A little less than 4 weeks after the -rc1 release, there now is a -rc2 release of UnrealIRCd 3.2.8 available where some of the still present bugs have been fixed. Fixes in this release include a bug that prevented you from compiling the IRCd on Mac OS X , problems with OperOverride that prevented you from [...]

On monday HydraIRC, calling itself “the professional client”, posted an announcement of a new version that has been released back in December on its website. The announcement mentions a good reason for the update - security issues that also have plagued other clients as well, again in the form of malicious irc:// URLs which can lead [...]

Just a little more than 2 weeks after the last update there already is another update for XChat on Windows, now being available as version 2.8.7e. The changelog is short but includes a couple of crash-fixes, so the upgrade might be worth it. Fixed a rare Auto-Nick-Completion (non-TAB key) crash. Fixed a possible crash if you clicked “Add [...]

After being 5 years and 11 days in the making, there was the first production release of the ircII fork EPIC5, now being at version 1.0, in the end of December. For readers that don’t know the project yet, the website explains a little of EPIC’s history: EPIC is an irc client project. The EPIC software was [...]

Hack a Day has an interesting article on how to write Tweets from within your IRC client. Sounds good? But how? The article (and one comment) mention 2 methods on how to achieve this - one would be by using a local IRCd written in PERL and another one by using a bot in a channel. The bot [...]

No, not only mIRC has bugs

For the second time, after a similar vulnerability in 2007, the irc:// URI-handler of KVIrc 3.4.0 is vulnerable to exploitation.

For successful exploitation of the security hole the user needs to be tricked to follow a maliciously crafted irc:// link - “Failed exploit attempts may cause denial-of-service conditions.” at least, or might even enable the attacker “to execute arbitrary code with the privileges of the user running the affected application.” - which we all know is Administrator for 95% of all Windows machines.

However, this post on the KVIrc mailing list claims the bug is invalid and KVIrc 3.4.x is not affected but after a short test i can at least confirm that there indeed is an issue that causes a DoS because KVIrc crashes after opening the malformed link.

The usual suggestion to upgrade to the latest version to be not prone to that vulnerability is superfluous at least for the Windows-version of KVIrc, as 3.4.0 is the latest “stable” release that can be obtained from the website.

Little over one month after the last release of the popular IRC-client, a new version becomes public.

According to the website the update is due to a security flaw concerning “very long nicknames on non-standard servers” and it is therefore a recommended upgrade for everyone.

Also, it seems the exploit code for the mentioned vulnerability is already in the wild so it’s advised to update in a timely manner or deploy the following workaround if an upgrade is not possible:

on ^*:OPEN:?:*:if ($len($nick) > 298) halt

The above snippet should be added to ones mIRC’s remotes and shall then prevent the hole from being exploited.

Thanks to slakker for the tip & links!

On Sunday, 26th October the Anope project announces the release of release candidate 1 of their new stable branch, version 1.8 of their widely used IRC services package.

The announcement on their website also mentions that “Apart from updates to language files there are no changes since the last development release (1.7.24).”

However, all users of the last stable release, 1.6.5, should prepare to test the new version since they plan to stop supporting it when 1.8 becomes final.

A detailed changelog can be found here.

Thanks to Chaz & Viper for the tip!

Yes, it’s that time of the year again

After quite some time of thinking what to do with the “old” websites code that i would have to customize to get some of the functionality i’d want to have, i took the plunge and moved everything to Wordpress.

After quite a few tiresome days of importing posts and comments manually, installing things and cursing like a seaman i’m finally done

Please, let me know what you think about it - suggestions and everything are more than welcome.

Oh, and after i get some rest (and a few drinks at some bar i suppose) i’ll update the page with a few articles that have piled up in the meanwhile