(OT) Bit Torrent usage ...
Adam Gibson
agibson at ptm.com
Wed Jul 27 22:15:06 UTC 2005
bruce wrote:
> there is no security issue, other than the fact that
> you need to specify/open ports, and you need to 'trust' your client app.
That 'client' app designation is now blurred though. By opening up
ports it is making your desktop system a server in the sense that
anonymous users can connect to your system and send arbitrary data to
the BitTorrent 'client' running on your system. So now you have to
trust that the 'client' app handles anonymous incoming connections and
the data that is sent to it in a secure way. For users of the official
python BitTorrent not only do you have to trust that BitTorrent is coded
correctly but you also have to trust that Python does not have any
security issues that might be triggered by a properly coded python
program. I don't know of any security issues with the source to Python
or BitTorrent but I doubt anyone could say it does not have any
exploitable security issues as a fact.
IMHO opening ports so that anonymous users can connect and send data to
a program running on the user's desktop should throw up red flags for
many security cautious users.
Imagine what would happen if some PTP app had a security flaw that was
exploitable by sending data to the opened port. Evil hackers could have
a field day. I don't think end users think about this though so they go
by the PTP programs directions to open ports thinking that it is just
normal to do so.
With that said though I still use BitTorrent at home but I isolate it
from my LAN. I place the BitTorrent client on a system that is on a
physically different firewall interface than my LAN which has no access
to the internal LAN.
More information about the fedora-list
mailing list