User Tools

Site Tools


security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

security [2006/08/29 16:08] (current)
Line 1: Line 1:
 +======Security Issues======
 +
 +EPIC is an extremely flexible client. ​ To borrow a phrase from many a C
 +programmer, it gives you enough rope to hang yourself. ​ With caution and
 +some common sense, this isn't a problem.
 +
 +By far, the most potentially dangerous facility is [[ON]]. Because hooks can be
 +set to activate on any arbitrary input, and because they can perform most any
 +action when activated, they are often used for malicious purposes. Consider the
 +following:
 +
 +   on ^msg "% obey *" {
 +      $2-
 +   }
 +
 +This allows anyone to make your client perform any command, simply by
 +sending you a message beginning with "​obey",​ followed by any command. ​ On
 +top of that, you won't even see the message, and if the perpetrator is
 +careful, you won't see its output either.
 +
 +Social engineering is also a problem on irc.  EPIC attempts to combat this
 +with special configuration settings that disable certain "​dangerous"​
 +commands. ​ Of course, experienced users can disable these settings, but
 +novices should think twice before doing so.
 +
 +Above all, lack of education is probably the biggest problem associated
 +with the client. ​ Think twice before typing a command you aren't familiar
 +with.  Think twice before loading a script someone has given you, if you
 +don't understand how it works.
  
security.txt ยท Last modified: 2006/08/29 16:08 (external edit)