Your Ad Here Your Ad Here
Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Serious Security Problem In Fasttrack Apps

  1. #1
    Colt Seevers's Avatar P()()p!3 $CR/-\P3R$ BT Rep: +3
    Join Date
    Oct 2002
    Location
    Glasgow
    Posts
    1,764
    Probably old news to alot of you with your finger on the pulse... did i miss this on the forum?? here's what i caught on afterdawn.com

    A security researcher, known only by his nickname Random Nut, has found a severe bug in FastTrack P2P protocol that can be used to crash or take control of so-called "supernode" computers in the P2P network. Supernodes are P2P users that have "sufficient resources" to act as supernodes and they hold together "nodes" (normal users), connect to other "supernodes" and deliver the search results within their node networks.
     
      According to Random Nut's comments, he informed Joltid (the American subsdiary of Kazaa BV, Netherlands-based company that owns the FastTrack technology, although not any of the clients, such as Kazaa, anymore) about the bug two weeks ago, but didn't get any reply back. This week he informed kazaa.com about the vulnerability and now at least Sharman Networks, who develops the Kazaa client, has reacted. Sharman has promised to issue a bugfix within next 24 hours.
     
      Other FastTrack-based applications are vulnerable to the bug as well -- these include Kazaa Lite (and all its variations), Grokster and iMesh. Random Nut hasn't disclosed the exploit code: "I don't want some little script-kiddie to close down all of the [FastTrack] network or parts of it".
    hmmm, good call RN! "Security Researcher" I like that term.... B)

  2. File Sharing   -   #2
    Just heard that story, here is the story with a little more information.

    Full story here

    The patch to cover the flaw will be available at www.kazaa.com within the next 24 hours

  3. File Sharing   -   #3
    I never told the reporter anything about me and he quotes me as being a security researcher. I can't blame him, he's a reporter after all. Make things up all the time.

  4. File Sharing   -   #4
    Poster
    Join Date
    Sep 2002
    Posts
    1,233
    Originally posted by random coconut@27 May 2003 - 20:45
    I never told the reporter anything about me and he quotes me as being a security researcher. I can't blame him, he's a reporter after all. Make things up all the time.
    It's easier for them to assume you're a 'security researcher' because of the results of your hacking...
    than for them to say 'this was discovered by someone who is out to destroy Kazaa by the creation of Kazaa Lite++'.

    The media has a funny way of treating hackers. We're forced to wear many hats because none fit us.

    offtopic:
    I guess this makes anyone who does searches on Google into family tree information a private investigator.

  5. File Sharing   -   #5
    Forum Star
    Join Date
    Jun 2002
    Posts
    1,407
    random nut said that he may write a patch for Kazaa Lite too in a couple weeks from now.


    To exploit this bug you need to have the encryption code of the FastTrack protocol. So not everyone can just use the exploit. I wouldn't worry to much at this point.

  6. File Sharing   -   #6
    Originally posted by random coconut@28 May 2003 - 02:45
    I never told the reporter anything about me and he quotes me as being a security researcher. I can't blame him, he's a reporter after all. Make things up all the time.
    Who are you?

  7. File Sharing   -   #7
    Colt Seevers's Avatar P()()p!3 $CR/-\P3R$ BT Rep: +3
    Join Date
    Oct 2002
    Location
    Glasgow
    Posts
    1,764
    Random Coconut .......maybe related to Random Nut...our Hero


  8. File Sharing   -   #8
    Uh, I'm random nut.

  9. File Sharing   -   #9
    Poster
    Join Date
    Dec 2002
    Location
    England
    Posts
    2,468
    Originally posted by random coconut@29 May 2003 - 09:13
    Uh, I'm random nut.
    Why did you change your name Mr Nut?

    Was the preasure of fame getting to you..

  10. File Sharing   -   #10
    I changed my password...

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •