Sunday, June 25, 2006

Freenode haxx0rz3d

Just found out via Slashdot that the admin password on Freenode was compromised. As you may know, the AMRN uses Freenode for its chatroom. (They should probably go somewhere else, eh?)

This comment on Slashdot's article was kind of scary:

In #bantown we have two EFnet server operators. As we sat there ruining freenet they were amazed how we had managed to get that far. On EFnet, oper blocks are for one specific host and all oper hosts are spoofed so you have to figure out the box that a given oper is on and root it before getting any further. lilo's host was bound to *@*, leaving his network ripe for our taking. EFnet, despite being what lilo calls a "normal IRC experience" is thousands of times safer and more stable than Freenode. The man should learn to run an IRC network before he asks people to pay him for it.

PS, lilo: I still have root on a server that's on the same switch as one of your precious Freenode servers. Next we'll be arpmitm'ing and spoofing the C/N lines to link in a hacked server. I'll let you have fun running around trying to guess which one that server is.

You have three days to post "I have been trolled by Bantown" on global notice.
Reminds me of the days of channel wars. (Do people still have those?)

But this comment was hilarious:

o noes, If someone got a hold of lilo's password, they could start spamming the users with useless server-wide notices nobody cares about!!1!
XD

In any case, if you were using your Freenode password for other things online, go change those account passwords now.

No comments: