An Interest In:
Web News this Week
- April 16, 2024
- April 15, 2024
- April 14, 2024
- April 13, 2024
- April 12, 2024
- April 11, 2024
- April 10, 2024
Some of Our Sources
- BoingBoing
- Technology Review
- Web Designer Wall
- Six Revisions
- FanExtra - PSD
- My Ink Blog
- CSS Globe
- Stylized Web
- Daily Now
- The Verge
Help Webnuz
Referal links:
February 21, 2018 06:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/WM8Rw1v7YE8/utorrent-client-affected-by-some-pretty-severe-security-flaws
uTorrent Client Affected by Some Pretty Severe Security Flaws
A Google security researcher has found multiple security flaws affecting the uTorrent web and desktop client that allow an attacker to infect a victim with malware or collect data on the users' past downloads, reports BleepingComputer. From the report: The vulnerabilities have been discovered by Google Project Zero security researcher Tavis Ormandy, and they impact uTorrent Web, a new web-based version of the uTorrent BitTorrent client, and uTorrent Classic, the old uTorrent client that most people know. Ormandy says that both uTorrent clients are exposing an RPC server -- on port 10000 (uTorrent Classic) and 19575 (uTorrent Web). The expert says that attackers can hide commands inside web pages that interact with this open RPC server. The attacker only needs to trick a user with a vulnerable uTorrent client to access a malicious web page. Furthermore, the uTorrent clients are also vulnerable to DNS rebinding -- a vulnerability that allows the attacker to legitimize his requests to the RPC server.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/WM8Rw1v7YE8/utorrent-client-affected-by-some-pretty-severe-security-flaws
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot