BitTorrent Clients Are A Security Risk, RIAA Probably Ecstatic

by Duncan Riley on January 17, 2008

Popular BitTorrent clients uTorrent and the official BitTorrent client pose a security risk to users.

According to a report at Torrentfreak, both clients are vulnerable to a remote denial-of-service attack due to the way they handle user-supplied data. Versions found to be vulnerable so far are the official BitTorrent 6.0 client, uTorrent 1.7.x, uTorrent 1.6.x and uTorrent 1.8-alpha-7834.

The flaw allows an attacker to crash the application, however Code execution is not possible, meaning that it’s more of an annoyance than something that should cause BitTorrent users to panic.

Both clients are produced by the company BitTorrent, which has taken $34 million in funding over two rounds from Accel Partners and Doll Capital Management.

Update: Commenter’s suggest there’s already a fix. That was quick, make sure that the BitTorrent client you’re using to download legitimate legal content is up-to-date.

Los clientes BitTorrent son un riesgo de seguridad (no legalmente hablando) :
January 17th, 2008 at 11:48 am

Comments

Chris Jacobson - January 17th, 2008 at 11:34 am PST

Nothing to worry about I guess… I’m sure they’ll come out with a fix.

Mike - January 17th, 2008 at 11:40 am PST

They already fixed it.
From Torrentfreak:
“The uTorrent team state the flaw affects all older uTorrent versions 1.6 and 1.7.x. too but have been quick to respond, releasing a new build - uTorrent 1.7.6 (build 7859) which has fixed the issue.

It can be downloaded here. http://download.utorrent.com/1.7.6/utorrent.exe “

matt - January 17th, 2008 at 11:44 am PST

please change the title of this post from “Security Risk” to “Annoying Bug”

Thanks

LiveCrunch - January 17th, 2008 at 11:48 am PST

That’s why I use StrongDC on linux …but it’s also aval. for winnys …

Ajouter32 - January 17th, 2008 at 12:05 pm PST

In order to download a file from a .torrent, you need a BitTorrent client. Nowadays, you have many choices; I listed a few of the best clients here
Ajouter32 - http://www.ajouter32.com

damon - January 17th, 2008 at 12:15 pm PST

Actually, any client is a security risk, who knows what’s in there

Vincent - January 17th, 2008 at 12:24 pm PST

The title of this post is lamely dramatic. Do you need shocking titles to get readers now? I thought this was techcrunch, not perezhilton

Alex Barrera - January 17th, 2008 at 6:15 pm PST

How about linking to the original advisory?

Larry Larrikin - January 18th, 2008 at 6:20 am PST

Typical TechCrunch story. Duncan is going solely for drama and sensationalism to draw an audience, truth be damned. Arrington is incredibly short-sighted to let this happen. He will attract a wider audience but his core, technical audience will move on to something better. I guess he’s thinking he’ll sell out before that happens.

Bali - January 18th, 2008 at 1:47 pm PST

TRUTH LARRY HAVE REASON

Uzumaki - January 27th, 2008 at 11:29 am PST

Most retarded topic I’ve ever seen in my life!!!!!!!!!!!

Name*
Email*
Website
Create a Gravatar for your comments.

Responses (Trackback URL)

Comments

Leave a Reply