-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 16 August 2002 12:31, Juan F. Codagnone wrote: > Hi, > > > Let's say a cracker creates a new ICQ account and sets the > > alias to the hostname of your favourite remote box (for example > > the telnet server at your work). The cracker then sends you a > > message. The plug-in will add the hostname, together with his > > IP, to /etc/hosts. > > sorry. i still don't get it. (may be is the time of the day) > the licq plug-in adds the hostname to tha hosts file?. i never > saw licq resolving names or addresses except for the server's > namer. and i don't know why they should change the hosts file.
- From the plugins section on www.licq.org: - ----- Update Hosts 0.0.5 A simple plugin to add your contact list to your /etc/hosts file, thus allowing the use of a users alias as a hostname for contacting them using ftp/telnet/talk... The plugin can be run concurrently with a gui plugin and will dynamically maintain your /etc/hosts file as users go online and offline. Can be found on the ftp site (ftp.xx.licq.org) in the plugins directory. - ----- Somehow I was under the impression that this plugin was distributed with the licq base distribution, but it's not in the source distro at least, I haven't checked the binary ones. At any rate, this allows for the security hole I described. Lourens - -- GPG public key: http://home.student.utwente.nl/l.e.veen/lourens.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9XNuHvmNyqZHWDvURAkC7AJ9+vltwL9kflrodo0anlFE/xw1P1QCggRia B/rrMYLfBjfjgAq8qxHScjc= =E77N -----END PGP SIGNATURE----- ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Licq-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/licq-devel
