Bit Torrent

[ampm2003]

Hi people,
It's been a while since my last post (too much to study and little time to do so) yet i'm still here. I was wondering if anybody knows who secure bit torrent is. I'm not asking about files which can be downloaded by it; because as we all know those files can't never be 100% trusted. My question concerns, on the other hand, security networking issues; i mean has any exploit been dicovered or developed for it (as the now matrix famouse SSH expliot for i.e.). Or is it possible to gain access to a bit torrent user's box while he/she is sharing/downloading files?
I've searched AO forums for info about it and only found one incomplete post, which really didn't go thorougly trought the subject at all. It was posted on 06-03-2003.
Well people that's all hope anybody can help me, as i like to have (as we all, i assume) my box as secure as possible.
Thanks in advanced...
AMPM2003.

[manicchester]

I found a link with some information about bit torrent....hopefully that can be of some help to you...http://www.lickmytaint.com/bt/monduna/faq.html ....Let me know if that is what you were looking to find.

[ampm2003]

Thanks manicchester, Think U hit it; i've just had a quick glance to the page you've recommended me; but for what 'ive seen i thing it is just what i was looking for.
Hope i can help ypu some time...
regards..
Ampm2003

[manicchester]

Hey, no problem at all...anything I can do to help someone out. Let me know if you have any other problems or whatnot that you'd like some help with. Have a good one!

[Viper2026]

Well I would think that BT is no more or less safe than using other P2P software. If there's a direct connection established you're never gonna be 100% safe, but you can assume you're not connected to someone who really knows what they're doing and is gonna try to break your comp.

[j3r]

The official BitTorrent is written in Python, which is pretty much immune to buffer overflows and the like. Like Java, the language itself is immune, the underlying runtime may have vulnerabilities. Another thing to note about Python is that most of the standard libraries are also written in Python, so the amount of C code is quite small. This code has, AFAIK, been audited for security, so I suspect it's pretty solid (Pretty solid in the sense that OpenBSD is pretty solid).

(Note: the official Mac BitTorrent client has about 6 files written in Objective-C, which is not inherently safe. These all appear to be UI modules, so it's quite unlikely that there could be a remote exploit against them. And since BitTorrent is not setuid, a local exploit would be rather silly. I expect that other platforms have the same type of setup.)

Also, each chunk of the file you download has a MD5 checksum, so an unscrupulous peer cannot give you something different than you expected.

Now, you should realize that pretty much the entire world can find out what you're downloading. The torrent file contains the name, size, and MD5 checksums of the file, and the tracker will happily tell people what your IP address is and how far along your download is. You might consider this information leakage.

All in all, though, it appears that the official BitTorrent should be among least of your concerns, if you're worried about remote exploits.