February 25, 2018

Warning To Pirates, Yarrrr!

A few days ago, I found that one of the private trackers I'm part of was firing up red all over my torrent program.  Nothing from that place was responding, but the other trackers still seemed to be working.  Oh crap, have they gone away?  I quickly visited the site, expecting to get a message saying they'd gotten a C&D, or had been DDoS'd into oblivion.  Imagine my surprise when everything seemed to be fine!  I looked in the attached forum and found out what was going on.


I've been using µTorrent for a very long time, long enough that I can't remember if I've ever used anything else.  While it's been updated a gazillion times, I've kept using version 2.2.1 over the years... I gather there's been some adware built into the newer versions?  Anyway, µTorrent has served me very well and faithfully.  And the tracker site, which I've been using for nearly as long as I've used µTorrent, had blacklisted all versions of it.  Apparently there's been a rather unpleasant security flaw discovered in it, and Bittorrent Inc lollygagged on patching it... to the tune of more than 90 days.  When the flaw was announced after three months, Bittorrent finally released a patch that for all intents and purposes, didn't work.  Oh, it broke the exploit, to be sure... but in such a way that it didn't actually fix the flaw.  I'm not a software guy so my understanding may be incorrect, but from what I've read the patch took the metaphorical keypad lock that the exploit used... and moved it six inches to the left.  When the exploit went looking for the keypad lock, it wasn't where it was supposed to be.  Tah-dah, all fixed!  

For, like, an hour.  Then the guy who discovered the flaw in the first place "moved" the exploit and voila, vulnerability still around.  Because of this, and because the patch only "fixed" the newest versions of µTorrent, the private tracker blacklisted it.  As it turns out, the situation is a little more nuanced than that... for example, version 2.2.1 is apparently missing the keypad lock entirely and thus may not be vulnerable. The recommendation from everybody involved that isn't Bittorrent and µTorrent appears to be "move to a different program."  While there are dozens of torrent programs out there, after a hour or two of research, I've decided to move The Pond to qBittorrent.  It's open source, there are no ads involved, the exploit doesn't exist on it, and it appears to operate in a manner that's very familiar to µTorrent users.  While I'd rather continue to use what I'm used to using, oh well.  If you too hoist the black flag, you may want to look into this matter as well.


Posted by: Wonderduck at 04:05 PM | Comments (8) | Add Comment
Post contains 464 words, total size 3 kb.




What colour is a green orange?




23kb generated in CPU 0.63, elapsed 1.6368 seconds.
48 queries taking 1.5158 seconds, 211 records returned.
Powered by Minx 1.1.6c-pink.