Comments on: Soulseek P2P Application Vulnerable to Remote Takeover http://torrentfreak.com/soulseek-p2p-application-vulnerable-to-remote-takeover-090530/ Torrent News, Torrent Sites and the latest Scoops Sun, 22 Nov 2009 17:03:18 +0000 http://wordpress.org/?v=2.8.3 hourly 1 By: Chiquitin http://torrentfreak.com/soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-567466 Chiquitin Mon, 08 Jun 2009 07:28:38 +0000 http://torrentfreak.com/?p=13583#comment-567466 It's visible again. http://forums.slsknet.org/ipb/index.php?showtopic=24110 It’s visible again.

http://forums.slsknet.org/ipb/index.php?showtopic=24110

]]> By: Chiquitin http://torrentfreak.com/soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-566758 Chiquitin Sat, 06 Jun 2009 09:32:21 +0000 http://torrentfreak.com/?p=13583#comment-566758 Edit: the topic was made invisible as suggested by Laurent Gaffié. Edit:

the topic was made invisible as suggested by Laurent Gaffié.

]]> By: Chiquitin http://torrentfreak.com/soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-566757 Chiquitin Sat, 06 Jun 2009 09:29:30 +0000 http://torrentfreak.com/?p=13583#comment-566757 It's fixed. The first patch was on the server side, the remaining issue on the client side is now also patched, so, "updateslsk", you're wrong. And "/usr/local/dick", as explained, the topic was make invisible as suggested by the Laurent Gaffié. http://forums.slsknet.org/ipb/index.php?showtopic=24181 It’s fixed. The first patch was on the server side, the remaining issue on the client side is now also patched, so, “updateslsk”, you’re wrong. And “/usr/local/dick”, as explained, the topic was make invisible as suggested by the Laurent Gaffié.

http://forums.slsknet.org/ipb/index.php?showtopic=24181

]]> By: /usr/local/dick http://torrentfreak.com/soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-566691 /usr/local/dick Fri, 05 Jun 2009 18:06:21 +0000 http://torrentfreak.com/?p=13583#comment-566691 After responding to a worried user last week on the SLSK forum that he should not use the buggy Windows client software any more until a fix was released, I found out the entire topic had been deleted! The lame developers just do not respond to security reports for almost a year, and only after researcher Laurent Gaffié goes public on FD they suddenly wake up and fix their app. Way to go guys. After responding to a worried user last week on the SLSK forum that he should not use the buggy Windows client software any more until a fix was released, I found out the entire topic had been deleted!

The lame developers just do not respond to security reports for almost a year, and only after researcher Laurent Gaffié goes public on FD they suddenly wake up and fix their app.

Way to go guys.

]]> By: updateslsk http://torrentfreak.com/soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-566454 updateslsk Thu, 04 Jun 2009 17:35:24 +0000 http://torrentfreak.com/?p=13583#comment-566454 A new client as been released patching this issue according to the changelog file : slsknet.org/changelog.html Also it seems that you can still exploit this security hole by sending directly a search query to another peer using another soulseek version than 157 NS 13e A new client as been released patching this issue according to the changelog file : slsknet.org/changelog.html
Also it seems that you can still exploit this security hole by sending directly a search query to another peer using another soulseek version than 157 NS 13e

]]> By: updateslsk http://torrentfreak.com/soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-566452 updateslsk Thu, 04 Jun 2009 17:33:47 +0000 http://torrentfreak.com/?p=13583#comment-566452 A new client as been released patching this issue according to the changelog file : http://slsknet.org/changelog.html Also it seems that you can still exploit this security hole by sending directly a search query to another peer using another soulseek version than 157 NS 13e A new client as been released patching this issue according to the changelog file : http://slsknet.org/changelog.html
Also it seems that you can still exploit this security hole by sending directly a search query to another peer using another soulseek version than 157 NS 13e

]]> By: Soulseek inseguro | Remixtures http://torrentfreak.com/soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-566113 Soulseek inseguro | Remixtures Wed, 03 Jun 2009 06:55:59 +0000 http://torrentfreak.com/?p=13583#comment-566113 [...] o TorrentFreak, a falha foi detectada em Julho de 2008 pelo investigador em segurança informática Laurent [...] [...] o TorrentFreak, a falha foi detectada em Julho de 2008 pelo investigador em segurança informática Laurent [...]

]]> By: Nir Arbel http://torrentfreak.com/soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-566064 Nir Arbel Tue, 02 Jun 2009 23:08:17 +0000 http://torrentfreak.com/?p=13583#comment-566064 It wasn't a fake patch, all major avenues of search have been protected from this kind of abuse. The last remaining avenue has to do with some legacy code, is harder to exploit, and likely to affect a much smaller number of users. A client will be released very soon to prevent this last contingency. It wasn’t a fake patch, all major avenues of search have been protected from this kind of abuse. The last remaining avenue has to do with some legacy code, is harder to exploit, and likely to affect a much smaller number of users. A client will be released very soon to prevent this last contingency.

]]> By: phil http://torrentfreak.com/soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-566043 phil Tue, 02 Jun 2009 21:01:03 +0000 http://torrentfreak.com/?p=13583#comment-566043 Fake patch ! Still works ! http://forums.slsknet.org/ipb/index.php?showtopic=24110&st=0&gopid=270684 Fake patch !
Still works !

http://forums.slsknet.org/ipb/index.php?showtopic=24110&st=0&gopid=270684

]]> By: Bedazzler http://torrentfreak.com/soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-565716 Bedazzler Mon, 01 Jun 2009 17:50:12 +0000 http://torrentfreak.com/?p=13583#comment-565716 let us know if there's update thx let us know if there’s update thx

]]> By: Anonymous http://torrentfreak.com/soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-565708 Anonymous Mon, 01 Jun 2009 17:20:42 +0000 http://torrentfreak.com/?p=13583#comment-565708 all i can say is, that everyone pays ... http://rockimg.com/share-22F0_4A244FF7.html all i can say is, that everyone pays …

http://rockimg.com/share-22F0_4A244FF7.html

]]> By: Jons http://torrentfreak.com/soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-565664 Jons Mon, 01 Jun 2009 15:12:46 +0000 http://torrentfreak.com/?p=13583#comment-565664 With how ungodly often I hear about it, you’d think that programmers would start taking special precautions to make sure it doesn’t happen. http://pdfstack.com/ With how ungodly often I hear about it, you’d think that programmers would start taking special precautions to make sure it doesn’t happen.
http://pdfstack.com/

]]> By: FIRSTMAN http://torrentfreak.com/soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-565573 FIRSTMAN Mon, 01 Jun 2009 04:58:21 +0000 http://torrentfreak.com/?p=13583#comment-565573 F I R S T ! ! ! ! F
I
R
S
T
!
!
!
!

]]> By: Anonymous http://torrentfreak.com/soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-565498 Anonymous Sun, 31 May 2009 18:13:54 +0000 http://torrentfreak.com/?p=13583#comment-565498 yay fixeded!11 yay fixeded!11

]]> By: mirrormagic http://torrentfreak.com/soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-565470 mirrormagic Sun, 31 May 2009 15:34:58 +0000 http://torrentfreak.com/?p=13583#comment-565470 Using spotify now, and happy. But I remember the soulseek days as a slow, but exciting pleasure in a not to distant past. Funny how quick-fast things change lately. Makes me think of Terence McKenna and his singularity concept. Using spotify now, and happy.

But I remember the soulseek days as a slow, but exciting pleasure in a not to distant past. Funny how quick-fast things change lately. Makes me think of Terence McKenna and his singularity concept.

]]> By: phil http://torrentfreak.com/soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-565425 phil Sun, 31 May 2009 11:16:30 +0000 http://torrentfreak.com/?p=13583#comment-565425 looks like it as been patched today ! http://forums.slsknet.org/ipb/index.php?s=&showtopic=24110&view=findpost&p=270519 Maybe having an email like security@slsknet.org would avoid this kind of situation ! looks like it as been patched today !
http://forums.slsknet.org/ipb/index.php?s=&showtopic=24110&view=findpost&p=270519

Maybe having an email like security@slsknet.org would avoid this kind of situation !

]]> By: Anonymous http://torrentfreak.com/soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-565392 Anonymous Sun, 31 May 2009 09:21:56 +0000 http://torrentfreak.com/?p=13583#comment-565392 I can't download anything from Soulseek anymore, it's ruined. I can’t download anything from Soulseek anymore, it’s ruined.

]]> By: q eye http://torrentfreak.com/soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-565361 q eye Sun, 31 May 2009 02:17:53 +0000 http://torrentfreak.com/?p=13583#comment-565361 Sounds FABuLoUs darling ! Sounds FABuLoUs darling !

]]> By: Anonymous http://torrentfreak.com/soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-565351 Anonymous Sun, 31 May 2009 01:05:25 +0000 http://torrentfreak.com/?p=13583#comment-565351 Oops! @34 Yep, the key word being "most" of the time and that is why people pay other people to revise their work after they finished writing, at least those who can afford to do it which I think Soulseek can’t because it’s not opensource, it’s a closed source app. Oops!

@34
Yep, the key word being “most” of the time and that is why people pay other people to revise their work after they finished writing, at least those who can afford to do it which I think Soulseek can’t because it’s not opensource, it’s a closed source app.

]]> By: Anonymous http://torrentfreak.com/soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-565350 Anonymous Sun, 31 May 2009 01:01:39 +0000 http://torrentfreak.com/?p=13583#comment-565350 @32: Yep, that is why people pay people to revise their work after they finish writing at least those who can afford to do it which I think soulseek can't because it's not opensource it's a closed source app. @32:

Yep, that is why people pay people to revise their work after they finish writing at least those who can afford to do it which I think soulseek can’t because it’s not opensource it’s a closed source app.

]]>