Printable View
Quote:
Originally Posted by rvt
i like to know the reason behind banning of 1.6.1 which is safe according to an experienced staff/coder !Quote:
Originally Posted by rvt
:mellow:
update :
bitme, bitmetv, blackcats-games, what, waffles ,revtt have all unbanned 1.6.1
:)
update 2 :
Quote:
Originally Posted by rvt
Fix: remote crash bug (affects 1.7.x, and 1.8 builds released to date)
it doesnt affect 1.6.x
:)
kool.
Nice topic. Kinda want to know myself. I did obviously upgrade though. Not going to risk my account for not following orders.
Because if you check utorrent site they say 1.6.1 is vulnerable and many just take the info from that. But if rvt info, can be backed up by another coder, maybe staff will reconsider bans.
Also great post LordS
Edit: In regards to uT saying it affects 1.6.x, that is a lie put out to get people to upgrade.
One of the bittorrent devs said in their forum that it does not affect 1.6.x
http://forum.utorrent.com/viewtopic....298736#p298736
End Edit
It can be confirmed easily enough.
I have some php code for crashing uT posted at p2pg and tbdev. We have a fair amount of sites on p2pg, and they can spread the code out to other sysops/coders. The code is in the VIP section at tbdev to keep it out of the public eye. If any sysop wants a copy, drop me a PM.
The POC code for executing code on 1.6 is available at milw0rm. What it does is change the announce URL to a lot of code that doe not represent a real URL in any way. I would post an example, but it's full of all sorts of control characters and isn't pretty.
Any tracker using passkeys is going to replace that URL with their own one anyway, so none of these malformed torrents will be downloadable from private trackers.
On public trackers, these torrents will be deleted very quickly because the announce URL is not valid and so they cannot work on any client.
For anyone testing the milw0rm exploit, if you are getting segmentation faults, make sure the torrent file you use as input has a comment after the announce URL.
d8:announce10:01234567897:comment10:0123456789 << like that
The code uses the 7:comment part to work out where to split.
BTW, the milw0rm code does not work on XP SP2 far as I can tell.
thanks for the hard work rvt, it's great to know 1.6.1 is still good.Quote:
Originally Posted by rvt
all we need to do now is convince staffers :)
thanks a lot again rvt :)
ok so the ut forum itself says 1.6 is safe
and rvt has confirmed that private trackers wont be affected by this exploit
so what are we waiting for ? unban 1.6 :happy:
still no comments from other bt staff ? huh
Probably not until uTorrent them selves say it is safe again. Until then, probably not.
BCG is allowing 1.6.#
we are banning all 1.7 earlier than 1.7.6
and we dont allow alpha/beta anyway so 1.8 is not allowed yet.
Alpha's tend to be really buggy anyways. I would diverge users from them, unless your a developer or beta tester of course.
i would like to go back to 1.6.1 just because 1.7.6 takes me 30 seconds or more before it actually starts downloading anything and ive even had a few times where it didnt connect to any peers until i restarted utorrent. could be a problem on my end, but it hasnt ever happened on 1.6.1. nice work rvt.
^Never experienced anything similar...
I agree. Also i can't use myspleen now. They banned ut 1.7.6. Bad client according to them. I now also have problems downloading from some trackers. It may change now though since alot of people are forced to upgrade since most trackers have now offically banned 1.6.1 (most not all).Quote:
Originally Posted by aysomc
ffs, i was forced to upgrade to 1.7.6 cuz revTT allows no earlier versions.
TL also recommends upgrading.
i hope this situation is just temporary and they will allow again using 1.6.x versions. i agree with the ban on 1.7.x prior to 1.7.6 though.
As pointed out by rvt, the vulnerability is exploited by crafting a specific tracker URL. Practically every private torrent site will change the URL by adding a passkey to it, therefore destroying any attempt at a malicious URL.
The only place where these exploits can actually be practised would be on the public trackers, because if anyone was stupid enough to try this on a private tracker, their details would be circulated quicker than a Scotsman could down a bottle of whisky.
SCT have forced upgrading, so the massive userbase there, who are indeed shared amongst FSC and FTN will have upgraded. As long as a few big torrent sites force the move to 1.7.6 (what and waffles did as well?) i doubt many will remain with 1.6.1 (except those still caught up in the consipracy theories)
Yes, its obvious. Even 1.6 has not such a vulnerability unless you are using xp without upgrades. My utorrent always crashed when my computer auto-shut down during power failures with xp with no service packs installed. However, since when i upgraded with sp2, there are no problems. Still i'm using 1.6, not even 1.6.1Quote:
Originally Posted by rvt
Why trackers enforce it? I find only one reason. Many complain in the forums that their utorrent crashed and so they couldn't seed acc to tracker rules. The result is obvious. I always keep a back up copy of my utorrent settings, though i never needed to use it.
Another reason could be cheating. Staff might think they can beat cheaters cause they might have the old version based cheating clients. lol
However, i'm not against this forced upgrade, but if all trackers do it, it'd be appreciated.
...
It's not just about conspiracy theories anymore though is it?Quote:
Originally Posted by pandabear
Even if you disregard the fact that utorrent development is now partly funded by 20th Century Fox etc, this situation has proven that every version of the client since BitTorrent Inc took over has had serious flaws. That diminishes my confidence beyond just being paranoid.
None of the sites that I use have bought into the scaremongering about 1.6 yet, so I'll continue using it. Never had a problem with it so why change?
:cool:
The staff might have their own reasons that they don't want to reveal? Or is it the only good version after utorrent 1.6.1 that they want all users use the same in order to ease check on cheaters?
I was pretty damn sure about this.Quote:
that is a lie put out to get people to upgrade.
so why does some private trackers ban it ? :sadwalk:Quote:
Originally Posted by TheFoX
they dont have good coders that can actually test this issue ?
maybe we should post this thread in every private tracker forum ! :mellow:
i still hope sct and hdbits will change their minds again..
its quite stupid to read in the hdbits forum something like hey µ 1.6.1 is old, upgrade to 1.7.6!..
if they dont change it i will have to switch to another client i have no problems with as i always had funny time outs with 1.7.x versions.. and some other weird problems..
version 1.7.6 is finally starting to act stable finally. Still miss utorrent 1.6 though. Seem to can't let it go i guess..
I hate seeing that red bar when we click on files which is otherwise white in 1.6.1 lol
Best to keep everything up to date, good move for bittorrent trackers
+1
RevTT have also banned all version of utorrent except 176 :)
why are you happy about it?Quote:
Originally Posted by Forumas
and that a site bans a well working versions of a client doesnt proof anything..
if a large amount of users wants to stick to µ 1.6.1 there is no point in saying hey we ban the client bc we can..
if you dont have vista and dont use https the rss-reader there is no point in getting the new version..
or have i missed a major improvement in all these many new versions?
so bitmetv has allowed 1.6.1 ? correct ? :)
They have alowed 1.6.1 to remain revtt an admin confirmed it bitmetv it's on the front page i think now most trackers will allow it to stay
blame the +1 chain.
Let "A" be a person with an excellent reputation (say, staff of "high lvl" tracker or even say coders of utorrent) then the +1 chain is given as:
i forgot what comes after F :(Quote:
Originally Posted by F
http://x264.eu/
so more sites are sticking to the 1.6.1 version :)Quote:
uTorrent exploit
- it has come to light that the exploit actually does not affect 1.6.x so 1.6.1 is still the recommended version.
- interesting how it got so much worse after it was sold http://x264.eu/pic/smilies/confused.gif
where can I find 1.6.1 build 490?
probably oldversion.com (havnt checked but if its anywhere its there)
http://www.download3000.com/download_19049.htmlQuote:
Originally Posted by gatorade
:)
most trackers have unbanned 1.6.1, but why dont u just use the newer version?
http://oldversion.com/program.php?n=utorrentQuote:
Originally Posted by FatBob
Oldversion.com has many old versions stored for your most popular programs. Great site, check it out.
not on either of those two links
i havent see many trackers have unbanned 161 at all..can u tell some except waffles and what?Quote:
Originally Posted by broomhead
@sleepyy
its not true RevTT havent allowed or tell that they will allowed again 161..i have read forum and havent find anything abouth 161 be allowed there or i have missunderstand something else :P
@sokrates
lol im not happy and i really dont care,but many major sites have banned 161 and that is telling me somthing:)Quote:
why are you happy about it?
and that a site bans a well working versions of a client doesnt proof anything..
if a large amount of users wants to stick to µ 1.6.1 there is no point in saying hey we ban the client bc we can..
if you dont have vista and dont use https the rss-reader there is no point in getting the new version..
or have i missed a major improvement in all these many new versions?
i have also used 161 before but i dont see point of not upgradeing to new version..:)