BitchX 1.0c19 IRC Client Backdoored

JRAC writes "A recent Bugtraq submission has indicated that the popular IRC client, BitchX, contains a backdoor. So far, only certain 1.0c19 files, downloaded from ftp.bitchx.com are reported to contain the malicious code. The BitchX developers have been notified, so hopefully a fix will be issued soon. Looks like irssi wasn't the only one ;)"

Re:Who's this?

[pacman+on+prozac]

"However, the owners of the box are still responsible for the lack of security that allowed their box to be compromised."

I've now heard this too many times. It's simply wrong. Whatever their reasons for putting a system online that is not totally secure are irrelevant. Blame the person who broke in, not the person who owns/runs the computer.

As an example how many servers were (and still are) running vulnerable versions of apache? Should all those admins be held responsible if someone broke in to their system and abused it? How about if those same systems were broken into before that vulerability was disclosed. Where do you draw the line? I suggest drawing it by putting the responsibility firmly on the shoulders of the perpetrator of the crime rather than the victims.