uTorrent bugs let websites control your computer and steal your downloads
#1
https://arstechnica.com/information-tech...downloads/

Quote:Two versions of uTorrent, one of the Internet's most widely used BitTorrent apps, have easy-to-exploit vulnerabilities that allow attackers to execute code, access downloaded files, and snoop on download histories, a Google Project Zero researcher said. uTorrent developers are in the process of rolling out fixes for both the uTorrent desktop app for Windows and the newer uTorrent Web product.

The vulnerabilities, according to Project Zero, make it possible for any website a user visits to control key functions in both the uTorrent desktop app for Windows and in uTorrent Web, an alternative to desktop BitTorrent apps that uses a Web interface and is controlled by a browser. The biggest threat is posed by malicious sites that could exploit the flaw to download malicious code into the Windows startup folder, where it will be automatically run the next time the computer boots up. Any site a user visits can also access downloaded files and browse download histories.
Reply
#2
utorrent Options -> Advanced ->Set net.discoverable to false.

utorrent desktop version should still be safe to use.

Issue is similar to the one reported on Transmission Client. Link

Don't Panic ;-)
Reply
#3
EDIT 5 of https://www.reddit.com/r/trackers/commen..._security/ and its source https://bugs.chromium.org/p/project-zero...d=1524#c13.
 
Feb 22nd fix by BitTorrent, Inc.:  https://engineering.bittorrent.com/2018/...rrent-web/

No word since?
Reply
#4
(Feb 23, 2018, 03:58 am)SectorVector Wrote: utorrent Options -> Advanced ->Set net.discoverable to false.

utorrent desktop version should still be safe to use.

Doesn't do the trick, according to this post in reddit

Quote:EDIT5: The above fix is CONFIRMED to not to mitigate this bug.

Been using utorrent since day1 and stayed with the infamous 2.2.1 version since 2011.

I tested qbitorrent, deluge and tixati and favor qbitorrent.

I might jump ship unless there's a fix/patch so i can continue with utorrent 2.2.1.

qbitorrent is fine apart from an issue with speed fluctuation which seems to be pretty common.

Is it worth installing the latest version of utorrent, stay with 2.2.1 or i should switch to qbitorrent?

Any other users here still using older versions of utorrent? What will you guys do?
Reply
#5
What's wrong with Deluge?
Reply
#6
(Mar 10, 2018, 13:30 pm)asterastrip Wrote: I tested qbitorrent, deluge and tixati and favor qbitorrent.
Is it worth installing the latest version of utorrent, stay with 2.2.1 or i should switch to qbitorrent?
Any other users here still using older versions of utorrent? What will you guys do?

I was on uTorrent for years and also kept on 2.2 but found qBitTorrent better for it's search (Python scripts) and lack of ads and other bs.

Just cleaning up my system and will be out of any app besides FireFox and AV for a few days, looking onto Tixati or other client.

qBitTorrent has a problem when I change/disconnect external drivers, it requires rechecking files and last time it got "lost" on my torrents.
I think recheck flag is something from the past that may not be useful for all users, a "recheck when complete" and a manual "force recheck" are better options IMO.

Also worth checking some other ways of file sharing; i2p clients, ZeroNet, BitCanon are interisting; just found Fopnu but no idea what it really can do.
Reply
#7
(Mar 10, 2018, 13:30 pm)asterastrip Wrote: Is it worth installing the latest version of utorrent, stay with 2.2.1 or i should switch to qbitorrent?

Any other users here still using older versions of utorrent? What will you guys do?

I use only uTorrent 2.0.4 & uTorrent 2.2.1 (when required for private trackers). I have moved to qBittorrent after some good people told me the improvements.

In my personal opinion switch to qBittorrent because it is open source and has no ads.
Reply
#8
(Mar 11, 2018, 06:20 am)Cov Wrote: What's wrong with Deluge?

Absolutely nothing, i just like qbitorrent better.
I installed and tested tixati, deluge and qbitorrent.
Those 3 seemed to be the most popular choices and all 3 worked fine.
Deluge was OK.
Tixati was unnecessarily complicated for my taste. I just need basic options, don't need much.
Qbitorrent was very easy to use and looks very much alike utorrent.


(Mar 11, 2018, 10:33 am)contrail Wrote: In my personal opinion switch to qBittorrent because it is open source and has no ads.

I'll stay with qbitorrent because i'm not one to test and change clients.
Also, it works fine till now.
I was using utorrent since 2008 and never tested another client (stayed with 2.2.1 since 2011)
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Anyone still have a vintage computer? RobertX 13 9,244 Jan 15, 2024, 14:49 pm
Last Post: Superchicken
  Getting error on all downloads Robert4578 2 7,183 Nov 22, 2022, 21:35 pm
Last Post: Robert4578
  Private Flight Schedules websites TAP Portugal 0 7,294 Aug 11, 2022, 19:12 pm
Last Post: TAP Portugal
  TV Control with Smart Speakers apk for Sony Android TV ephesus_1 3 10,747 Mar 04, 2022, 14:20 pm
Last Post: maskaw
  Win 10 blocking utorrent daigorohanzo 9 13,083 Feb 16, 2022, 14:11 pm
Last Post: daigorohanzo



Users browsing this thread: 1 Guest(s)