uTorrent and Official BitTorrent Client Vulnerable to Remote DOS Attack
Written by enigmax on January 17, 2008Both the official BitTorrent and uTorrent clients are vulnerable to a remote denial-of-service attack, due to the way they handle user-supplied data. Versions found to be vulnerable so far are the official BitTorrent 6.0 client,
uTorrent 1.7.x, uTorrent 1.6.x and uTorrent 1.8-alpha-7834.
Security vulnerabilities in BitTorrent clients are relatively rare, although not unheard of. Luigi Auriemma, a Milan-based security expert, claims to have found a vulnerability in various BitTorrent clients based on the way they handle user-supplied data. The flaw allows an attacker to crash the application, effectively denying service to legitimate users. Code execution is not possible, which means there is little reason for users to panic.
So far, the problem appears to affect these clients:
– BitTorrent 6.0 (build 5535)
– uTorrent 1.7.5 (build 4602)
– uTorrent 1.8 (alpha 7834)
Luigi is reporting that earlier versions of these clients may also be vulnerable and this appears to have been confirmed by the uTorrent team. The problems are confirmed to exist on Windows versions of the software. As yet, Mac and Linux versions of the official BitTorrent client have not been tested.
The bug in detail (from Luigi’s site):
By default both the clients have the “Detailed Info” window active with the “General” section visible in it where are reported various informations about the status of the torrent and the trackers in use.
In this same window near “General” there is also the “Peers” section which is very useful since it showes many informations about the other connected clients like the percentage of availability of the shared torrent, their IP address, country, speed and amount of downloaded and uploaded data and moreover the version of their client (like “BitTorrent 6.0″, “Azureus 3.0.3.4″, “uTorrent 1.7.5″, “KTorrent 2.2.4″ and so on).
When this window is visualized by the user the unicode strings with the software versions of the connected clients are copied in the relative static buffers used for the visualization in the GUI through the wcscpy function.
If this string is too long a crash will occur immediately or in some cases (like on BitTorrent) could happen later or when the user watches the status of another torrent or leaves the “Peers” window. Code execution is not possible.
For exploiting the problem is enough that an external attacker connects to the random port opened on the client and sends the long client version and the SHA1 hash of the torrent currently in use and watched
on the target. Note that all these parameters (client IP, port and torrent’s hash) are
publicly available on the tracker.
The uTorrent team state the flaw affects all older uTorrent versions 1.6 and 1.7.x. too but have been quick to respond, releasing a new build – uTorrent 1.7.6 (build 7859) which has fixed the issue.
It can be downloaded here.
Previously: The Pirate Bay: Demonoid is Welcome in Sweden
Next: Director of ‘The Nines’ Talks to TorrentFreak About Piracy
116 Responses
everybody uninstall utorrent!
[quote comment="265678"]everybody uninstall utorrent![/quote]
why ??? there is a fix now :)
Is there any good alternatives to uTorrent? I still use 1.6. Azureus is the one most say to use but I found it to have a shitty UI and be a resource hog.
A normal crash bug? Is that what they are calling a vulnerability these days?
These “security experts” are getting desperate. Hyping a normal crash bug to make it sound like it is an actual security vulnerability.
[quote comment="265687"]A normal crash bug? Is that what they are calling a vulnerability these days?
These “security experts” are getting desperate. Hyping a normal crash bug to make it sound like it is an actual security vulnerability.[/quote]
they call that crash bug “security vulnerability” cause the attacker can crash uTorrent almost non-stop :P
Fban, the alternatives are bitcomet, halite, and torrent swapper.
Bitcomet is full of ads and cheats the system, but it works ok.
Halite is extremely minimalistic. It lacks some important features
Torrent swapper lacks DHT and encryption, and it’s kind of unstable.
Also, a lot of download managers support the basics of bittorrent.
I use Azureus, but my second choice would probably be halite.
rtorrent ^^
[quote comment="265686"]Is there any good alternatives to uTorrent? I still use 1.6. Azureus is the one most say to use but I found it to have a shitty UI and be a resource hog.[/quote]
utorrent has a great UI and uses very little resources. What’s the problem?
theymos, and then there is µTorrent, still the very best client of them all.
uTorrent is closed source, thats the problem.
rTorrent can do everything uTorrent can, with even less resources, and has better webinterfaces.
I don’t get it, so the ‘attacker’ shuts utorrent, maybe even permanently or continuously… big whoop!
Can they use the flaw to steal your money or your identity? Can they fry your pc?
If that’s the case then I’m changing right now, but if not, what’s the big deal? I don’t know anything about this stuff…
wtf yesterday night i had hard time getting 1 of my torrent uploaded (wouldnt connect even thou 10-18 peers were trying to download it)
and later on i did something and my uttorent crashed and it asked me if i wanted to reload utorrent or close it.
after reloading all the torrents needed to be rechecked if it was there.
Strange shit
http://en.wikipedia.org/wiki/Comparison_of_BitTorrent_software
Azureus is a joke. µTorrent 4 life.
Conspiracy Theory 101
This is probably a ploy, whether true threat or not, to make you upgrade so they can moniter you even more with the newer version.
I use 1.6.x because it’s the last version released before uTorrent was purchased.
Whether my theory is correct or not. I smell something fishy and I won’t be upgrading my uTorrent.
Just my 2 cents.
Well I have to say your 2 cents doesnt make too much sense, they arent MAKING you upgrade, you really dont understand this whole concept.
utorrent is a free program and they dont give a shit if you use the latest or not, they have found it to have a what I would call a BUG, since I dont see it as security issue but I guess technically it is. So they patch it and continue to build on there very good program. It the same as thousands of very good programs like Firefox. You can use version 1.0 if you can find it, but that would be your dumb ass decision.
Being closed or open has no bearing on the fact that Utorrent is the best client for most people. Smallest footprint, totally portable, webUI (think it’s still in beta) DHT, encryption, rss.
There’s no reason not to use utorrent really, unless you are completely happy with your current client.
This is a small bug, nothing to be worried about, and it’s hardly opening you to DoS, as it’s merely crashing your BTclient, which you can easily fix.
@TheOneX,
that’s exactly what happenes when your torrent client crashes. Since it didn’t properly exit, it has to rehash the file when it restarts. This is the main reason bittorrent doesn’t suck is because of that built in hash check, your download can not get corrupted, as the client checks your data against the hash and redownloads anything that might not fit.
This is why if you crash with downloads going, utorrent will ‘check’ the files you had going, and depending on file size and number of downloads, this can take awhile. You can technically force it not to check the has, but this is bad as you’ll end up seeding corrupted pieces to other clients.
They’ll recieve a warning along the lines of ‘Piece failed hash check redownloading.’
Your crash had nothing to do with this bug.
@blank
rofl
1.6.1 is released by BitTorrent Inc.
1.6 is the last version by Ludde…
But then again as you said you are purely going by your sense of smell which obviously has nothing to do with the internet… you actually have no freaking clue what you are talking about, do you? Wireshark is probably only a combination of two normal words for you right?
If you want any prove that the µTorrent developers care AND that a closed source project DOES have its advantages this problem was fixed within a day. And the last serious issue (Misreporting >4GB torrent stats & LPD ignoring private flag) was also fixed within days of its detection.
Also the last 14 months have seen more active development and more feedback by the BitTorrent, Inc. then the 14 months before that by Ludde.
Don’t trust µTorrent (or any client for that matter) blindly. But they obviously don’t deserve the prejudice and distrust that some people are throwing around.
Another great bittorrent client is Deluge. There are versions for all operating systems. It has a built in browser through a proxy and it seems to have very good encryption. Anyone else using it?
Thanks for the info, also beware isohunt, they are heavily monitored by CRIAA , and since there servers are in Canada. Just watch out
i think BitLord is cool!
God Bless Azureus :D
anyone from norway here?or just any information. does the isp here monitor our downloads?do they redflag you if they monitor you downloading torrents?
@Critterish
I agree to not use IsoHunt, but only becasue mininova is better.
There servers are not tracked by any organisation, and file sharing (apart from for commercial purposes) is legal in Canada.
In regards to this issue, I have this tale to offer.
Recently, my uTorrent has been frozen when I wake up in the mornings. I have access to the Start menu, but PC won’t shut down. I end up having to manually soft-shutdown the PC and restart.
I implemented the lvlord 4226 patch and that seemed to take care of it for a bit, but it’s back. This morning, again I was having to manually shutdown/restart the PC.
Now, this issue in this article sounds suspiciously like my issue.
Im XP SP2 and I am using uTorrent 1.7.5.
Anyone else having these issues? I was gonna recover shortly, but I read this article and it seemed to fit my issue. Pls reply.
[quote comment="265785"]i think BitLord is cool![/quote]
BitLord, as I understand it is a clone of BitComet. I don’t use that client as it is banned by MANY trackers. You just won’t connect a lot of the time.
for the last godd*mn time:
UTORRENT DOES NOT MONITOR WHAT YOU DOWNLOAD, IT DOES NOT REPORT TO ANY SERVERS WHAT YOU’RE DOING.
God people are idiots. Mostly tracker admins. STOP INSTILLING THE FEAR.
I will never understand why people keep spreading that sh*t. Independent sources even PROVED that it doesn’t do that. Maybe there needs to be a TF article about it so people would quit it?
yup
all that can happen is that the application crashes, right? why worry?
[quote comment="265872"]all that can happen is that the application crashes, right? why worry?[/quote]
crash over and over and over again
thats why you must download uTorrent 1.7.6 with the FiX :P
[quote comment="265784"]Thanks for the info, also beware isohunt, they are heavily monitored by CRIAA , and since there servers are in Canada. Just watch out[/quote]
Haha. Critterish, you’re an idiot.
good, fuck bittorrent inc
Any recommends on the best client for Ubuntu? About to make the switch and was recommend uTorrent with Wine.
(Currently have uT 1.6 w/ XPSP2)
And Azureus is a no! Wasted resources… etc. (although the Sudoku plugin was nice).
Until my µTorrent crashes, which it has not for the last few YEARS, and probably will not happen the coming month, I will not upgrade.
By the way, if this update is so important, why is it not available through the auto-update service within µTorrent? I’ll wait for that. I see no real danger or hurry here.
Bunch of paranoids. Not EVERYONE is out to get you, you know?
How the hell did this bug get in there in the first place?
peer_id is specified as exactly 20 bytes, and is sent at the end of the handshake.
The handshake is as follows:
1 byte length prefix
xx bytes protocol string
8 reserved bytes for flags
20 byte info hash
20 byte peer_id
After that, it switches to length prefixed messages, where the length is a 4 byte number.
Allowing an arbitrary number of bytes for peer_id will throw out the rest of the communication as the client doesn’t know where the length prefixes are.
If this kind of basic mistake is being made, then who knows what other suprises are in the code.
[quote comment="265892"]Any recommends on the best client for Ubuntu? About to make the switch and was recommend uTorrent with Wine.
(Currently have uT 1.6 w/ XPSP2)
And Azureus is a no! Wasted resources… etc. (although the Sudoku plugin was nice).[/quote]
Try rTorrent http://libtorrent.rakshasa.no/
There is no pointer for a Win32 or x64 download of rTorrent, even. Even if it WAS good software, those who maintain their website are complete idiots then. (And obviously don’t want it to become appreciated and mass used software.)
Sorry, like I wrote earlier:
I see no reason whatsoever to change my µTorrent version yet. It has not crashed or frozen on me once in the years I’m using it. Until it does, I will not upgrade.
thx for the info, got the new version.
someone write a definitive article about the 1.6 vs 1.7.x story, where people are afraid since utorrent went closed source and signed up with the federales or whatever….
This sounds like more fear mongering bullshit to me.
Show me proof.
[quote comment="265912"]How the hell did this bug get in there in the first place?
peer_id is specified as exactly 20 bytes, and is sent at the end of the handshake.
The handshake is as follows:
1 byte length prefix
xx bytes protocol string
8 reserved bytes for flags
20 byte info hash
20 byte peer_id
After that, it switches to length prefixed messages, where the length is a 4 byte number.
Allowing an arbitrary number of bytes for peer_id will throw out the rest of the communication as the client doesn’t know where the length prefixes are.
If this kind of basic mistake is being made, then who knows what other suprises are in the code.[/quote]
not the peerid, friendly version name can be sent through extended messaging protocol
[quote comment="265946"]This sounds like more fear mongering bullshit to me.
Show me proof.[/quote]
http://aluigi.org/poc/ruttorrent.zip
run in CMD :) and uTorrent 1.7.5 , read the info printed in the CMD :)
this dumb. me keep 1.7.5. me no scared. me only scared of eclipse and fire. no scared of bug. i eat bug.
Many users do not realize that this exploit can be use by anti-piracy organizations to stop users from downloading by crashing the BitTorrent client
I personally recommend downloading the updated version of uTorrent or using any other client that does not get affected by this problem to keep you on the safe side :)
“You are posting comments too quickly. Slow down.”
it’s my first comment in ages. Looks to me like Wordpress has some more serious issues to look at than µTorrent.
[quote comment="265972"]Many users do not realize that this exploit can be use by anti-piracy organizations to stop users from downloading by crashing the BitTorrent client
I personally recommend downloading the updated version of uTorrent or using any other client that does not get affected by this problem to keep you on the safe side :)[/quote]
I welcome any exploiter to crash my client. There is no reason to be on any safeside until it actually happens. Ever heard of PeerGuardian?
All of should use BitTornado and it does not have any flaws, it is safe.
To: Superior1
Stubborn as a mule dumber then a rock
i have nothing more to say to you :)
money is a form of slavery
those who control money control you
good for the few who prints it
bad for the majority who has to bust their butt to receiveworthless currency.
What’s the thrill of shutting uTorrent down on someone? I don’t get hackers sometime.
Some of them mean well, this I know, but most are just assholes, doing such things to make up for haveing a small penis, or being beat up high school. That’s got to be the reason, because I can’t see any other purpose. THere is no other reason to do such thngs, than to make up for ones own short commings. The thing is, nobody knows who they are ,and when they walk outside their parents basement, their still a samll penis haveing dork.
As much as I love uTorrent, I will NOT use any version past build 474 (v1.6), as that was the last version before Bittorrent.inc (& their MPAA buddies) bought Ludde out.
Make of my observation what you will…
Must have got hold of me more than once… Hogs resources until it crashes, while the up and down speeds are slow. Oh well.. I will continue to use u torrent! Just hope nothing more serious happens because of this. Announcing to the world about this problem really doesn’t help :/
Must have got hold of me more than once… Hogs resources until it crashes, while the up and down speeds are slow. Oh well.. I will continue to use u torrent! Just hope nothing more serious happens because of this. Announcing to the world about this problem really doesn’t help :/
Yeah, Wordpress sometimes glitches me out on my first-comment-of-the-day too; eh TF – is there a patch out for it or something? Maybe other sites have complained about this problem?
I love this site, by the way;
single best torrent/p2p news site online!
There is an exploit to execute code in conjunction with this.
Also What.cd will be banning all previous versions of uT within 48hours. Its a matter of protecting the swarms and forced updating is the only way, everyone is too paranoid to update if they have a choice.
[quote comment="266003"]As much as I love uTorrent, I will NOT use any version past build 474 (v1.6), as that was the last version before Bittorrent.inc (& their MPAA buddies) bought Ludde out.
Make of my observation what you will…[/quote]
I will take you up on that then.
You’re a braindead lemming. Provide REAL proof of your claims or take them elsewhere
http://torrenthelp.depthstrike.com/2007/07/utorrent-171-and-all-claims-about.html
how convenient, now everyone will be using the BITTORRENT INC utorrent client
[quote]As much as I love uTorrent, I will NOT use any version past build 474 (v1.6), as that was the last version before Bittorrent.inc (& their MPAA buddies) bought Ludde out.[/quote]
1.6.1-beta-build-483 is the last utorrent release prior to the transfer.
[quote comment="265725"]rTorrent can do everything uTorrent can, with even less resources, and has better webinterfaces.[/quote]
Everything… Except run on windows.
I think this exploit was being used already. When using a public torrent site for torrents, there were times when one by one, ALL my torrents (from both public and private sites) would “go red” with indicated tracker problems. However, since these were on several different trackers, I suspected something was up. This was just before Media Defender was exposed.
I would then reboot and change the listening port and all would be well for a short time (all going green)… and then soon all would go red again. I think a “bot” was using this exploit to crash (overload) uTorrent v 1.6.
If I only used torrents from private torrent sites… no problem. But using selected torrents from the public site would generate this condition repeatedly.
So, I stopped using public site torrents and don’t have this problem. If your client has all torrents (from different trackers) go red, try not using torrents from public sites.
[quote comment="265966"]not the peerid, friendly version name can be sent through extended messaging protocol[/quote]
Thanks for that, I was wondering how it was possible for this to not have caused serious problems earlier.
Assuming they are using azureus messaging, isn’t that spec just a little off the wall in allowing 4 bytes for the length indicator for the message type name?
A 2GB name for a message is complete overkill. Not to mention the fact that it’s signed, which means it’s perfectly valid to tell az or any other client that the name is negative 2GB long.
An unsigned 2 byte int would have been better. 65536 bytes is enough to easily cover any valid name.
fucking FINALLY, a good reason to upgrade. Now all the dumbasses who think uTorrent 1.7 “spies” on you and reports your activity to the RIAA can shut the fuck up.
DOS attacks are illegal but if someone like Media@ssDefenders use it to prevent p2p file-sharing which they view as illegal, no one will try to prosecute them.
However, if a cop does something like an illegal search on a known criminal, the case gets thrown out.
Unfair isn’t it?
If the law can’t punish illegal acts from these RI/MPAA dogs someone with more devastating methods will.
lol, and i was wondering why utorrent was updating today.
Torrent sucks anyway because trackers keep your ip’s…
µTorrent or Azureus or whatever, you can still be a target to make an example…
NewsGroups FTW and IRC FTW !!!
…Fuck the Rest…
[quote comment="266126"][quote comment="266003"]As much as I love uTorrent, I will NOT use any version past build 474 (v1.6), as that was the last version before Bittorrent.inc (& their MPAA buddies) bought Ludde out.
Make of my observation what you will…[/quote]
I will take you up on that then.
You’re a braindead lemming. Provide REAL proof of your claims or take them elsewhere
http://torrenthelp.depthstrike.com/2007/07/utorrent-171-and-all-claims-about.html/quote
Don’t get your panties in a bunch, numbnuts. That URL has fuck-all to do with what I posted. Did I suggest anywhere that I was worried about data-leakage? Erm… no.
If you’re suggesting that after v1.6 Ludde did NOT sell his tech to Bittorrent.inc then you’re actually even dumber than you originally appeared (& I had doubts that that was possible…)
HTH,
HAND,
kthxbai.
zeropaid forums:
Bit Torrent are now affiliated with the big players Warner Brothers for example, and they have signed an agreement to distribute digital content through the Bit Torrent client, what does this mean? basically that uTorrent will be that distribution client at some point in the future, and how long before we see adverts for movies within uTorrent!
I laugh at these uTorrent forum monkeys, always slurping each other & denying the truth. Here’s what Bram & Ludvig had to say on the matter (& posted to your very own fan-forum, DeadUnBright:
“This is Bram Cohen, the creator of the BitTorrent protocol, and Ludvig (Ludde) Strigeus, the writer of µTorrent. Together, we are pleased to announce that BitTorrent, Inc. and µTorrent AB have decided to join forces. BitTorrent has acquired µTorrent[...]”
From the horse’s mouth, folks.
Ludvig sold to Bram. Bram sold to Warner et al.
End of story.
Enjoy. ;D
Ludde, of course, does not owe me or any of us users anything. He provided us with a good, light, efficient torrent client that is probably the best one around. He’s always been very protective of his code, and that bothered me a little, but still, the program is terrific and I welcomed it and used it with no reservations.
The same goes for Bram Cohen. He created BitTorrent, a wonderful technology. Whereas I have absolutely nothing nasty to say about Ludde, I don’t feel the same way about Bram. In interviews, he always comes off as an extremely unpleasant, arrogant person, riding on his Asperger’s power trip pretending he’s such the boy whiz. I could forgive that if it were not for his dealings with this sad, abusive content industry we have to struggle with nowadays, be it regarding intellectual property maximalist agendas that do immense damage to consumers and the public good, be it regarding the absolutely crap content that they’ve been s****g out for a while.
Both Ludde and Bram do not owe me anything. Yet, I feel sad, betrayed, and disappointed in myself for being so naïve. For once believing they were siding with the good guys…that they were striving for something more important than money, that they believed in the power of the disruptive technologies they created to actually disrupt the old industrial forces in content production. I guess I have too much faith in people…
While I salute the initiative to pursue new business models, making a deal with the MPAA is certainly not the way to do it. There will be no innovation, just the same old business models transplanted to the Internet, with a few quirks here and there, backed up by strongly inequal IP laws, which in turn seek to sustain the artificial scarcity of digital content. I should have seen it coming as soon as Bram started arguing against net neutrality…
This is very, very sad, Ludde, this ruining of a beautiful thing. I hate to call anyone a sell out, but hey, you deserve it. I’m not going to name call Bram, since he’s beyond any help, but shame on you, Ludde. Hope you buy yourself something nice.
[quote comment="266264"]Ludde, of course, does not owe me or any of us users anything. He provided us with a good, light, efficient torrent client that is probably the best one around. He’s always been very protective of his code, and that bothered me a little, but still, the program is terrific and I welcomed it and used it with no reservations.
The same goes for Bram Cohen. He created BitTorrent, a wonderful technology. Whereas I have absolutely nothing nasty to say about Ludde, I don’t feel the same way about Bram. In interviews, he always comes off as an extremely unpleasant, arrogant person, riding on his Asperger’s power trip pretending he’s such the boy whiz. I could forgive that if it were not for his dealings with this sad, abusive content industry we have to struggle with nowadays, be it regarding intellectual property maximalist agendas that do immense damage to consumers and the public good, be it regarding the absolutely crap content that they’ve been s****g out for a while.
Both Ludde and Bram do not owe me anything. Yet, I feel sad, betrayed, and disappointed in myself for being so naïve. For once believing they were siding with the good guys…that they were striving for something more important than money, that they believed in the power of the disruptive technologies they created to actually disrupt the old industrial forces in content production. I guess I have too much faith in people…
While I salute the initiative to pursue new business models, making a deal with the MPAA is certainly not the way to do it. There will be no innovation, just the same old business models transplanted to the Internet, with a few quirks here and there, backed up by strongly inequal IP laws, which in turn seek to sustain the artificial scarcity of digital content. I should have seen it coming as soon as Bram started arguing against net neutrality…
This is very, very sad, Ludde, this ruining of a beautiful thing. I hate to call anyone a sell out, but hey, you deserve it. I’m not going to name call Bram, since he’s beyond any help, but shame on you, Ludde. Hope you buy yourself something nice.[/quote]
shut up faggot
back on topic.
RE: the code execution part.
One of our site coders did some testing and he can and has for sure crash and execute code under xp with version 1.6. He has not tested other versions yet.
Too all dip sh!ts out there that believe the government is watching your every move is ludicrous. As of today I did get a auto update from µTorrent to auto update to the latest version. I use it daily and never had any issues with this application. Please everyone take a hit from your bong and smile your not paying for this content losers. Just download and enjoy and seed seed seed.
USA The Smart Ones Don’t Have To Worry
[quote comment="266380"]Too all dip sh!ts out there that believe the government is watching your every move is ludicrous. As of today I did get a auto update from µTorrent to auto update to the latest version. I use it daily and never had any issues with this application. Please everyone take a hit from your bong and smile your not paying for this content losers. Just download and enjoy and seed seed seed.
USA The Smart Ones Don’t Have To Worry[/quote]
There’s something to it, dipsh!t. And the USA is the country with the fewest “Smart Ones” by percentage.
No go screw your AIDS infected whore and pretend yer OK.
[quote comment="266380"]USA The Smart Ones Don’t Have To Worry[/quote]
In fact, the USA’s privacy laws are really, really bad. I would rather say that living in the USA is a reason to worry ;)
But beside that, you’re right: There is no proof of uTorrent being evil. But why should I use a closed-source program (which is, thats a fact, owned by the movie industrie), if there are much better ones, more features with less usage of ressources (rTorrent)?
@68 MediaAttacker, these are hard words, and – i must admit – true, from the point of view of the internet community.
For Ludde, it is clear, that Brem can pay much more than the internet community. Why not stopped uTorrent and get a real good job in the industry? With uTorrent behind, this must be easy. I could live with v1.6.
Why not help to get the p2p protocol a real good one, and help to have a really good open source implementation?
[quote comment="266297"][quote comment="266264"]Ludde, of course, does not owe me or any of us users anything. He provided us with a good, light, efficient torrent client that is probably the best one around. He’s always been very protective of his code, and that bothered me a little, but still, the program is terrific and I welcomed it and used it with no reservations.
The same goes for Bram Cohen. He created BitTorrent, a wonderful technology. Whereas I have absolutely nothing nasty to say about Ludde, I don’t feel the same way about Bram. In interviews, he always comes off as an extremely unpleasant, arrogant person, riding on his Asperger’s power trip pretending he’s such the boy whiz. I could forgive that if it were not for his dealings with this sad, abusive content industry we have to struggle with nowadays, be it regarding intellectual property maximalist agendas that do immense damage to consumers and the public good, be it regarding the absolutely crap content that they’ve been s****g out for a while.
Both Ludde and Bram do not owe me anything. Yet, I feel sad, betrayed, and disappointed in myself for being so naïve. For once believing they were siding with the good guys…that they were striving for something more important than money, that they believed in the power of the disruptive technologies they created to actually disrupt the old industrial forces in content production. I guess I have too much faith in people…
While I salute the initiative to pursue new business models, making a deal with the MPAA is certainly not the way to do it. There will be no innovation, just the same old business models transplanted to the Internet, with a few quirks here and there, backed up by strongly inequal IP laws, which in turn seek to sustain the artificial scarcity of digital content. I should have seen it coming as soon as Bram started arguing against net neutrality…
This is very, very sad, Ludde, this ruining of a beautiful thing. I hate to call anyone a sell out, but hey, you deserve it. I’m not going to name call Bram, since he’s beyond any help, but shame on you, Ludde. Hope you buy yourself something nice.[/quote]
shut up faggot[/quote]
Wow! Your scathing riposte must have MediaAttacker bawling like a little baby!
either that, or laughing like a drain at your utter lack of clue.
Fucktard dolt…
perhaps it’s on principal…
why support a client that is owned by The Man…
I still take my warning with karspersky internet security 7 about that Dos thing.And this one is 1.7.6 utırrent.So they couldn’t fix it??
So everyone has to install 1.7.6 and that’s all
[quote comment="265808"]anyone from norway here?or just any information. does the isp here monitor our downloads?do they redflag you if they monitor you downloading torrents?[/quote]
No. Your isp do neither monitor nor track your behaviour on the web.
But they might, if they’d like to.
They dont care what you do as long as you pay their overcharged bills for the slowest bb on the northern hemisphere….
[quote comment="265892"]Any recommends on the best client for Ubuntu? About to make the switch and was recommend uTorrent with Wine.
(Currently have uT 1.6 w/ XPSP2)
And Azureus is a no! Wasted resources… etc. (although the Sudoku plugin was nice).[/quote]
Been using ktorrent for several months, it’s light on resources and similar to utorrent, with the added kick & ban like azureus.
I also use KTorrent and like it as it reminds me of uTorrent (i.e., the interface).
I highly suggest it for those that are using Linux.
Currently I am using KTorrent under Linux Mint 4.0 and have no issues with it.
I should point out that it has a built-in “plug-in” that can use the PeerGuardian list and it also supports encryption and it works well for me as I use Comcast as my ISP.
[quote comment="265740"]Conspiracy Theory 101
This is probably a ploy, whether true threat or not, to make you upgrade so they can moniter you even more with the newer version.
I use 1.6.x because it’s the last version released before uTorrent was purchased.
Whether my theory is correct or not. I smell something fishy and I won’t be upgrading my uTorrent.
Just my 2 cents.[/quote]
And mine. We have 4 cents now. If this keeps up, we’ll have a slurpee in no time..
rtorrent ftw.
From uTorrent developer “It didn’t effect the 1.6 line.”.
Source: http://forum.utorrent.com/viewtopic.php?pid=298736#p298736
I have now tried ruttorrent “exploit” on my µTorrent 1.6.1 (490), and no crash. It is NOT affected. Please edit article :)
[quote comment="266254"]
Don’t get your panties in a bunch, numbnuts. That URL has fuck-all to do with what I posted. Did I suggest anywhere that I was worried about data-leakage? Erm… no.
If you’re suggesting that after v1.6 Ludde did NOT sell his tech to Bittorrent.inc then you’re actually even dumber than you originally appeared (& I had doubts that that was possible…)
HTH,
HAND,
kthxbai.[/quote]
Ok, here’s the real counter then (two of the first three hits for “MPAA BitTorrent Deal” on google):
http://www.news.com/2100-1032_3-5967750.html
http://www.boingboing.net/2005/11/22/mpaa-bram-cohen-anno.html
There’s no more to the deal than anything that google has for its indexing system.
For users like you, I see too much tinfoil and not enough research.
[quote comment="266208"]Torrent sucks anyway because trackers keep your ip’s…
µTorrent or Azureus or whatever, you can still be a target to make an example…
NewsGroups FTW and IRC FTW !!!
…Fuck the Rest…[/quote]
Oh dear, yet another deluded smart-ass! Like IRC and usenet servers do NOT keep IPs. Get a clue, and dream on.
[quote comment="265985"]To: Superior1
Stubborn as a mule dumber then a rock
i have nothing more to say to you :)[/quote]
Actually, I’m a lot smarter than you ever will be.
I tried the proof of concept myself, and I can tell you that my uTorrent 1.6.1 is still running.
[quote comment="266262"]zeropaid forums:
Bit Torrent are now affiliated with the big players Warner Brothers for example, and they have signed an agreement to distribute digital content through the Bit Torrent client, what does this mean? basically that uTorrent will be that distribution client at some point in the future, and how long before we see adverts for movies within uTorrent![/quote]If that were to happen, users would switch clients immediately.
Also, on a sidenote;
[quote]Raiders wrote:
What’s the thrill of shutting uTorrent down on someone?[/quote]
Exactly. There is none. There are no systems to be taken over using this bug. And as for some TRUE statistics regarding this ‘problem’:
Being a co-admin of a 40000+ active members torrent community I can state that of the 79% in this community that are (still) using µTorrent 1.7.5, not one, I repeat: NOT 1 complaint about a freeze of crash of their client has been seen or reported yet. 3% has already updated (thanks to the autoupdate feature) to 1.7.6
This is all one big panic for (as far as I can see) an overhyped non-issue.
1.6.1 FTW
Found some info on uT/rt extended messaging and put something together in php.
1.7.x versions are definately crashable, 1.6.x are not as they do not display the version info sent in the extended messages.
Version info of 10,000 bytes in length seems to work well. At 20,000, 1.7.2 was complaining of invalid packet length.
Some info regarding 1.6.x being vulnerable to shellcode execution has been making the rounds of site admins, but that exploit is a seperate issue and relies on uploading a malicious torrent (POC on milw0rm). Sites that clean the uploaded torrents, or don’t allow public uploads should be fine allowing 1.6.x versions.
Utorrent has a fix…
Still on 1.6.1 but might upgrade if I notice a crash.
iuse 1.6
i’d like to send a big fuck-you to the TF crew. thanks for stirring the FUD pot, again. that makes two things you guys are good at.
(ec – the other being plagiarism)
Maybe People Will think before they take things these people post as valid news stories….
So, when do we see a retraction statement on the incorrect things in this news release? any honorable news source will fess up to their incorrect reporting…
build 490 is fine
build 489 is fine
build 488 is not fine
build 474 is fine
utorrent, a simple client for simple people.
Azureus FTW!
Azureus – the bulky and bloated client for stone-aged and whale-like people.
[quote comment="267665"]build 490 is fine
build 489 is fine
build 488 is not fine
build 474 is fine[/quote]
You might want to recheck 488.
Here’s what I get:
1.6.1 (488) fine
1.6.1 (489) fine
1.6.1 (490) fine
1.7.0 (3353) bugged
1.7.1 (3360) bugged
1.7.2 (3458) bugged
1.7.3 (4470) bugged
1.7.4 (4482) bugged
1.7.5 (4602) bugged
[quote comment="265740"]Conspiracy Theory 101
This is probably a ploy, whether true threat or not, to make you upgrade so they can moniter you even more with the newer version.
I use 1.6.x because it’s the last version released before uTorrent was purchased.
Whether my theory is correct or not. I smell something fishy and I won’t be upgrading my uTorrent.
Just my 2 cents.[/quote]
I whole-heartedly agree, this issue is 100% B.S.
[quote comment="265892"]Any recommends on the best client for Ubuntu? About to make the switch and was recommend uTorrent with Wine.
(Currently have uT 1.6 w/ XPSP2)
And Azureus is a no! Wasted resources… etc. (although the Sudoku plugin was nice).[/quote]
why i read that bullshit everywhere?
azureus runs 24/7 ony my ubuntu server (which is a low end pc!), uses 0% cpu and seeds hundreds of torrents.
but use whatever you want. i don’t care
[quote comment="265740"]Conspiracy Theory 101
This is probably a ploy, whether true threat or not, to make you upgrade so they can moniter you even more with the newer version.[/quote]
Their change log still listed 1.6.x as vulnerable 5 minutes ago and has now been changed again. There is a battle going on over the change log from the looks of it. The 1.6 claim has been removed at least twice.
One of the coders has repeatedly said 1.6.x is not affected, other people have tested and said it is not.
Funnily enough, a certain employee of bt/ut said he wants people to believe it is affected even though it isn’t.
Make of it what you will.
PS, in the time it took to write this post, the changelog has had the 1.6 claim reinserted.
Seems there’s a change war going on.
http://download.utorrent.com/1.7.6/utorrent-1.7.6.txt
It’s changing every few seconds as someone removes the 1.6 claim and someone else puts it back.
If you read their forums, you can probably guess who.
So let me get this right. It only crashes uTorrent. No real effect on your PC and other programs/software, correct? Because I was going to update, opened 1.7.5, then it crashed. So then I freaked and uninstalled and I got some freaky error message about dr. Watson Postmortem Debug or something.
Freaky-ass shit.
But like I said, it’s not like some kind of malware or anything, right? Just a uTorrent bug?
As far as anyone knows, it only causes a crash so far.
It’s an overflow though, so there’s always the possibility of code execution.
i use utorrent and it has never crashed for me so im not complaning
only one reason i updated to new version older version is banned on most torrent sites now
Other articles are updated as facts emerge, funnily enough this one still spreads misinformation about 1.6.1.
+++ Breaking news: TF bribed by The Enemy to spread FUD! +++
1.6.1 build 490 !!!
http://img211.imageshack.us/img211/9558/f0×8jdoi1.png
1.6.1 build 490 !!!
http://img211.imageshack.us/img211/9558/f0×8jdoi1.png
1.6.1 build 490 !!!!
http://img211.imageshack.us/img211/9558/f0×8jdoi1.png
Help!
How do i use uTorrent.
I have downloaded some films and they are fully downloaded now but how do i watch them and burn then onto a disc?
Please Write Back
[quote comment="266264"]Whereas I have absolutely nothing nasty to say about Ludde, I don’t feel the same way about Bram. In interviews, he always comes off as an extremely unpleasant, arrogant person, riding on his Asperger’s power trip pretending he’s such the boy whiz.[/quote]
No wonder, Bram Cohen is a jew. Now I see why he is arrogant and money is so important to him.
ur all braindead, trhats why almost all private sites have banned the newer utorrents and 1.8x.to many bugs false info to trackers and dummy files sent to utorrent as well. if u google u will also see the mpaa dos have there hands in the cookie jar as well as the govement tapped straight into the main internet lighting speed, so either way or whatever u use ur not safe, so fuck it, use what u want,they will never stop piracy.
ur all braindead, thats why almost all private sites have banned the newer utorrents and 1.8x.to many bugs false info to trackers and dummy files sent to utorrent as well. if u google u will also see the mpaa dos have there hands in the cookie jar as well as the goverment tapped straight into the main internet lighting speed, so either way or whatever u use ur not safe, so fuck it, use what u want,they will never stop piracy.
Utorrent “must speed up”…
I want “more”…
Plazeee!!!!
($_*)…
I WANT TO UNINSTAL UTORENT
6 references to this post
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.