When logging into IRC via gaim, gaim registers the user with their valid local account id as well as the nick chosen by the end user. This is revealed when an attacker asks for information regarding the victim. Given that the host name (DNS/IP) is also registered, an attacker now knows both the location of the host and a valid account name. The offending function call is g_get_user_name() within the function irc_login_cb in irc.c. This pulls the local account name. I suggest giving the user a chance to replace it with a name of their own choosing, as well as having a default fake name for those users who are technically challenged. :) I reported it to one of the main developers via IM but was told that it is just part of the IRC protocol and could not be changed. This effects version 0.72 which is the latest. I assume it effects early versions too, but I did not check due to time constrains. Workaround: Offending code in irc.c: buf = irc_format(irc, "vvvv:", "USER", strlen(username) ? username : ----------> g_get_user_name(), hostname, irc->server, gc->account->alias && *gc->account->alias ? gc->account->alias : IRC_DEFAULT_ALIAS); Replace with: buf = irc_format(irc, "vvvv:", "USER", strlen(username) ? username : ----------> "Your new 9 char spoofed IRC name here" , hostname, irc->server, gc->account->alias && *gc->account->alias ? gc->account->alias : IRC_DEFAULT_ALIAS); Cheers, 'ken'@FTU -- 'ken'@FTU <ken@ftusecurity.com>