ICMAG CHAT !!!!!!! Security Issue

[00420]

hey guys i just wanna say plz BECAREFUL ON THIS CHAT SERVER it is not safe.

this chat server is ran on a USA based server ..
http://support.raidersoft.com/status.pl

i just found out late last night brought it up to gypsy. both of us where in chat at the time. he says he will get right on it. today i get a im ( in chat) yet again gypsy finds a way for us to besafe a new program paid for by him....

GREEN LANTERN is working on it should be up this week..... as im told

reason i started looking into this is for some reason my proxy dose NOT hide my IP in chat it also was not hiding others it shows real ip's.

heres a copy/paste of what mods see in chat

[hillbillieonpcp] tumblers 160-200
[ParanoidNovice] 200 seems like a lot for nylon bags
00420: 69.1X8.X4.2XX { of corse u cant have my ip }
[420KushMaster] what are they made of silver and gold

 

[Guest423]

just in chat or on all the forums?

 

[00420]

just in chat or on all the forums?

just chat...........

the new one will be ran on the same server as the fourms

 

[Farmer John]

Wow bro, thats scary..

 

[Guest423]

sweet, makes me happy i haven't chatted on here yet lol....hope things get fixed for the rest of ya.....good luck

peace

 

[Harry Gypsna]

good discovery mate...way to go looking out for every1 like that......

 

[Guest]

That is a little alarming considering what is talked about in private there.
Good catch my bruddah.

 

[Guest]

Very good eye.

 

[Guest]

i stopped talking about personal issues in chat a long time ago.

ever since i saw myself in chat when i was not there (a ghost) i knew the chat was not stable/secure and yes, all my cache etc all gets cleared, i'm still ghosted often, as are many of you

anyway, like i said, i haven't said anything incriminating in chat. i am not too worried

as for you guys giving out personal info etc. do it in email.

doing this on a weed site is asking for trouble no matter how you look at it.

00420 you my friend, are a gentleman and a scholar, and i dank ya

see ya in chat

 

[mpro]

I would still like to see another attempt at an IRC server.

 

[Verite]

Until then I think I will continue to use my additional security measure of chatting in binary.

" 00011 1010001 1001011001 100011101 !! "

 

[Guest]

IRC would be nice. What server would we like to use. It's just a matter of making a new channel.

/j #ICMag

dalnet? effnet? freenode?

but the tor service should offer protection now for even the existing chat once it is correctly configured. still researching it.

 

[glasspackedbowl]

it will be nice to have a safer chat. Is this going to be a new chat software or the same thing hosted on this sites server?? Thanks again of time 00420

 

[ichbingeil]

Until then I think I will continue to use my additional security measure of chatting in binary.

" 00011 1010001 1001011001 100011101 !! "

There are only 10 types of people in the world. Those who understand binary and those who do not.

 

[mpro]

First time I have seen that quote...good one

There are only 10 types of people in the world. Those who understand binary and those who do not.

 

[SneakySneaky]

There are only 10 types of people in the world. Those who understand binary and those who do not.

oldie but a goodie lol but chat is still a very useful source of info

 

[Guest]

The reason your ip is not hidden by your proxy server is because that chat application is a java application. So while your browser may be configured to use the proxy, the chat app, which is a second application is not.

On another note, I'm pretty thrilled how you guys respond to these types of issues. Another board I frequented before I discovered this one, a discovered security hole was quickly discredited by mods, as well as the user posting it. The problems at this board were significant, being the worst part.
For instance: web stat reporting services installed and publicly accessible. A web server of this nature shouldn't even be keeping statistics, let alone reporting on them.

Cheers all,
Good to know folks care around here.

 

[ItsGrowTime]

Goddamit these necro'ed threads like this give me a heart attack when they come up....until I see it was from a year and a half ago. Grrr.

 

[HappyHemphog]

Arise from the grave ye olde thread!

Do you use a paid or free proxy service? It makes no sense for it not to work in chat. Your messages go from your isp service, to the proxy and from the proxy to the chat.

Web surfing proxies do not catch Java internet traffic. Java operates outside that environment and can access your internet connection directly, making a web proxy useless.

Now, if the Java applet allows you to configure it to use a web proxy for connecting, you can. Unfortunately, the chat at IC Mag does not allow for your communications to be sent via proxy. It would make chat ungodly slow anyway.

The good news is that the server on which the chat software runs is located in the Netherlands and logs are dumped frequently.

None of this is relevant as any traffic between your PC and your ISP is unencrypted, even if your using a proxy, so LEO could look at it if they wanted. Only an encrypted SSL (https://)connection would give you a slightly better anon connection as the messages between your PC and the destination are encrypted.

Remember, nothing gives you 100% anonymity or protection. These are only preventative measures designed to reduce, not eliminate, the risks of communicating on a public network.

Cheers!

 

[dwtc]

so, seeing that this thread was started a little over a year ago, was the problem ever fixed? i haven't been to chat yet, but have been thinkin about it lately.


stay safe,,,,,,,,,,,dwtc