• Stop using uTorrent

    Posted on February 22, 2018 at 07:28 CST by Comment in the Forums

    Tavis Ormandy, the gifted gunslinger from Google Project Zero, has a new warning: Stop using uTorrent, both as a program running on your computer, and on the web.

    Günter Born has a good explainer. His take:

    Any files (which are write enabled) could be removed from the victim’s computer. All it takes is to lure the user to a prepared website.

    An interesting side-note, from kuchikir on the Project Zero site says that earlier versions of uTorrent are just fine. Versions from 3.0 onward (according to his/her tests) are vulnerable:

    The torrenting community largely eschews 3.0+ because the only apparent work post-2.2.1 has been to add advertisements, bloating 2.2.1’s 391KB of torrenting perfection into a 1MB+ monstrosity. The last meaningful exploit that wasn’t introduced by these 3.x additions was fixed in version 1.6.1, which was released in 2007. 1.6.1, 1.8.5, 2.0.4, and 2.2.1 are all recommended clients for this nearly unparalleled level of security to go with their stability and performance.

    Ah, progress.

    UPDATE: Vess Bontchev just tweeted

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.