Latest News On uTorrent Urges Users For Immediate Update

TORRENTING SERVICE uTorrent is urging users to upgrade to the latest version of its file-sharing service after its client fell foul to server security flaws.
Google's Project Zero security bug sniffer Travis Ormandy discoveredmultiple holes in the uTorrent client for web and desktop that would have allowed hackers to infect a victims computer with malware or steal data relating to their past downloads.
The crux of the bugs lies in both uTorrent clients exposing an open Remote Procedure Call (RPC) server - such servers are used by programs to request a service from another located on a computer on a different network without the need to understand the network details. Ormandy said hackers can hide commands for the RPC server in web pages and simply need to trick a uTorrent user into accessing the malicious web page.
"By default, uTorrent create an HTTP RPC server on port 10000 (uTorrent classic) or 19575 (uTorrent web). There are numerous problems with these RPC servers that can be exploited by any website using XMLHTTPRequest(). To be clear, visiting *any* website is enough to compromise these applications," he explained.
As Ormandy disclosed the vulnerabilities to BitTorrent, the firm behind uTorrent, in December, the company had plenty of time to create patches to plug the security holes.
Version 3.5.3.44352 for uTorrent Classic, the desktop client, is said to have squashed the bugs, while version 0.12.0.502 for uTorrent Web fixes the flaws.
However, Ormandy wasn't convinced uTorrent Web was properly secured with the update, and thus released his bug findings online.
"The vulnerability is now public because a patch is available, and BitTorrent have already exhausted their 90 days anyway," Ormandy said.
"I see no other option for affected users but to stop using uTorrent Web and contact BitTorrent and request a comprehensive patch. We've done all we can to give BitTorrent adequate time, information and feedback, and the issue remains unsolved."
But BitTorrent said it should have all the bugs Ormandy was worried about squashed this week.
"All users will be updated with the fix automatically over the following days. The nature of the exploit is such that an attacker could craft a URL that would cause actions to trigger in the client without the user's consent (e.g. adding a torrent)," said Dave Rees, BitTorrent's vice president of engineering told The Register.

Comments

Post a Comment

Popular posts from this blog

Check Out The Best Spy Software For Cell Phone In 2018

Picking the best phone spy software can be tricky. There are dozens of excellent phone trackers out there. Fortunately, I'm here to help. I've worked as a private investigator for the past 15+ years. I use phone trackers almost every day. Today, spy apps can be used to track somebody without their knowledge. They're very popular even outside the law enforcement community. Some of the top spy software users are parents. It's a dangerous world out there, and parents want to make sure their kids are safe at all times. Good phone spy software lets you read text messages, track photos, monitor social media, track location data, and even record phone calls. Today's best spy software will record all data online where you - as a concerned parent or spouse - can quietly access it. Some of the spy software on this list can even record ambient noise through the microphone or remotely take a photo using the phone's camera. With that in mind, let's take a loo
Read more

How To Protect Your Data From Ransomware

Unless you avoided reading or listening to the news last year (and with everything going on in the world who can blame you), you no doubt heard reports of ransomware attack after ransomware attack occurring in 2017. This type of hacking issue, where cybercriminals break into individual or company systems and hold data for ransom, is rife right now, and according to one report, actually increased almost ten-fold last year. As such, no matter which industry you work in, and whether you’re an entrepreneur, freelancer, contractor, or employee, it’s imperative to keep all your important information safe from prying eyes, and from downtimes as a result of it being held captive. Read on for some steps you can take to avoid a ransomware attack this coming year. Install Security Software and Firewalls First off, one of the simplest things you can do to protect your data is to install top-quality security software on all the devices you use. There are many different products on the market
Read more

Hardware Zone Forum hit by security breach and profiles affected

Approximately 685,000 user profiles were affected when the HardwareZone (HWZ) Forum website was hit by a security breach, the site's owner SPH Magazines said in a news release on Tuesday (Feb 20). A suspicious post on Sunday prompted an investigation to ascertain whether a security breach had occurred, the news release said. The probe showed that a senior moderator's account had been compromised by an unidentified hacker, and used to access the user profiles since September 2017. "The hacker used the compromised credentials to impersonate the senior moderator to retrieve user profile data which comprised name, email address and user ID, and possible optional data fields," said SPH Magazines. It added that the database of the online tech portal did not contain NRIC numbers, telephone numbers and addresses as these had been purged in line with the Personal Data Protection Commission (PDPC) guidelines in July 2015. As a matter of precaution, forum users were
Read more