签到天数: 3589 天 [LV.Master]顶级配置
|
marioaaa
发表于 2018-03-25 07:14:44
本帖最后由 marioaaa 于 2018/3/25 07:48 编辑
自行搜索ut3.x系列漏洞。我是混PT的。是在2018-02-25各大PT站发布的公告。现各大PT站已强制暂停使用 ut 3.x 版本,回退到 ut 1.8 2.0.4 或 2.2.1。并在设置里关闭 WebUI 功能,和在高级设置里禁用 net.discoverable。
公告如下:
2018-02-25 - 关于禁止UT3.x系列的通知
原文如下:
Google Project Zero researchers are warning of two critical remote code execution vulnerabilities in popular versions of BitTorrent’s web-based uTorrent Web client and its uTorrent Classic desktop client. According to researchers, the flaws allow a hacker to either plant malware on a user’s computer or view the user’s past download activity.
By default, utorrent create an HTTP RPC server on port 10000 (uTorrent classic) or 19575 (uTorrent web). There are numerous problems with these RPC servers that can be exploited by any website using XMLHTTPRequest(). To be clear, visiting *any* website is enough to compromise these applications.
These flaws may be compromised and then your computer will be controlled by hackers remotely. Not only the utorrent files, settings, storage spaces, but your whole computer. For your own security, please consider stop using utorrent 3.x. uTorrent 1.8~2.2 should avoid this vulnerability, but you should leave WebUI disabled, and disable net.discoverable in ut advanced settings (enabled by default).
谷歌安全研究员近日发现了 utorrent 客户端中的致命漏洞,该漏洞同时影响 utorrent 桌面版和网页版。这个漏洞允许远程攻击者通过 ut 占领你的电脑,控制你的行为。
为了你的个人信息安全,ut 用户请注意:请暂停使用 ut 3.x 版本,回退到 ut 1.8 2.0.4 或 2.2.1。并在设置里关闭 WebUI 功能,和在高级设置里禁用 net.discoverable (默认是开启的,双击禁用)。
最近发现的uTorrent的漏洞详细信息:(要梯子)
https://bugs.chromium.org/p/project-zero/issues/detail?id=1524
|
评分
-
| 参与人数 1 | 硬盘 +2 |
收起
理由
|
 NameLess | + 2 |
有意义的内容予以鼓励~ |
|
楼主|
NameLess
发表于 2018-03-25 10:59:36
