Külföldi torrent oldalak RedActed (PTH) | ReD RED announces uT 3.x ban, 2.x phase out plan

A témát ebben részben 'Torrent oldalak hírei' posztoló hozta létre. Ekkor: 2018. február 24..

  1. posztoló /

    Csatlakozott:
    2016. április 14.
    Hozzászólások:
    17,960
    Kapott lájkok:
    45
    Beküldött adatlapok:
    0
    Recent news has revealed a security vulnerability in all previous uTorrent versions.

    The gist of the vulnerability is two-fold: If you have WebUI enabled, attackers can potentially exploit a remote code execution vulnerability (download and run programs) and/or pull data (passkeys, torrent files, etc) from your client. If you use uTorrent, by default, attackers can exploit it's RPC interface to gain access to your client data (passkeys, torrent files, etc)

    There have been fixes identified for both of these issues. We will include the fixes in the first reply following the news post in the forum. If you are a uTorrent 2.x user, please apply these fixes immediately to protect yourself against future exploits built off this vulnerability. If you are a uTorrent 3.x user, please update to the latest beta version of uT 3.x which has been patched. Alternatively, please explore for a viable alternative.

    Please note that there is also an exploit in Transmission (pre 2.9.3), and although it is more complicated in nature and less serious, we request that you update to 2.9.3 ASAP.

    This brings to the forefront several hard truths. One is the importance of staying up to date on software. While not foolproof, it provides the best chance at staying protected as vulnerabilities are released to developers and, beyond that, the public.

    We recognize (especially for linux distros) that repos are not always current; therefore, the issue is more complicated. Old, outdated clients are being used.

    While there is a fix to the uTorrent vulnerability, there is no way to determine the users who have applied the fix in an effort to stay secure. uTorrent 2.2.1 is one of the most popular torrent clients. Time and time again, it has arguably been one of the best torrent clients. We recognize how many of our long term seeders run thousands and thousands of torrents in this client here and elsewhere.

    The hardest part of this post: all old uTorrent versions will likely need to be phased out. Why? User security is the most important on this tracker. User security always has been and always will be the most important thing to us. We cannot verify if fixes have been applied to uTorrent. This unfortunately puts many Redacted users at risk. If passkeys and torrent files are stolen from a user who did not apply this fix, everyone is at risk. It pains us to have to address this issue, due to the the large number of affected users; however, a large pool amplifies the problem, and since this vulnerability has the potential to affect many users, a phase out will likely occur in the future.

    We will be listening to your feedback to this complicated issue. Please keep things civil and be respectful. Please keep in mind: while you may personally take these precautions and apply necessary fixes, not every user will. This puts users at either end of the spectrum at risk.

    At this time, we are banning all uTorrent 3 versions that are not patched.

    A timeline for phasing out uTorrent 2.x versions will be provided in the near future. Tutorials will be compiled and placed in the Wiki to aid with migration. While uTorrent 2.x is not affected by the security aspects of this vulnerability, we believe that the writing is on the wall for it.

    At this time, we are strongly recommending torrent client updates to the latest version. Older versions of torrent clients may be removed from the Whitelist in the future.

    For example:

    If you are not using the latest rTorrent/libtorrent 0.9.6/0.13.6, you will need to update.
    If you are not using the last revision of qBitorrent 3 (3.3.16) or 4.0.2 and beyond, you will need to update.
    If you are not using at least uTorrent mac 1.8.7, you need to update.
    If you currently use a whitelisted client here that is out date, please assume you need to update.

    Linux distro repos are being considered when the Whitelist is updated (they are often a few minor versions behind). We will also be mindful of common seedbox providers. If you want to see a client whitelisted, you may create a request in the forums here.

    Please be aware that a large amount of thought was put into this decision. By no means was it an easy one. Time spent adjusting on both ends is unfortunate, but nothing is more important than your security.