Comments on: KTorrent Web Interface Vulnerable to Remote Takeover

By: Bit Torrent Vs Apple The Battle For Your Video Downloads | Movies Blog

Bit Torrent Vs Apple The Battle For Your Video Downloads | Movies Blog — Wed, 11 Mar 2009 05:11:00 +0000

[...] KTorrent Web Interface Vulnerable to Remote Takeover | TorrentF&… [...]

By: Linux User

Linux User — Sat, 07 Mar 2009 12:30:08 +0000

Just don’t use web interface plug-in and all is well with no need to upgrade. Time to go back to sleep now.

Oh and for the windows trolls, keep being paytards Steve Ballmer just loves your money and the Black Hats love your OS as it has all the security of a Sri Lankan Cricket Team escort

By: anon

anon — Tue, 03 Mar 2009 07:08:23 +0000

And this is news? This has been reported and fixed for ages.

By: Lars

Lars — Mon, 02 Mar 2009 13:36:48 +0000

In the article it states, “Versions affected by this issue are 2.2.8 and earlier”. However, the security warning in question affects “versions <= 2.2.8″. So, 2.2.8 is not at risk according to the security warning link and according to this bug report.

http://bugs.gentoo.org/show_bug.cgi?id=244741

By: janet

janet — Mon, 02 Mar 2009 02:41:39 +0000

it is wrong for a man have a rich woman or a woman have a wealthy man?It is an absolutely extramarital relationship. but more and more services come out on

Internet focusing on this kind of relationship.such as__S e e k r i c h . c o m___it’s the biggest dating site for wealthy and successful people.

By: pclinuxos

pclinuxos — Sun, 01 Mar 2009 15:55:20 +0000

well, ktorrent is not the only torrent client for linux (transmission, deluga, azureus, etc.).
linux’s default user is not root[not like w.....s], so i don’t think this is really a big security issue.

By: Diego

Diego — Sun, 01 Mar 2009 09:44:16 +0000

>Written by enigmax on February 28, 2009

> admin – Mon, 10/20/2008 – 18:47
> 3.1.4 released
> Several security issues in the webinterface plugin

You’re only more than 4 months late!

By: Rage

Rage — Sun, 01 Mar 2009 06:58:39 +0000

@20:
The article refers to versions 2.2.8 and earlier. The latest version is 3.2

By: fleshTH

fleshTH — Sun, 01 Mar 2009 05:19:59 +0000

I’m slowly getting myself into linux, and i hate KDE, but for the record… this is a good article. I know of many users who are switching to ubuntu linux and use KDE (i know, that is kubuntu) because some dumbass told them it was better than gnome. However, these people were windows users and aren’t that great at working in linux yet. Also, did you read? there is no update yet, the best course of action is to disable the plugin. really people, get off your high horse.

By: rioting_pacifist

rioting_pacifist — Sat, 28 Feb 2009 21:33:16 +0000

apt-get update; apt-get upgrade and forget (other commands are available).

its a shame that the webapplet has been desgined badly but if you have an unsecured web server running you cant really expect much better
( even without this exploit you can upload a torrent containing a script called .xinitrc containing rm -fr ~/ to ~ and theres not much you can do)

perhaps some of the new kernel tricks can be employed in latter versions to drop ktorrent rights to only access certain directories ( and never set a +x bit) but the sensible thing would be to never have unsafe services open to unsecured connection (if your behind a closed firewall your prety safe even with the exploit)

By: ubuntu

ubuntu — Sat, 28 Feb 2009 17:53:03 +0000

@ #10 scrilla

“who cares? ktorrent is one of those crappy clients that the amatuers and wannabe hackers that use the inferior Linux OS use.”

“Real torrenters use Windows and leave the noobs to the Linux! :)”

Hahahahaha. I bet you are one of those that turn off Vista UAC and use uTorrent with administrative privileges.

By: jcidiot

jcidiot — Sat, 28 Feb 2009 16:40:32 +0000

*tpb

By: jcidiot

jcidiot — Sat, 28 Feb 2009 16:39:58 +0000

well, it gets pretty boring between the rpb trials….

By: author is an idiot

author is an idiot — Sat, 28 Feb 2009 15:15:19 +0000

^ ^ ya, ya I misspelled flash, get over it….

By: author is an idiot

author is an idiot — Sat, 28 Feb 2009 15:14:14 +0000

*** NEWS FLAH!! ***

Program vulnerability in windows xp service pack 1!!!

All people with the latest version of windows xp service pack 2 and up will not be affected by this bug.

Pretty stupid huh? I guess the author of this ‘piece’ (pos that is) needs to stop smoking so much pcp before attempting to write articles.

By: Gretta

Gretta — Sat, 28 Feb 2009 14:33:32 +0000

This article is really non-newsworthy:

1. A tiny portion of BT users run ktorrent.

2. Ktorrent is Linux based meaning users keep up to date with security issues because they are technically adept.

3. Ktorrent doesn’t run with root priviledges by default – meaning any hacks pulled off with this vulnerability are pointless.

4. Linux has an aplication manager that updates applications

Seriously – what gives?

By: Elonoir

Elonoir — Sat, 28 Feb 2009 10:38:52 +0000

>”Yay for an operating system that had a kernel bug for 10 years.”

Just to be sure for if you are bashing Linux to ‘enlighten’ windows: You know MS Windows probably has bugs in there for 20years that won’t ever get fixed right?

Just for the sake of letting you know: I currently run Windows XP.

And really: Never mind, never feed the troll monkey.

By: linuxnonfanboy

linuxnonfanboy — Sat, 28 Feb 2009 10:28:45 +0000

See, there was a point behind having to elevate privileges 90% of the time to function normally. Now you won’t get effected by this type of attack. Yay for an operating system that had a kernel bug for 10 years.

By: scrilla

scrilla — Sat, 28 Feb 2009 10:04:29 +0000

who cares? ktorrent is one of those crappy clients that the amatuers and wannabe hackers that use the inferior Linux OS use.

Real torrenters use Windows and leave the noobs to the Linux! :)

By: Anonymous

Anonymous — Sat, 28 Feb 2009 09:29:57 +0000

“K What???Do people really use this???”

Yes, it’s a good torrent client for KDE.