Colt Seevers
05-27-2003, 11:32 PM
Probably old news to alot of you with your finger on the pulse... did i miss this on the forum?? here's what i caught on afterdawn.com (http://www.afterdawn.com/news/archive/4108.cfm)
A security researcher, known only by his nickname Random Nut, has found a severe bug in FastTrack P2P protocol that can be used to crash or take control of so-called "supernode" computers in the P2P network. Supernodes are P2P users that have "sufficient resources" to act as supernodes and they hold together "nodes" (normal users), connect to other "supernodes" and deliver the search results within their node networks.
According to Random Nut's comments, he informed Joltid (the American subsdiary of Kazaa BV, Netherlands-based company that owns the FastTrack technology, although not any of the clients, such as Kazaa, anymore) about the bug two weeks ago, but didn't get any reply back. This week he informed kazaa.com about the vulnerability and now at least Sharman Networks, who develops the Kazaa client, has reacted. Sharman has promised to issue a bugfix within next 24 hours.
Other FastTrack-based applications are vulnerable to the bug as well -- these include Kazaa Lite (and all its variations), Grokster and iMesh. Random Nut hasn't disclosed the exploit code: "I don't want some little script-kiddie to close down all of the [FastTrack] network or parts of it".
hmmm, good call RN! "Security Researcher" I like that term.... B)
A security researcher, known only by his nickname Random Nut, has found a severe bug in FastTrack P2P protocol that can be used to crash or take control of so-called "supernode" computers in the P2P network. Supernodes are P2P users that have "sufficient resources" to act as supernodes and they hold together "nodes" (normal users), connect to other "supernodes" and deliver the search results within their node networks.
According to Random Nut's comments, he informed Joltid (the American subsdiary of Kazaa BV, Netherlands-based company that owns the FastTrack technology, although not any of the clients, such as Kazaa, anymore) about the bug two weeks ago, but didn't get any reply back. This week he informed kazaa.com about the vulnerability and now at least Sharman Networks, who develops the Kazaa client, has reacted. Sharman has promised to issue a bugfix within next 24 hours.
Other FastTrack-based applications are vulnerable to the bug as well -- these include Kazaa Lite (and all its variations), Grokster and iMesh. Random Nut hasn't disclosed the exploit code: "I don't want some little script-kiddie to close down all of the [FastTrack] network or parts of it".
hmmm, good call RN! "Security Researcher" I like that term.... B)