Friendly reminder to update your favorite torrent client to

I use Freedownloadmanager

How fucked am I op?

>>52249179
You can keep posting this every day and people will still continue to use 2.2.1 because it has no problems what so ever for 5 years and counting. It will never ever die.

PoC?

>>52249258
With this much denial, of course you will.
You'll never see any problems with all the shit running in the background until one of them encrypt your files and demands a ransom.

that's why i always recommend utorrent 2.2.1, it's full of exploits. the majority of my botnet are machines that useutorrent. sad to see that the devs finally found one of my favorite exploits

rgod (Andrea) is the best, Italian researchers best researchers

>>52249179
Still no versions listed.
Still a useless site.

>>52250110
> The vulnerability relates to how BitTorrent and uTorrent handle URLs with the bittorrent or magnet protocol. By navigating the user to a specially formed link starting with bittorrent: or magnet:, an attacker can inject arbitrary command line parameters that will be passed to the BitTorrent or uTorrent executable. An attacker can leverage this vulnerability to execute code under the context of the current user.
All versions, except the latest ones of course, which have the vulnerability patched

>>52250044
Dimitri, go back to antichat.ru

>>52250069
Sploit code when? I want to fuck some shit up.

>>52250279
No versions listed
Still a useless site.

File: 1239910440967.png (40KB, 142x165px) Image search: [Google]

40KB, 142x165px

>don't use magnet links

why should i be worried?

File: yl_0.png (86KB, 302x302px) Image search: [Google]

86KB, 302x302px

>>52249179
But anon, surely this has been widely exploited, right?
Such a critical vuln.

Why do you care?
You can keep using your client of choice and other people can keep using theirs, even if it's "vulnerable".

>>52250544
Because any website could send you one at any time using js.

>>52250559
Your botnet nodes shit up the internet, that's why.

>>52250449
DIY fag

>>52250625
i dont have javascript

>>52250449
Not likely. All the 3.x.x kiddies will be auto-updating, and 2.2.1 can't execute anything.

>>52249179
qBit was buggy with its latest releases. I'm still on 3.2.4 Should I worry?

>>52250678
Yes.

>>52250671
>2.2.1 can't execute anything.
According to who? Is this your denial messing up your ability to reason again?

>>52250907
According to me. I made the program.

>>52250990
Of course you did faggot.

Whoever is still using utorrent or bittorrent in the current year deserves what they get.

>>52250907
It's a torrent client. That's it. You didn't know this?

>>52251121
Wtf are you even trying to say? utorrent is an executable. It executes executable code that make it do things. This is an exploit that makes the executable execute executable code from an outside source. Stop saying words you don't understand.

File: 1406560819341.jpg (6KB, 175x220px) Image search: [Google]

6KB, 175x220px

>trying this hard to move people away from god-tier client

>>52251389
>This is an exploit that makes the executable execute executable code from an outside source
No it doesn't.

File: 2016-01-05 19_17_57-µTorrent User Manual.png (80KB, 878x938px) Image search: [Google]

80KB, 878x938px

>>52249179
http://www.zerodayinitiative.com/advisories/ZDI-15-358/
>an attacker can inject arbitrary command line parameters
>under the context of the current user

http://www.scip.ch/en/?vuldb.76817
>The exploitation is known to be difficult.

>µTorrent command line parameters
>nothing exploitable
>µTorrent not started as administrator

>the worst that can happen is pages forcing µTorrent to take a big dump

Why should I be worried again?

>>52251672
So that's it?

I think I'll keep using 2.2.1 then.

>>52251672
1- Click malicious magnet link which is probably long and with some obfuscation
2- /LAUNCHBUNDLEDURL [Site with exploit kit]
3- Botnet´d

>>52251672
Great selective quoting there batman.
>An attacker can leverage this vulnerability to execute code under the context of the current user.
Whooops can't say that on a christian utorrent shill forum!

>>52252059
>an attacker can inject arbitrary command line parameters that will be passed to the BitTorrent or uTorrent executable. An attacker can leverage this vulnerability to execute code under the context of the current user.

Which command line parameters enable the arbitrary code execution?

Good thing 1.4.4 doesn't support magnet links, looks like I'm safe

ITT: Windows nerds all silently uninstall uTorrent, update it, or replace it, but continue to shitpost because they're contrarian kids.

File: maya - is dis nigga serious.png (286KB, 718x720px) Image search: [Google]

286KB, 718x720px

>>52252350

>>52252350
https://twitter.com/sadserver/status/593816908534714368

>>52252139
Idk but >>52251999 is not implausible.

>>52252350
This is how the mind of the utorrent apologist actually works.

>not using rtorrent

>>52251999
>Only use utorrent for what.cd
>use qbittorrent for public trackers
What do I have to be afraid of?

File: Capture.jpg (23KB, 832x126px) Image search: [Google]

23KB, 832x126px

>>52252386
>

>>52252939
If you have a browser exploit that can blow through AV, are you gonna waste it on tech savvy uTorrent users?
"Huh, opening this magnet link opened a browser window and now I have a new process taking 100% CPU. Hmmmm... MAYBE I SHOULD REPORT THIS?"

I'd be passing out the link on Facebook, not torrent sites.

>>52253764
Why on earth are you using two clients?

But I use torrent tornado

>>52254099
To keep them seperate, and because utorrent is set up specifically for use with what
Also I have over 2000 active torrents, and qbittorrent couldn't handle it

File: ebm9ksKnq2.png (110KB, 300x417px) Image search: [Google]

110KB, 300x417px

>>52249179
Well shit.. brb wiping errything.

That exploit requires the user to click on a malicious URL...

>>52253983
I wouldn't waste my time, but the NSA might

>>52256752
No, it requires your browser to load a malicious url.

>>52253983
>AV
I thought /g/ ran "common sense current year edition"?

>>52256784
The browser would have to associate the URL with µTorrent

>>52251672
1. Embed your malware.exe in the Torrent, and include it in your malicious URL
2. /DIRECTORY "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "C:\Users\%USERNAME%\AppData\uTorrent\Your.torrent"

=> malware.exe is executed after the next reboot

This should work assuming the command-line can parse %USERNAME%

Otherwise relative paths might work

>>52256825
>implying most people who have ever opened a magnet don't have it associated with their torrent client

>>52250003

I use write protected backups on a freenas server. I am safe from encryption attacks.

>>52249179
> July 20th, 2015
>

>>52249179

Where's the PoC?

>>52250625
That just opens the "Open file using..." window of firefox

File: haxor.gif (3MB, 320x180px) Image search: [Google]

3MB, 320x180px

>>52249179
>https://www.cvedetails.com/cve/CVE-2015-5474/
HOW
THE
FUCK

CAN YOU SCREW UP URL PARSING

H O W
O
W

>>52256961
Would you be as retarded as to not notice an unwanted malware.exe downloading in your client? That's obvious as fuck.

File: utorrent 2.0.4.png (180KB, 1582x746px) Image search: [Google]

180KB, 1582x746px

Why is everyone on 2.2.1? 2.0.4 is far superior.

File: puke.jpg (55KB, 312x312px) Image search: [Google]

55KB, 312x312px

>BitTorrent
>µTorrent
>2016

Faggots deserve everything they get.

>>52257557
I'm using 2.0.4, yeah
Disable magnet links for utorrent, use qb/deluge for public trackers and fuck OP who never will be in a private tracker

File: ny.png (74KB, 300x256px) Image search: [Google]

74KB, 300x256px

>>52257988
> fuck OP who never will be in a private tracker

>>52257988
You must really frequent some shitty special ed trackers if all they allow is one old vulnerable version of utorrent. I've yet to come across anything like that.

>>52257988
which is funny because utorrent is getting banned on more and more private trackers have been banning utorrent since their malware shenanigans.

>>52257529
Depends, if it is at the bottom of a folder chain in a torrent with several folders full of files it might be overlooked.

>>52253983
>every virus is easily detectable
Ya i'm sure you're going to figure out it was that torrent you downloaded months ago that's been stealing all of your passwords and credit card numbers.

Why would anyone use obsolete software, just use a different client like deluge, it's like still using windows xp because it just werks

File: 1380697092809.jpg (42KB, 479x720px) Image search: [Google]

42KB, 479x720px

>>52258785
>mfw i still use image editing software from 1997 because i hate change and never bothered to learn gimp or photoshop.

So, you need to click some magnet link in some insecure and shady as fuck site and have no AV no firewall and a broken web browser to be harmed by that utorrent thing?

>>52259022
Correct, if you use an AV or a firewall you are (of course) perfectly safe.

>>52259156
>>52259022
drink any more of that kool aid and you're gonna pee your beds :^)
http://www.examiner.com/article/how-to-handle-a-virus-that-disables-your-anti-virus-software

qbittorrent is way shittier than utorrent 2.2.1 but i guess ill have to live with it for extra security