« Previous post
Next post »

January 17, 2008

BitTorrent Clients Are A Security Risk, RIAA Probably Ecstatic

Duncan Riley

12 comments »

Popular BitTorrent clients uTorrent and the official BitTorrent client pose a security risk to users.

According to a report at Torrentfreak, both clients are vulnerable to a remote denial-of-service attack due to the way they handle user-supplied data. Versions found to be vulnerable so far are the official BitTorrent 6.0 client, uTorrent 1.7.x, uTorrent 1.6.x and uTorrent 1.8-alpha-7834.

The flaw allows an attacker to crash the application, however Code execution is not possible, meaning that it’s more of an annoyance than something that should cause BitTorrent users to panic.

Both clients are produced by the company BitTorrent, which has taken $34 million in funding over two rounds from Accel Partners and Doll Capital Management.

Update: Commenter’s suggest there’s already a fix. That was quick, make sure that the BitTorrent client you’re using to download legitimate legal content is up-to-date.

  • Sphere It

This entry was posted on Thursday, January 17th, 2008 at 11:26 am and is filed under Company & Product Profiles. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Trackbacks/Pings (Trackback URL)

  1. Los clientes BitTorrent son un riesgo de seguridad (no legalmente hablando) :

    January 17th, 2008 at 11:48 am

Comments

RSS feed for comments on this post.

  1. Chris Jacobson

    January 17th, 2008 at 11:34 am

    Nothing to worry about I guess… I’m sure they’ll come out with a fix.

  2. Mike

    January 17th, 2008 at 11:40 am

    They already fixed it.
    From Torrentfreak:
    “The uTorrent team state the flaw affects all older uTorrent versions 1.6 and 1.7.x. too but have been quick to respond, releasing a new build - uTorrent 1.7.6 (build 7859) which has fixed the issue.

    It can be downloaded here. http://download.utorrent.com/1.7.6/utorrent.exe

  3. matt

    January 17th, 2008 at 11:44 am

    please change the title of this post from “Security Risk” to “Annoying Bug”

    Thanks

  4. LiveCrunch

    January 17th, 2008 at 11:48 am

    That’s why I use StrongDC :) on linux …but it’s also aval. for winnys …

  5. Ajouter32

    January 17th, 2008 at 12:05 pm

    In order to download a file from a .torrent, you need a BitTorrent client. Nowadays, you have many choices; I listed a few of the best clients here
    Ajouter32 - http://www.ajouter32.com

  6. damon

    January 17th, 2008 at 12:15 pm

    Actually, any client is a security risk, who knows what’s in there

  7. Vincent

    January 17th, 2008 at 12:24 pm

    The title of this post is lamely dramatic. Do you need shocking titles to get readers now? I thought this was techcrunch, not perezhilton

  8. Alex Barrera

    January 17th, 2008 at 6:15 pm

    How about linking to the original advisory? ;)

  9. Larry Larrikin

    January 18th, 2008 at 6:20 am

    Typical TechCrunch story. Duncan is going solely for drama and sensationalism to draw an audience, truth be damned. Arrington is incredibly short-sighted to let this happen. He will attract a wider audience but his core, technical audience will move on to something better. I guess he’s thinking he’ll sell out before that happens.

  10. Bali

    January 18th, 2008 at 1:47 pm

    TRUTH LARRY HAVE REASON

  11. Uzumaki

    January 27th, 2008 at 11:29 am

    Most retarded topic I’ve ever seen in my life!!!!!!!!!!!

« Previous post
Next post »