[IRCServices] Linked nicks

Strider strider at chatcircuit.com
Tue May 15 18:42:00 PDT 2001


This is something I've mentioned a LONG time ago. Services opers (or is it
just services administrators?) can do a listlinks command on a nick to see
the linked nicks, and can then take care of the problem and make sure the
user changes his/her password. This is about all you can do to prevent
abuse. If linking is so much of a problem, it can always be totally disabled
in the configuration file. Or you can reinforce the use of strong passwords
or password rotation, or even better, both to all of your users. The
security issues really exists in the user and not the services.

Beau (Strider) Steward
chatcircuit administrator and 6bit band member
strider at chatcircuit.com        www.chatcircuit.com
ircadmin at chatcircuit.com     irc.chatcircuit.com
strider at 6bit.net                    www.6bit.net
----- Original Message -----
From: "Partizanu" <silvius at expres.ro>
To: <ircservices at ircservices.za.net>
Sent: Tuesday, May 15, 2001 9:00 AM
Subject: [IRCServices] Linked nicks


> Hello!
>
> This mail will not be about nested links, still... please read it.
> I've send another email on 03.05.2001...no answer...and I really want to
> know if I'm wrong in my way of seening things.
>
> So, let`s bring in the log and the comments:
>
> [16:47] *** Your nick is now c /** I'm c :)
> [16:47] -NickServ- Password accepted - you are now recognized.
> [16:48] -NickServ- Your nick has been linked to b. /** I link myself to
> b
> [16:48] *** Your nick is now b /** Now I'm b
> [16:48] -NickServ- Password accepted - you are now recognized.
> [16:49] -NickServ- b is mdeah /** Now I do an INFO on me, but NS doesn't
> say anything about a linked nick...why?
> [16:49] -NickServ-    Is online from: ~mda@<some.host>
> [16:49] -NickServ-   Time registered: May 15 16:45:25 2001 EEST
> [16:49] -NickServ-    E-mail address: a at a.com
> [16:49] -NickServ-           Options: Kill protection, Security
> [16:49] -NickServ- Syntax: UNLINK [nick password] //** Sill I want
> to UNLINK c from me, but I'm asked about c passwd
>
>
>
> The story behind this is that if I know a password on a nick, I can:
> a) link myself to it and be *invisible*
> b) the person to whom I'm linked can't UNLINK me, because he/she doesn't
> know my password
>
>
> It's this OK?
>
>
> Greetings,
> Partizanu
> -----------------------------------------------------------
> To unsubscribe, mail ircservices-request at ircservices.za.net
> with the word UNSUBSCRIBE in the subject of the mail.
> http://www.ircservices.za.net/mailman/listinfo/ircservices
>