February 25, 2018

Warning To Pirates, Yarrrr!

A few days ago, I found that one of the private trackers I'm part of was firing up red all over my torrent program.  Nothing from that place was responding, but the other trackers still seemed to be working.  Oh crap, have they gone away?  I quickly visited the site, expecting to get a message saying they'd gotten a C&D, or had been DDoS'd into oblivion.  Imagine my surprise when everything seemed to be fine!  I looked in the attached forum and found out what was going on.


I've been using µTorrent for a very long time, long enough that I can't remember if I've ever used anything else.  While it's been updated a gazillion times, I've kept using version 2.2.1 over the years... I gather there's been some adware built into the newer versions?  Anyway, µTorrent has served me very well and faithfully.  And the tracker site, which I've been using for nearly as long as I've used µTorrent, had blacklisted all versions of it.  Apparently there's been a rather unpleasant security flaw discovered in it, and Bittorrent Inc lollygagged on patching it... to the tune of more than 90 days.  When the flaw was announced after three months, Bittorrent finally released a patch that for all intents and purposes, didn't work.  Oh, it broke the exploit, to be sure... but in such a way that it didn't actually fix the flaw.  I'm not a software guy so my understanding may be incorrect, but from what I've read the patch took the metaphorical keypad lock that the exploit used... and moved it six inches to the left.  When the exploit went looking for the keypad lock, it wasn't where it was supposed to be.  Tah-dah, all fixed!  

For, like, an hour.  Then the guy who discovered the flaw in the first place "moved" the exploit and voila, vulnerability still around.  Because of this, and because the patch only "fixed" the newest versions of µTorrent, the private tracker blacklisted it.  As it turns out, the situation is a little more nuanced than that... for example, version 2.2.1 is apparently missing the keypad lock entirely and thus may not be vulnerable. The recommendation from everybody involved that isn't Bittorrent and µTorrent appears to be "move to a different program."  While there are dozens of torrent programs out there, after a hour or two of research, I've decided to move The Pond to qBittorrent.  It's open source, there are no ads involved, the exploit doesn't exist on it, and it appears to operate in a manner that's very familiar to µTorrent users.  While I'd rather continue to use what I'm used to using, oh well.  If you too hoist the black flag, you may want to look into this matter as well.


Posted by: Wonderduck at 04:05 PM | Comments (8) | Add Comment
Post contains 464 words, total size 3 kb.

1 Mew-torrent shenanigans, again? Oof.

When I do need to torrent something nowadays I let my NAS device do the heavy lifting (via an app). It's always on, while my computer isn't. Living in the future is fun, sometimes!

Posted by: GreyDuck at February 26, 2018 08:39 AM (h8yX6)

2 Try qBit....

Oh, nevermind.

Posted by: Ben at February 26, 2018 06:07 PM (h8yX6)

3 I'm using Bittorrent 2.2.1. The problem I have is that I like to use the label feature to organize my files by what I'm viewing, collecting or have watched, and migrating THAT info would be a major pain in the butt.

Doesn't help either that my usual torrent listing site has apparently fallen out of favor so a lot of things aren't listed on it, and other sites only cater to a couple of circles.  

Posted by: Mauser at February 26, 2018 10:40 PM (h8yX6)

4 When I saw the news I thought, shit, have to update that right away - then realised I uninstalled uTorrent about three years ago.  On Deluge now, though I hear good things about qBittorrent too.

Posted by: Pixy Misa at February 27, 2018 12:11 AM (h8yX6)

5 On the non-piratical side, any chance of reviews from watching Grand Prix Driver on Amazon Prime?

Posted by: Suburbanbanshee at February 27, 2018 12:52 AM (h8yX6)

6

I have to take a look at qBittorrent, though I have friends who use it and like it.

On a sadder note, the last two weeks make me wish Steven was still around to give his input on current events.

Posted by: cxt217 at February 27, 2018 08:12 PM (h8yX6)

7 And today, BitTorrent just popped up an alert asking me to upgrade to the latest (Feb 25th) version. I declined.  

Posted by: Mauser at March 11, 2018 02:08 PM (h8yX6)

8 And WTF, in the process it reset all my columns and window size.  

Posted by: Mauser at March 11, 2018 02:10 PM (h8yX6)

Hide Comments | Add Comment




What colour is a green orange?




27kb generated in CPU 0.03, elapsed 0.1846 seconds.
49 queries taking 0.1611 seconds, 245 records returned.
Powered by Minx 1.1.6c-pink.