>I read somewhere that there is a security loophole in IRC. I don't know >anything else about it but I would like to find out more information >about this. I heard that information about this IRC loophole can be found >by FTP at ftp.cert.org, but I couldn't find anything relevant there. The security concerns with IRC relate almost exclusively to ircII clients that have been modified in the source code or scripts. A source code backdoor to let people gain access to your account can be made to be very invisible, (but usually instantly spottable by anyone with knowledge of C code), but to date most backdoors relate to responding to loud noisy one line commands over IRC. Script backdoors can be more intricate because it doesnt take as much skill to develop usually and the intricacies and subtleties of the scripting language can hide holes quite readily. Again they can be spotted and most to date have been boorishly primitive. To protect yourself from the source code attack, the best thing is to replace your client if you are in doubt as to its origins. You can find a client on anonymous ftp at coombs.anu.edu.au in the /pub/irc/ircII directory. Installing is left as an exercise to the reader. This machine is generally considered to be the safest place to obtain a client. To protect yourself from scripts with dangerous holes in them, basically dont run scripts from other people unless you are competent enough with the language to understand the workings. I myself dont run any scripts and have been using irc for over six years. You dont need them and often they are annoying and will lead to you being removed from channels. (i.e. textbox). Also there are people of doubtful intelligence that enjoy sending people trojan scripts via IRC's DCC that immediately open your account to the world and inform the world of such. Dont run any scripts as a rule. Hope this helps, Mark