.Org |
6665-6669, 7000,
7777 |
tu-graz.ac.at |
| London.UK.EU.Undernet.Org |
6666,6667, 7000,
8000, 9000 |
nildram.co.uk |
| Oslo-R.NO.EU.Undernet.Org |
6660-6669, 7000 |
sol.no |
| Oslo1.NO.EU.Undernet.Org |
80 (via the web) |
sol.no |
New Zealand
| Server
name |
Open
ports |
Hosted by |
| Auckland.NZ.Undernet.Org |
6667,6668 |
iconz.co.nz |
|
| Some
channels to use |
| Channel |
|
Server |
Comment |
| #hackers_usa |
|
|
|
| #kingsize |
welcome to the infamous KingSize's chat zone (united
hackers of |
|
|
| #rdhackers |
RDhackers TeAm |
|
|
| #gphoe |
Girl Phreakers and Hackers On Earth |
|
|
| #dominikanos |
Asociacion de Hackers Dominicanos |
|
|
| #hnc |
Welcome to #hnc, irc home of the HNC Network and
Hackers-UK. |
Dallas.TX.US.Undernet.Org |
|
| #evil-hackers |
It's a channel, duh |
|
|
| #elitehackers |
Enjoy #Elitehackers Mail us: Elitehackers@yucom.be |
|
|
| #condemnation |
|
|
|
| #HackPhreack |
|
London.UK.eu.Undernet.org |
Most followed |
| #Hacktech |
|
London.UK.eu.Undernet.org |
|
| #Rootworm |
|
|
|
| #HFX |
|
|
|
|
|
|
|
|
IRC
(Internet Relay Chat)
is a virtual meeting place where people from all over the world can meet and
talk; you'll find the whole diversity of human interests, ideas, and issues
here, and you'll be able to participate in group discussions on one of the many
thousands of IRC channels, or just talk in private to family or friends,
wherever they are in the world.
to get some help in an IRC type on
the command line : /help
Author information.
Copyright © [Telecom and Logistics Associates Sàrl]. All rights
reserved.
Revised: juillet 04, 2000
.
|
All information provided is of a general nature and is not
intended to address the circumstances of any particular individual or entity.
Although we endeavor to provide accurate and timely information, there can be no
guarantee that such information is accurate as of the date it is received or
that it will continue to be accurate in the future. No one should act upon such
information without appropriate professional advice after a thorough examination
of the facts of the particular situation.