New York Web Design News May 27 2003, the latest breaking New York Web design news brought to you by,
Web Designs Now,Website Designs Now,New York Web Design Homepage,Web Design Services for New York, Connecticut, Long Island,New York Web Design Client Testimonials,Website Portfolio of New York Web Design, About this New York Web Design Firm,Contact this New York Web Design Firm

Kazaa's Serious Vulnerability
Web Design & Technology News, May 27, 2003

Microsoft Pulls Windows XP Update
Google 5X Faster?
Kazaa's Serious Vulnerability
SPS Receives $18M
Web Services to Alter Consulting
W3C Makes Patent Ban Final
Web Services 'Yellow Pages'
MS Launches Antivirus Info Site
Surfers On High-Speed Waves

Yahoo! Searches Public Eye
Fizzer Worm Spreads
E-Business Bounces Back
Dot-Coms Regain Their Luster
E-commerce Grows Nicely
USA Interactive Soars
Google Tops Competition
Yahoo! Acquires Inktomi

More Web Design News:
2008 Current News
2008 June
2007 June
2007 May
2007 March
2006 November
2006 September
2006 August
2006 July
2006 June
2006 May
2006 April
2006 March
2006 February
2006 January
2005 December
2005 November
2005 October
2005 September
2005 August
2005 July
2005 June
2005 May
2005 April
2005 March
2005 February
2004 March
2004 February
2004 January
2003 December
2003 November
2003 October
2003 September
2003 August
2003 July
2003 June
2003 March - May


May 27, 2003

Users of file sharing programs such as Kazaa and iMesh are urged to install a security patch after a serious bug was discovered in their underlying network.
By Patrick Gray

A security researcher recently found a potentially critical vulnerability in the program which drives the FastTrack network. FastTrack is used by peer-to-peer software service including Kazaa and iMesh. Joltid, the maker of FastTrack, initially said the flaw was not serious, but has since done an about-face and plans to plug the loophole.

The makers of Kazaa will release a patch within the next 24 hours and are urging customers to install it as soon as possible.

According to the original security advisory, published on the Full Disclosure security mailing list, attackers can take control of or crash the FastTrack "supernodes" that file swappers connect to.

"It's definitely a serious risk. Just ask anyone if executing arbitrary code is a serious risk or not," the researcher said.

Identifying himself only by his pseudonym, Random Nut, he said he went public with the vulnerability after waiting nearly two weeks for Kazaa and Joltid to get back to him.

"On Tuesday May 13, 2003, I e-mailed a guy at Joltid, and about two days later I filed a bug report at (the Kazaa Web site). Yesterday, after reading it on Full Disclosure, someone working for Joltid contacted me. He told me that the guy I e-mailed had been on a long honeymoon."

Although he has exploited the vulnerability, he will not make the exploit code public.

"I haven't released the exploit code. I don't want some little script-kiddie to close down all of the network or parts of it," he said.

A representative for Sharman Networks, the company behind Kazaa, told ZDNet Australia it had been informed by Joltid that the issue wasn't serious.

"As a licensee, Sharman Networks has been advised that the security of the FastTrack peer-to-peer technology is not under any significant risk," she said. Kazaa will use information provided to them by Joltid in authoring a patch.

"Sharman Networks has been provided with an update from the FastTrack's licensors which addresses this issue," it said in a statement. "The latest update will be available for download within 24 hours, and we encourage users to install it as soon as possible."

Web Designs Now
Back to the Top
 © Copyright 2007, All rights reserved  |  Privacy Web Design Forums  |  Web Design News  |  Advertise  |  About Us  |  Contact Us  |  W3C HTML 
 Related Websites: New-York-WebDesign.com