Eggheads: vulnerability

[David Fedoruk]

Derek and all:

a few more thoughts on this debacle:

>
> As far as I know it only shares the name...

What its done is attempt to use the good name of Eggdrop to further
its own eveil purposes. That thing is a back door. Eggdrop is
categorically NOT any kind of back door. Its in our FAQ.

> > If there is any code at all then they are in violation of the GPL by
> > not releasing their new code.
>
> You forgetting that this is a trojan, even if it's bassed on winegg
> it's violating many other things (including DMCA).

>From the Windrop FAQ "There is very little difference between the code
or the operation of Eggdrops and Windrops!"

So what ever they've done, steal the code or just steal the
name/identity and good will the name eggdrop should have generated,
the besmirching of the Eggdrop name needs to stop.
>
> > If that program persists ts, even its name may be able to be
> > challenged on the grounds that eggdrop has been using that name for a
> > bot program for over 15 years.
>
> Hehe, but do you know who is it's author? :)))

Even a nick or alias is a start ... and aren't the FBI also looking
for these people/persons? I also saw a reference to China somewhere in
reading about this thing as well.
>
> > Have we considered registering Egggdrop as a trade name?
>
> If it's free then we definitively should ;)))
>
> >> Heh, no wonder many people think that eggdrop is a hacking tool.
> > Eggdrop should make some sort of public statement about this
> > situation. I've heard to many Systems Admins talk about eggdrop as a
> > trojan. They are truly ignorant of its true purpose and have never
> > seen the real code.
>
> I don't think this makes any difference... If somebody knows eggdrop
> well enough to know about www.eggheads.org then already knows that
> eggdrop isn't a hacking tool

Its not the people who know us I'm worried about, its the ones who do
not. The moment you say bot to some of these IT professionals (mostly
Windows trained) they instantly think virus, evil, nothing good done
with it and eggdrop is automatically dumped into this category in
their mind. I have nearly gotten into some heated arguments on the
subject of eggdrop and the difference between the nasty trojan type
bot and eggdrop. I sat in one Windows Administration class at a
university where the professor said categorically that eggdrop was a
trojan.
>
> Maybe we should notify antivirus firms to ask them to call this
> product differently? Although I belive they still would put that name
> in the list of aliases...

It may have to remain as an alias but there should also have a duty to
 publish a disclaimer  differentiating it from the legitimate eggdrop
irc bot which is entirely benign and meant for useful purposes.

If the Anti-virus people don't have a *nix background and/or know irc
well, they may not even know what eggdrop is. I talk to many people
who use irc quite regualarly who have no idea what eggdrop is and live
in the deluded world where Kahled Mardam Bey created mIRC ... meaning
IRC itself.

It seems to be a belief system all of its own and difficult to dispell
the dellusion that there is only mIRC.

Cheers, and heres to producing some good publicity for ourselves!

David


--
David Fedoruk
B.Mus. UBC,1986
Certificate in Internet Systems Administration, UBC, 2003

"Music is enough for one's life time, but one life time is not enough
for music" Sergei Rachmaninov