Freenode Attack - Priceless!
Posted: 04 Feb 2010, 08:21
Some of you may have heard about an exploit being used to attack IRC servers from Firefox.
Big warning. I'd turn off Javascript and images before following any links from that page. I ran across some pretty stomach churning images following the link to GNAA and i wouldn't be at all surprised if there isn't some nasty JS on some of those links.
I must say, I don't follow hacking much in general but this "security advisory" had me rolling on the floor. It's not just your average dumb exploit, it sounds like someone with a grudge or warped humor at work. I really like the highlights:
Big warning. I'd turn off Javascript and images before following any links from that page. I ran across some pretty stomach churning images following the link to GNAA and i wouldn't be at all surprised if there isn't some nasty JS on some of those links.
I must say, I don't follow hacking much in general but this "security advisory" had me rolling on the floor. It's not just your average dumb exploit, it sounds like someone with a grudge or warped humor at work. I really like the highlights:
Wow... Faked deaths? Fraud? There's more drama going on here than your average soap opera!Goatse Security wrote: Best things that were done to Freenode
You are mean. why did you torture freenode so much?
- Embedded exploit in hidden iframes in everyone's favorite shock site, leading to thousands of hosts joining network.
- Messaged Freenode opers blog links with hidden iframes and watched as they all k-lined eachother
- Switched up the floods to CTCP and made users flood themselves off with CTCP replies over and over again until they were k-lined from servers with reconnect limits.
- Flooded freenode with channel names full of legitimate users implying they were troll channels, making paranoid freenode ops ban their own legitimate users.
- After seeing a Freenode staff member make a bot that automatically k-lined flooding users in a channel with wildcards, manually flooded the channel from a shell account and watched it ban an entire TLD, taking a gigantic swath of the network with it.
- Made Freenode staff xenophobic and paranoid and watched them k-line anyone who dared ask for assistance or complain about the floods.
- Making Freenode users self-propagate the link on third party blogging services with warnings to not click the link (we got huge referrals from Twitter, thanks dudes)
Freenode/PDPC is a fucking fraud. In the entire time it has existed, it has never released financial statements. Rob Levin used PDPC to embezzle hundreds of thousands of dollars which should have been given to open source development projects. He faked his death, and came back in this "christel" incarnation in Europe to continue embezzling from Freenode. It is all a big lie, and these people should be thrown into ovens. EFnet continuously hosts 100x the number of users that Freenode does without constant netsplits and incidents. OFTC does not sit there and continuously beg for money. Get off of Freenode. Go to somewhere that is ethical.
Beyond that, the trolling scene has a lot invested in ruining Freenode. I posted Rob Levin's social security number, enabling the series of identity thefts and ruins that forced the man to fake his death. With Bantown, I watched Jmax sniff lilo's oper block password off the wire and absolutely wreck the network in it. I also watched Grog (of the GNAA at the time, until he was excommunicated by the former tyrant timecop) convince lilo that he was the founder of MySQL, get opered up, wreck the network. Then he convince lilo that his daughter's computer was hacked, apologized and wrecked the network again.
In short, wrecking Freenode is a long and glorious troll tradition that stretches backwards for time immemorial. If you associate with Freenode, use Freenode, or support Freenode, you are a target. You are asking to be destroyed.
Also, Freenode users get so mad. That's reason enough alone. Lulz.