Limewire - MUST UPDATE? no reason given?

**mahogony** · March 14th, 2005, 06:10 AM

>Security Update!!
>All LimeWire users of versions prior to 4.8 must upgrade.

The above is off LW's own site - any ideas what all the panic is about?

John W. Lindh · March 14th, 2005, 08:14 AM

I have a hunch what the source of this security problem may be and I suppose the LimeWire people don't want to be more specific so nobody malicious can exploit this security problem.

It is very likely possible to use this bug to distribute trojans and virii over LimeWire, so I'd rather update if I were you.

**Unsueable Davey Brown** · March 14th, 2005, 09:43 AM

Weird. I was going to download Limewire today, and try it out. Now I think I'll wait.

The one I hate is when they force a "security" update on you, then you notice your internet connection is slowing intermittedently throughout the day as it connects automatically now for more updates. The next thing you know - spyware.

**infringer** · March 14th, 2005, 11:55 AM

Hehe I wouldnt worry there is probably security flaws in every P2P application...

But hell if they patched up one it was probably a publically known flaw and if patched correctly it would render the attack useless.

-infringer-

**hasturi** · March 14th, 2005, 12:36 PM

"Summary: Recent versions of the LimeWire client contain vulnerabilities that allow a remote user access to many or all files on a users machine."

See http://www.securityfocus.com/archive/1/393146 for details.

**mahogony** · March 15th, 2005, 11:03 AM

So, it's all been fixed with version 4.8.1. Thank the lord for open source code. Looks like you were close to the mark there John. W - I can understand why no info was released untill the need to update was spun round the globe.

**crackerjacker** · March 18th, 2005, 11:27 AM

Originally Posted by John W. Lindh

I have a hunch what the source of this security problem may be and I suppose the LimeWire people don't want to be more specific so nobody malicious can exploit this security problem.

It is very likely possible to use this bug to distribute trojans and virii over LimeWire, so I'd rather update if I were you.

I updated. btw have u tried the new add on tool to filter out spam via limewire?
its called limwire credence

**crackerjacker** · March 18th, 2005, 11:28 AM

here john and others who are curious read it and if u wanna download it do it, i downloaded it scanned it for viruses installed it and is using it now.

http://www.cs.cornell.edu/People/egs/credence/

**Evil Intentions** · March 18th, 2005, 01:04 PM

Does this not have something to do with my previous news post? http://www.zeropaid.com/bbs/showthread.php?t=27450

**riderx** · March 18th, 2005, 09:38 PM

Originally Posted by Evil Intentions

Does this not have something to do with my previous news post? http://www.zeropaid.com/bbs/showthread.php?t=27450

well um this thread was made before your thread look at the date, and besides at the time this was several days old too because another thread had told users to update the client.

when u posted about the security update then it made sense to post in the other thread.
so yeah it has relevance to that thread, but this thread was made first.

your thread gave a reason for others to upgrade the limewire client tho.
cheers