The Traders' Den  

  The Traders' Den > Where we go to learn ..... > Technobabble
 

Notices

Technobabble Post your general Need for Help questions here.
Lossy or Lossless?
Moderators

Reply
 
Thread Tools
  #1  
Old 2008-08-12, 12:13 PM
U2Lynne's Avatar
U2Lynne U2Lynne is offline
TTD Staff
474.39 GB/2.01 TB/4.34
 
Join Date: Oct 2004
Location: California
Critical Vulnerability Discovered in uTorrent

Quote:
A vulnerability described as ‘critical’ has been discovered in versions of uTorrent and the official BitTorrent client. The ‘buffer overflow’ vulnerability can be exploited to compromise a user’s computer for the execution of arbitrary code. It is suggested that users should immediately update to uTorrent version 1.8 RC7 or higher. There is currently no fix for the official client.
Read more...

uTorrent version 1.8 available here
__________________
Five's Checksums Demystified - everything and anything you want to know about checksums
On a Mac? Get XLD to rip your CDs. Please see this guide - X Lossless Decoder (XLD): How to create flawless CD rips on Mac OS X


Reply With Quote Reply with Nested Quotes
  #2  
Old 2008-08-12, 01:54 PM
mooncusser's Avatar
mooncusser mooncusser is offline
bright ambassador of morning
497.48 GB/1.18 TB/2.43
 
Join Date: Mar 2006
Location: near a man-made island
Re: Critical Vulnerability Discovered in uTorrent

interesting that my client is only prompting me to update to 1.8 RC6 (not 7). And it only does that if I enable updates to beta versions. I thought 1.8 is in stable release.
__________________
(\__/)
(='.'=)
(")_(")

Quote:
Vince Gill:
I just got an award presented to me by a Beatle. Have you had that happen yet, Kanye?
Quote:
Originally Posted by karmakat View Post
Quote:
Originally Posted by jameskg View Post
I knew that was the wrong answer
such is the nature of Gilligan.
Reply With Quote Reply with Nested Quotes
  #3  
Old 2008-08-12, 11:36 PM
Five's Avatar
Five Five is offline
189.30 GB/594.78 GB/3.14
 
Join Date: Oct 2004
Location: Canada
Re: Critical Vulnerability Discovered in uTorrent

looking over here:
http://www.filehippo.com/download_utorrent/

I notice that they're listing plain old "1.8" as being a higher version than 1.8 RC7

I downloaded "1.8" from filehippo and "1.8 (stable)" from the utorrent site and the checksums match, so seems like that is the most recent version at the moment

eaa865631b18d6c8ec5b34082f41c91a

thanks for the headsup
__________________
Checksums Demystified | ask for help in Technobabble

thetradersden.org | ttd recommended free software/freeware webring
shntool tlh eac foobar2000 spek audacity cdwave vlc

Quote:
Originally posted by oxymoron
Here you are in a place of permanent madness, be careful!
Reply With Quote Reply with Nested Quotes
  #4  
Old 2008-08-13, 06:30 AM
Chaosu's Avatar
Chaosu Chaosu is offline
74.86 GB/81.12 GB/1.08
 
Join Date: Feb 2007
Re: Critical Vulnerability Discovered in uTorrent

Yup, stable is newer:
http://forum.utorrent.com/viewtopic.php?id=44003
Reply With Quote Reply with Nested Quotes
  #5  
Old 2008-08-13, 09:27 AM
U2Lynne's Avatar
U2Lynne U2Lynne is offline
TTD Staff
474.39 GB/2.01 TB/4.34
 
Join Date: Oct 2004
Location: California
Re: Critical Vulnerability Discovered in uTorrent

RC means Release Candidate. So RC versions are versions they are hoping are stable enough to become the actual release, but aren't necessarily so. So yes, a stable 1.8 version is going to be 'better' that an RC version with the same version number.
__________________
Five's Checksums Demystified - everything and anything you want to know about checksums
On a Mac? Get XLD to rip your CDs. Please see this guide - X Lossless Decoder (XLD): How to create flawless CD rips on Mac OS X


Reply With Quote Reply with Nested Quotes
  #6  
Old 2008-08-14, 04:36 PM
thejoker thejoker is offline
59.29 GB/34.28 GB/0.58
 
Join Date: Nov 2007
Re: Critical Vulnerability Discovered in uTorrent

Utorrent is real shit because my internet provider called my 3 times because i was hacking with PHP and i thought i had virus or something but when i formated my cumputer and i found something to download from the tradersden or dimeadozen i used Utorrent again and they called my again fro php attack but that time i had a fresh windows and no virus was there. That time i asked the time of the attack and it was when i was downloading with Utorrent and exactly when i closed it. so i just deleted it and get back the old bitornado i had no call since.

I don't trust utorrent anymore becarfull if you use it by now
Reply With Quote Reply with Nested Quotes
  #7  
Old 2008-08-15, 01:16 AM
Five's Avatar
Five Five is offline
189.30 GB/594.78 GB/3.14
 
Join Date: Oct 2004
Location: Canada
Re: Critical Vulnerability Discovered in uTorrent

anybody else experience this?
__________________
Checksums Demystified | ask for help in Technobabble

thetradersden.org | ttd recommended free software/freeware webring
shntool tlh eac foobar2000 spek audacity cdwave vlc

Quote:
Originally posted by oxymoron
Here you are in a place of permanent madness, be careful!
Reply With Quote Reply with Nested Quotes
  #8  
Old 2008-08-15, 03:17 AM
glens's Avatar
glens glens is offline
1.34 TB/2.25 TB/1.68
 
Join Date: Dec 2004
Re: Critical Vulnerability Discovered in uTorrent

I have not experienced any issues with uTorrent since 1.5....but NOTE: uTorrent Admin cites "This latest exploit affects all unicode enabled versions prior to 1.8 RC7. (which is as early as 1.5, I believe)"
__________________
"...Don't worry, we'll wean him off with methadone someday...."
Reply With Quote Reply with Nested Quotes
  #9  
Old 2008-08-15, 07:39 PM
rspencer's Avatar
rspencer rspencer is offline
TTD Hoarder
TTD Staff
326.11 GB/317.06 GB/0.97
 
Join Date: Oct 2007
Location: the outer limits
Re: Critical Vulnerability Discovered in uTorrent

I've had constant "offline" status for trackers since "upgrading" yesterday. Downloads & uploads at a minimum. Not firewalled (at all, cut it off completely to see if that would help). Had no issues whatsoever before switching to 1.8.
__________________
My main list .... My masters

Quote:
Originally Posted by dcbullet View Post
Sometimes im dense.
Quote:
Originally Posted by dcbullet View Post
I hate not being a real man.
Reply With Quote Reply with Nested Quotes
  #10  
Old 2008-08-15, 08:26 PM
krokodyle's Avatar
krokodyle krokodyle is offline
261.52 GB/295.81 GB/1.13
 
Join Date: Nov 2005
Location: Fog City
Re: Critical Vulnerability Discovered in uTorrent

I do no plan on upgrading my uTorrent any further (I'm at 1.7.7), so I really hope it doesn't get banned. It's not like this exploit hasn't been brought up before (http://torrentfreak.com/utorrent-vul...mote-exploits/ Feb. 2007), which again would realistically only occur with torrents specifically designed to exploit uTorrent, and really only a risk on public trackers. Yes?
Reply With Quote Reply with Nested Quotes
  #11  
Old 2008-08-16, 12:09 AM
direwolf-pgh's Avatar
direwolf-pgh direwolf-pgh is offline
On the Beach
666.18 GB/1.29 TB/1.99
 
Join Date: Dec 2005
Location: down in the basement
Re: Critical Vulnerability Discovered in uTorrent

Quote:
Originally Posted by Five View Post
anybody else experience this?
nope. I did upgrade (from a push prompt) the other day and all is well.
the problem kinda comes with the territory (buffer overflow exploit). plus, utorrent wants an open port & we are 'trusting each other blindly' sharing data packets. yep...thats a security issue - almost no matter what.

Quote:
The choice of programming language can have a profound effect on the occurrence of buffer overflows. As of 2008, among the most popular languages are C and its derivative, C++, with an enormous body of software having been written in these languages. C and C++ provide no built-in protection against accessing or overwriting data in any part of memory; more specifically, they do not check that data written to an array (the implementation of a buffer) is within the boundaries of that array. However, the standard C++ libraries provide many ways of safely buffering data, and technology to avoid buffer overflows also exists for C.

Last edited by direwolf-pgh; 2008-08-16 at 12:19 AM.
Reply With Quote Reply with Nested Quotes
  #12  
Old 2008-08-16, 08:27 AM
xtraloveable's Avatar
xtraloveable xtraloveable is offline
395.56 GB/343.67 GB/0.87
 
Join Date: May 2007
Re: Critical Vulnerability Discovered in uTorrent

I am using Utorrent 1.6.1(build 490) and haven't experienced any problems since using it....does this effect all older versions up to 1.8 ?
Reply With Quote Reply with Nested Quotes
  #13  
Old 2008-08-17, 07:28 PM
waterman's Avatar
waterman waterman is offline
206.73 GB/199.38 GB/0.96
 
Join Date: Oct 2007
Re: Critical Vulnerability Discovered in uTorrent

I must have upped and gotten rid of 1.8 a million times in 24 hours. Capped ul/dls, trackers off line, reconfiguring my firewall and anti virus thinking it was me, redling 1.7.7 a hundred times, having THAT go offline. What a pisser of a weekend. I work my ass off delivering 5 gallon water bottles all week (I didnt name myself that because my real name is Arthur Curry)and I have to deal with this. How utterly relaxing. I dled Bittorrent mainline,used that for an hour and was reminded why I ditched it a year ago, so now its back to 1.8 again. It seems to be working ok now. A forum on the net suggested a couple of things. That(A):Its buggier than a shithouse rat. This would make sense because its a new version and theyre trying it out on us. Like Joseph Mengeles might have. Let us howl with displeasure and theyll collect data and eventually fix it. Or(B) Its a "torrent cop" of sorts. Forced capping of ul/dl speeds. File sharing is a big fat buggaboo in the pudding of the MPAA and the music industry at large. What better way to end this kind of shit than to "restrict movement?" I know I'm kinda conspiracy theorizing, but it aint paranoia if theyre really after you, is it. I sort of suggested this on Etree, but it wasnt real well received. Actually, what I suggested was to google" Utorrent1.8 sucks". And guess what! The discussion was well underway.I guess I can use another client, but I kinda like the little lug. ARe there better clients? Guess time will tell. Cheers.
Reply With Quote Reply with Nested Quotes
  #14  
Old 2008-08-17, 07:34 PM
direwolf-pgh's Avatar
direwolf-pgh direwolf-pgh is offline
On the Beach
666.18 GB/1.29 TB/1.99
 
Join Date: Dec 2005
Location: down in the basement
Re: Critical Vulnerability Discovered in uTorrent

Quote:
Originally Posted by waterman View Post
...I know I'm kinda conspiracy theorizing, but it aint paranoia if theyre really after you, is it. I sort of suggested this on Etree, but it wasnt real well received.
link please
Reply With Quote Reply with Nested Quotes
  #15  
Old 2008-08-17, 07:53 PM
mooncusser's Avatar
mooncusser mooncusser is offline
bright ambassador of morning
497.48 GB/1.18 TB/2.43
 
Join Date: Mar 2006
Location: near a man-made island
Re: Critical Vulnerability Discovered in uTorrent




works fine for me. downloads and uploads working fine, just like the last version
__________________
(\__/)
(='.'=)
(")_(")

Quote:
Vince Gill:
I just got an award presented to me by a Beatle. Have you had that happen yet, Kanye?
Quote:
Originally Posted by karmakat View Post
Quote:
Originally Posted by jameskg View Post
I knew that was the wrong answer
such is the nature of Gilligan.
Reply With Quote Reply with Nested Quotes
Reply

The Traders' Den > Where we go to learn ..... > Technobabble

Similar Threads
Thread Forum Replies Last Post
Black Sabbath Critical Retrospective (DVD) - Grapost DVD Covers 0 2006-11-24 08:17 PM


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forums


All times are GMT -5. The time now is 09:02 AM.


Powered by: vBulletin, Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004 - , TheTradersDen.org - All Rights Reserved - Hosted at QuickPacket