This shows you the differences between two versions of the page.
— |
security [2006/08/29 16:08] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ======Security Issues====== | ||
+ | |||
+ | EPIC is an extremely flexible client. To borrow a phrase from many a C | ||
+ | programmer, it gives you enough rope to hang yourself. With caution and | ||
+ | some common sense, this isn't a problem. | ||
+ | |||
+ | By far, the most potentially dangerous facility is [[ON]]. Because hooks can be | ||
+ | set to activate on any arbitrary input, and because they can perform most any | ||
+ | action when activated, they are often used for malicious purposes. Consider the | ||
+ | following: | ||
+ | |||
+ | on ^msg "% obey *" { | ||
+ | $2- | ||
+ | } | ||
+ | |||
+ | This allows anyone to make your client perform any command, simply by | ||
+ | sending you a message beginning with "obey", followed by any command. On | ||
+ | top of that, you won't even see the message, and if the perpetrator is | ||
+ | careful, you won't see its output either. | ||
+ | |||
+ | Social engineering is also a problem on irc. EPIC attempts to combat this | ||
+ | with special configuration settings that disable certain "dangerous" | ||
+ | commands. Of course, experienced users can disable these settings, but | ||
+ | novices should think twice before doing so. | ||
+ | |||
+ | Above all, lack of education is probably the biggest problem associated | ||
+ | with the client. Think twice before typing a command you aren't familiar | ||
+ | with. Think twice before loading a script someone has given you, if you | ||
+ | don't understand how it works. | ||