BBC NEWS Americas Africa Europe Middle East South Asia Asia Pacific Arabic Spanish Russian Chinese Welsh
BBCi CATEGORIES   TV   RADIO   COMMUNICATE   WHERE I LIVE   INDEX    SEARCH 

BBC NEWS
 You are in: Sci/Tech
Front Page 
World 
UK 
UK Politics 
Business 
Sci/Tech 
Health 
Education 
Entertainment 
Talking Point 
In Depth 
AudioVideo 


Commonwealth Games 2002

BBC Sport

BBC Weather

SERVICES 
Monday, 4 February, 2002, 17:57 GMT
Hole in chat software fixed
Person typing on a keyboard
Internet Relay Chat is very popular among web users
Alfred Hermida

People who like to talk on the internet have been advised to download the latest version of one of the most popular chat programs.

The upgrade of the Internet Relay Chat (IRC) software, mIRC, plugs a security hole which could let someone take control of your computer.

English freelance programmer, James Martin, told BBC News Online he had alerted the developers of mIRC in October.

But he said he held back from revealing how to exploit the security hole until the release of the new version of the software.

The people behind mIRC said they had been planning to release an upgrade of the software, but described Mr Martin's help as "invaluable".

"Hopefully the exploit has been solved in the new version, although these days it's hard to know since so many people are constantly looking for ways to exploit issues like this," the developer of mIRC, Khaled Mardam-Bey, told BBC News Online.

Full control

To gain control of a user's computer, a malicious hacker would need to get the victim to connect to a specific server.

This could be done by placing a certain computer code in a webpage or in an e-mail, which would result in what is called a buffer overflow.

The end result is that the attacker would gain full control of a victim's computer.

The problem has been fixed in version 6.0 of mIRC, which is much stricter in the way it handles messages.

The security hole that was found depends on someone setting up a hacked/rogue IRC server that attempts to exploit the bug," said Mr Mardam-Bey.

"It's not something that can happen on any of the major IRC networks. It requires the person who set up the server to convince people to connect to his server."

"Any security hole that allows someone else access to your computer is serious. However in this case ... it was limited to a very specific situation," he said.

The software is a shareware Internet Relay Chat program for Windows that has been downloaded by millions of people.

Internet Relay Chat is one of the most popular interactive services on the internet.

The IRC network serves as a virtual meeting place where people from all over the world can meet and talk.

See also:

02 Feb 02 | Sci/Tech
Privacy of MP3 fans at risk
05 Dec 01 | Sci/Tech
Goner virus gets everywhere
20 Aug 01 | Sci/Tech
Hotmail hole exposes e-mails
19 Dec 01 | Sci/Tech
Microsoft closes browser holes
31 Jan 01 | Sci/Tech
Major net security holes identified
Internet links:


The BBC is not responsible for the content of external internet sites

Links to more Sci/Tech stories are at the foot of the page.


E-mail this story to a friend

Links to more Sci/Tech stories