Probably old news to alot of you with your finger on the pulse... did i miss this on the forum?? here's what i caught on afterdawn.com (http://www.afterdawn.com/news/archive/4108.cfm)


A security researcher, known only by his nickname Random Nut, has found a severe bug in FastTrack P2P protocol that can be used to crash or take control of so-called "supernode" computers in the P2P network. Supernodes are P2P users that have "sufficient resources" to act as supernodes and they hold together "nodes" (normal users), connect to other "supernodes" and deliver the search results within their node networks.
 
  According to Random Nut's comments, he informed Joltid (the American subsdiary of Kazaa BV, Netherlands-based company that owns the FastTrack technology, although not any of the clients, such as Kazaa, anymore) about the bug two weeks ago, but didn't get any reply back. This week he informed kazaa.com about the vulnerability and now at least Sharman Networks, who develops the Kazaa client, has reacted. Sharman has promised to issue a bugfix within next 24 hours.
 
  Other FastTrack-based applications are vulnerable to the bug as well -- these include Kazaa Lite (and all its variations), Grokster and iMesh. Random Nut hasn't disclosed the exploit code: "I don't want some little script-kiddie to close down all of the [FastTrack] network or parts of it".


hmmm, good call RN! "Security Researcher" I like that term.... B)

Just heard that story, here is the story with a little more information.

Full story here (http://www.zdnet.com.au/newstech/security/story/0,2000048600,20274862,00.htm)

The patch to cover the flaw will be available at www.kazaa.com (http://www.kazaa.com) within the next 24 hours

I never told the reporter anything about me and he quotes me as being a security researcher. I can't blame him, he's a reporter after all. Make things up all the time.

Originally posted by random coconut@27 May 2003 - 20:45
I never told the reporter anything about me and he quotes me as being a security researcher. I can't blame him, he's a reporter after all. Make things up all the time.
It's easier for them to assume you're a 'security researcher' because of the results of your hacking...
than for them to say 'this was discovered by someone who is out to destroy Kazaa by the creation of Kazaa Lite++'.

The media has a funny way of treating hackers. We're forced to wear many hats because none fit us.

offtopic:
I guess this makes anyone who does searches on Google into family tree information a private investigator. :D

random nut said that he may write a patch for Kazaa Lite too in a couple weeks from now.


To exploit this bug you need to have the encryption code of the FastTrack protocol. So not everyone can just use the exploit. I wouldn't worry to much at this point.

Originally posted by random coconut@28 May 2003 - 02:45
I never told the reporter anything about me and he quotes me as being a security researcher. I can't blame him, he's a reporter after all. Make things up all the time.
Who are you?

:P Random Coconut .......maybe related to Random Nut...our Hero ;)

:D

Uh, I'm random nut.

Originally posted by random coconut@29 May 2003 - 09:13
Uh, I'm random nut.
Why did you change your name Mr Nut?

Was the preasure of fame getting to you.. ;)

I changed my password...

to clear things out of the way... Coconut is Random... B)

Very easy to be skeptic nowadays, maybe Paul could clear this up, seems confusing.

It's him alright ;)

By the way, 24 hours have passed, wheres the update? I see nothing at KaZaa.

Well I was only going of the article from zdnet.com

By the way, 24 hours have passed, wheres the update? I see nothing at KaZaa.

Click the download link and when you get to download.com you'll see it's v2.1.1.

download.com:
"[...]Version 2.1.1 fixes a major security vulnerability in the FastTrack network.[...]"

Not to obvious, though I imagine regular KaZaa users get it automatically placed in their dl folder. Funny the file was only 164k, is that an update, and when will KL users see an update.

Originally posted by REALITY@30 May 2003 - 10:33
Not to obvious, though  I imagine regular KaZaa users get it automatically placed in their dl folder. Funny the file was only 164k, is that an update, and when will KL users see an update.
It's a webinstall for the update. the update is 3513KB (only 523KB smaller then full installer)

Im sure it comes with a lot of new spyware. :lol: