Post by mslo79 on Feb 22, 2018 14:07:44 GMT
https://www.reddit.com/r/trackers/comments/7yzfsv/bittorrent_client_utorrent_suffers_security/
It even effects the version I have been using for years which is uTorrent v2.2.1 (build 25302) which was basically the last good version of uTorrent before the junk/bloat set in.
so I figured at this point, even though that's been great for me for years, as it's been out since 2011, it's time I moved onto another one which so far qBittorrent 64bit has been solid for me as it's quite similar to uTorrent in it's overall interface and works well so far even though I am going to keep using it for a few months to make sure it's nice and reliable/stable before I completely remove uTorrent off of my system.
qBittorrent seems to use more RAM than uT v2.2.1 (i.e. about 150MB or so currently vs about 20MB with uT v2.2.1 (with 151 torrents seeding)) but it's basically a non-issue on modern systems that have plenty of RAM. but so far qB seems nice and snappy navigating through it's interface and adjusting it's settings to my liking as it took me a little while so it would seed all 151 torrents I got currently.
p.s. there is a supposed fix for the security vulnerability in uT v2.2.1 there but I figured at this point it's best I move on because one could forget to reapply that fix in the advance setting menu of uT in the future if you say clean installed Windows etc.
EDIT: that post has been updated and basically says to move to another program and avoid uTorrent. I would move over to qBittorrent v4.0.4 since it's the most similar to uTorrent with it's general function.
but I do see a post from about 26hours ago with a average user saying this...
so maybe there is still some hope for v2.2.1. but for those who would rather not take the chance, then switching to another torrent program seems like a safer choice at this point just to be sure.
EDIT #2: apparently some private trackers are still using v2.2.1 so it must be considered 'safe enough'. take that for whatever it's worth. but for those who want to play it extra safe, I would change to qBittorrent or something else.
It even effects the version I have been using for years which is uTorrent v2.2.1 (build 25302) which was basically the last good version of uTorrent before the junk/bloat set in.
so I figured at this point, even though that's been great for me for years, as it's been out since 2011, it's time I moved onto another one which so far qBittorrent 64bit has been solid for me as it's quite similar to uTorrent in it's overall interface and works well so far even though I am going to keep using it for a few months to make sure it's nice and reliable/stable before I completely remove uTorrent off of my system.
qBittorrent seems to use more RAM than uT v2.2.1 (i.e. about 150MB or so currently vs about 20MB with uT v2.2.1 (with 151 torrents seeding)) but it's basically a non-issue on modern systems that have plenty of RAM. but so far qB seems nice and snappy navigating through it's interface and adjusting it's settings to my liking as it took me a little while so it would seed all 151 torrents I got currently.
p.s. there is a supposed fix for the security vulnerability in uT v2.2.1 there but I figured at this point it's best I move on because one could forget to reapply that fix in the advance setting menu of uT in the future if you say clean installed Windows etc.
EDIT: that post has been updated and basically says to move to another program and avoid uTorrent. I would move over to qBittorrent v4.0.4 since it's the most similar to uTorrent with it's general function.
but I do see a post from about 26hours ago with a average user saying this...
K as a utorrent 2.2.1 user for many years I am interested in this, so as all the info and the exploits are here so we can reproduce I have gone ahead and done so. I am in no way a professional, but all the notes are there to reproduce.
First, the utorrent web is not installed on 2.2.1 by default so nothing with utorrent web works on 2.2.1 by default, verified port is ignored and commands so no one can download stuff on your pc.
Second, Utorrent classic port 10000 is on by default on 2.2.1, can be disabled but does not fix problem just shifts it to default connection port. The Crash test page does not crash utorrent 2.2.1, and Trigger device transfer is ignored as feature not implemented on 2.2.1. All other options open a pop-up on utorrent if you want to allow or ignore (seems like the people that made utorrent knew about this probability and made that as a safety net) you also have an option for always deny as a check box, so no entry. The last exploit that makes it possible for people to get list of your download and download them from you states "invalid request", and after a minute it gives "This page is waiting for a dns update, and will then contact utorrent. This could take a while, get a coffee." left it running for 40+ minutes (got me couple of coffees) and still same thing posted image with errors that states the utorrent 2.2.1 is responding with a 400 Bad Request error leaving me to believe that 2.2.1 immune to this attack. I and manny other would like you guys at google to verify our findings.
First, the utorrent web is not installed on 2.2.1 by default so nothing with utorrent web works on 2.2.1 by default, verified port is ignored and commands so no one can download stuff on your pc.
Second, Utorrent classic port 10000 is on by default on 2.2.1, can be disabled but does not fix problem just shifts it to default connection port. The Crash test page does not crash utorrent 2.2.1, and Trigger device transfer is ignored as feature not implemented on 2.2.1. All other options open a pop-up on utorrent if you want to allow or ignore (seems like the people that made utorrent knew about this probability and made that as a safety net) you also have an option for always deny as a check box, so no entry. The last exploit that makes it possible for people to get list of your download and download them from you states "invalid request", and after a minute it gives "This page is waiting for a dns update, and will then contact utorrent. This could take a while, get a coffee." left it running for 40+ minutes (got me couple of coffees) and still same thing posted image with errors that states the utorrent 2.2.1 is responding with a 400 Bad Request error leaving me to believe that 2.2.1 immune to this attack. I and manny other would like you guys at google to verify our findings.
so maybe there is still some hope for v2.2.1. but for those who would rather not take the chance, then switching to another torrent program seems like a safer choice at this point just to be sure.
EDIT #2: apparently some private trackers are still using v2.2.1 so it must be considered 'safe enough'. take that for whatever it's worth. but for those who want to play it extra safe, I would change to qBittorrent or something else.
