Quote:1.7.6 released to fix a remote crash bug. Also fixed 3 other minor issues while we were at it. Barring any other security issues before the release of 1.8, this will be the last 1.7.x release.
This crash bug affects 1.6.x, 1.7.x and 1.8 releases to date. No update will be released for those branches. Upgrading is strongly recommended.
--- 2008-01-15: Version 1.7.6 (build 7859)
- Change: do not use adapter subnet to identify local peers
- Fix: double-clicking to open items in RSS releases tab
- Fix: remote crash bug (affects all 1.6.x, 1.7.x, and 1.8 builds released to date)
- Fix: limit local peers if disk is congested
--- 2007-09-11: Version 1.7.5 (build 4602)
- Fix: rare crash bug with malformed UPnP response
- Fix: downloads stalled in rare cases
Quote:Both the official BitTorrent and uTorrent clients are vulnerable to a remote denial-of-service attack, due to the way they handle user-supplied data. Versions found to be vulnerable so far are the official BitTorrent 6.0 client,
uTorrent 1.7.x, uTorrent 1.6.x and uTorrent 1.8-alpha-7834."
As a result, quite a lot of torrent trackers have now been pushing, or forcing, their users to upgrade to uTorrent 1.7.6 which apparently fixes the problem.
However, it is well known that since uTorrent 1.6.x was released, uTorrent was taken over by Bittorrent Inc. who just happen to be in partnership with the MPAA. There are fears that there is a section of code written into the software that "calls home" to the MPAA, giving them information regarding what you choose to download via uTorrent. According to TorentFreak again, though:
Quote:Most people were afraid that uTorrent was sending data to the MPAA or other anti-piracy outfits. These rumors were fueled by the fact that one of the uTorrent Beta releases was marked as a trojan by some anti-virus applications. Here at TorrentFreak we looked into the suspicious behavior reported by some of our readers, but up until now we did not find any hard evidence to support these claims. With Wireshark we tried to replicate the findings reported by some users several times, both on virtual machines and in use systems, but we didn?t find anything suspicious.
So, rock and a hard place. Upgrade to latest release, stay on tracker, don't download anything illegal or don't upgrade, get kicked off tracker for downloading via it.
Moved as requested Jack, however, I think it would probably have been better left in the P2P section. Let's give it a while here and see about moving it back later.
Originally posted by papola: Wouldn't PG2 take care of this? Any IP address from knownMPAA connections would be blocked from PeerGuardian. At least that is my look at it.
Well for one PG2 stops IPs from connecting to you, it doesn't stop uTorrent calling home to it's possible MPAA roots.
Secondly, a quote from the website:
Quote:Well, it is accurate in the sense that it blocks everything on your blocklist. It is impossible to know _all_ the addresses to block so while it will increase your safety to a good extent, it can never be perfect.
We are talking about the MPAA/RIAA here. If they want to connect to your computer with a remote IP then they are going to do so. Do you not think they could knock something up that would bypass your seemingly meager protections in, say, minutes?
I can't honestly say I'm surprised.. Remember how long ago we reported the mpaa/riaa links between utorrent devs and reported bad behaviour by the application. The ”torrent home site is listed as a macromedia/mpaa affiliate FFS!
What more reason could anybody need to use azureus?
