One of the novelties in the new uTorrent release was uTP, a new and improved implementation of the BitTorrent protocol which is designed to be network friendly. Critics, however, have labeled the new release as unfair, which has resulted in the client being banned from several private BitTorrent trackers.

The critique was aimed at the new uTP protocol which causes uTorrent to favor its own kind when networking. This means that when connecting to other clients, uTorrent users will give preference to other uTorrent users.

Earlier this week BitTorrent Inc., the company behind uTorrent, open sourced the uTP protocol so other developers can make their clients uTorrent compatible. Although not all developers are equally excited about uTP, Ktorrent has already upgraded its client to support uTP with its new 4.0 release.

“Several KTorrent users asked for it, and it seemed like an interesting feature to add,” KTorrent developer Joris Guisson told TorrentFreak in a comment.

To our knowledge, KTorrent is the first client outside BitTorrent Inc. to implement uTP support. With uTP, KTorrent will be more network aware as it will throttle itself if congestion is detected in the network. In theory, this should eliminate the need for ISPs to throttle BitTorrent traffic, while KTorrent users should see less interference with other local applications.

Aside from adding uTP support the latest KTorrent release also adds support for magnet links, a feature that was pushed by The Pirate Bay and has now been implemented by all the prominent BitTorrent clients. The full KTorrent changelog can be found at the official website.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

One feature, however, is posing a security threat to the user. According to a security alert, multiple serious vulnerabilities have been found in the client.

With a severity rated as ‘High’, the vulnerabilities are to be found in the client’s web interface plugin. Since the plugin does not successfully restrict access to the clients torrent upload functionality and fails to sanitize request parameters, it is vulnerable to exploitation.

The flaws can allow a malicious remote attacker to send specially crafted parameters to the web interface. This could enable remote arbitrary torrent uploads along with the possibility of remote code execution, within the same privileges as the KTorrent process itself.

A temporary workaround solution is to disable the web interface plugin. This can be achieved by clicking “plugins” in the config menu and unchecking the “Web Interface” checkbox.

Versions affected by this issue are 2.2.8 and earlier, so users updating to the latest version are protected from these security vulnerabilities.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

The vulnerabilities were discovered in the components chunkcounter.cpp and torrent.cpp and can be exploited by getting a user to use a modified torrent file, resulting in the possible control of the OS with the same privileges as the Ktorrent user.

There is currently no work-around for the flaws but the situation can be remedied by upgrading to the latest version of Ktorrent, version 2.1.4.

KTorrent is a BitTorrent client written in C++ for KDE, offering mainline DHT and µTorrent compatible peer exchange, port forwarding via UPnP and protocol encryption for getting round those pesky traffic-shaping ISP’s.

KTorrent version 2.2 will be released later this month and will include new features such as multiple tabs, moving finished downloads to another directory, and diskspace preallocation. Another good reason to upgrade!

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.