Re: (OT) Bit Torrent usage ...

From: Adam Gibson (agibson_at_ptm.com)
Date: 07/28/05

  • Next message: Jonathan Pickard: "RE: YUM - What is happening during update? (FC2 + Legacy)" 
    Date: Wed, 27 Jul 2005 18:15:06 -0400
To: bedouglas@earthlink.net, For users of Fedora Core releases <fedora-list@redhat.com>

    bruce wrote:
    > there is no security issue, other than the fact that
    > you need to specify/open ports, and you need to 'trust' your client app.

    That 'client' app designation is now blurred though. By opening up
    ports it is making your desktop system a server in the sense that
    anonymous users can connect to your system and send arbitrary data to
    the BitTorrent 'client' running on your system. So now you have to
    trust that the 'client' app handles anonymous incoming connections and
    the data that is sent to it in a secure way. For users of the official
    python BitTorrent not only do you have to trust that BitTorrent is coded
    correctly but you also have to trust that Python does not have any
    security issues that might be triggered by a properly coded python
    program. I don't know of any security issues with the source to Python
    or BitTorrent but I doubt anyone could say it does not have any
    exploitable security issues as a fact.

    IMHO opening ports so that anonymous users can connect and send data to
    a program running on the user's desktop should throw up red flags for
    many security cautious users.

    Imagine what would happen if some PTP app had a security flaw that was
    exploitable by sending data to the opened port. Evil hackers could have
    a field day. I don't think end users think about this though so they go
    by the PTP programs directions to open ports thinking that it is just
    normal to do so.

    With that said though I still use BitTorrent at home but I isolate it
    from my LAN. I place the BitTorrent client on a system that is on a
    physically different firewall interface than my LAN which has no access
    to the internal LAN. 

    -- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: Jonathan Pickard: "RE: YUM - What is happening during update? (FC2 + Legacy)"

    Relevant Pages

    • Re: Allow User Interactive Login to Server
      ... Actually there is even more in the way of security that I am confronted ... Running the client app on the server is ... client could see who is walking in to log in. ...
      (microsoft.public.windows.server.sbs)
    • Direct client access to DB
      ... Presently I have a client/server app that gives clients ... Security is controlled in the database via rights ... to see as the connection would be outside of the security ... enable multiprotocol encryption on the client and server, ...
      (microsoft.public.sqlserver.security)
    • Re: Direct client access to DB
      ... > direct RW access to the DB (ie User Joe logs into the app ... Additional row-level security is enforced via the ... > to see as the connection would be outside of the security ... > enable multiprotocol encryption on the client and server, ...
      (microsoft.public.sqlserver.security)
    • Re: Access 2002 Security on multiple workstations
      ... > I am trying to learn on the fly about Access Security for an app we ... I realize Access security is an advanced subject ... > I also have two Client PC's: Client1 and Client2 who use MyApp. ... You need to start over with the proper security FAQ documents and follow all ...
      (comp.databases.ms-access)
    • Re: Socket connect vs. bind? What is the difference
      ... clients using the same IP Address and different ports. ... of my experience has been ceneterd on thin client. ... My app works, it's just I want it to work in a debug regard. ... of the little recipients will have different local ip's but, ...
      (microsoft.public.dotnet.languages.csharp)