(OT) Bit Torrent usage ...

[Adam Gibson]

bruce wrote:
> there is no security issue, other than the fact that
> you need to specify/open ports, and you need to 'trust' your client app.

That 'client' app designation is now blurred though.  By opening up 
ports it is making your desktop system a server in the sense that 
anonymous users can connect to your system and send arbitrary data to 
the BitTorrent 'client' running on your system.  So now you have to 
trust that the 'client' app handles anonymous incoming connections and 
the data that is sent to it in a secure way.  For users of the official 
python BitTorrent not only do you have to trust that BitTorrent is coded 
correctly but you also have to trust that Python does not have any 
security issues that might be triggered by a properly coded python 
program.  I don't know of any security issues with the source to Python 
or BitTorrent but I doubt anyone could say it does not have any 
exploitable security issues as a fact.

IMHO opening ports so that anonymous users can connect and send data to 
a program running on the user's desktop should throw up red flags for 
many security cautious users.

Imagine what would happen if some PTP app had a security flaw that was 
exploitable by sending data to the opened port.  Evil hackers could have 
a field day.  I don't think end users think about this though so they go 
by the PTP programs directions to open ports thinking that it is just 
normal to do so.

With that said though I still use BitTorrent at home but I isolate it 
from my LAN.  I place the BitTorrent client on a system that is on a 
physically different firewall interface than my LAN which has no access 
to the internal LAN.