security
Differences
This shows you the differences between two versions of the page.
| — |
security [2006/08/29 16:08] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ======Security Issues====== | ||
| + | |||
| + | EPIC is an extremely flexible client. To borrow a phrase from many a C | ||
| + | programmer, it gives you enough rope to hang yourself. With caution and | ||
| + | some common sense, this isn't a problem. | ||
| + | |||
| + | By far, the most potentially dangerous facility is [[ON]]. Because hooks can be | ||
| + | set to activate on any arbitrary input, and because they can perform most any | ||
| + | action when activated, they are often used for malicious purposes. Consider the | ||
| + | following: | ||
| + | |||
| + | on ^msg "% obey *" { | ||
| + | $2- | ||
| + | } | ||
| + | |||
| + | This allows anyone to make your client perform any command, simply by | ||
| + | sending you a message beginning with "obey", followed by any command. On | ||
| + | top of that, you won't even see the message, and if the perpetrator is | ||
| + | careful, you won't see its output either. | ||
| + | |||
| + | Social engineering is also a problem on irc. EPIC attempts to combat this | ||
| + | with special configuration settings that disable certain "dangerous" | ||
| + | commands. Of course, experienced users can disable these settings, but | ||
| + | novices should think twice before doing so. | ||
| + | |||
| + | Above all, lack of education is probably the biggest problem associated | ||
| + | with the client. Think twice before typing a command you aren't familiar | ||
| + | with. Think twice before loading a script someone has given you, if you | ||
| + | don't understand how it works. | ||
security.txt ยท Last modified: 2006/08/29 16:08 (external edit)