Software maker Opera's decision to support BitTorrent has added to some security experts' worries that applications which require open connections through firewalls are becoming increasingly popular. Last week, the Norwegian company revealed that its latest technical preview adds support for downloading BitTorrent files, or torrents.
BitTorrent, a peer-to-peer protocol that speeds files sharing by allowing every client to serve up pieces of a large file, requires that firewalls allow connections to the client software. With the adoption, the alternative Internet browser is the latest application to ask users to open ports, the numerical addresses that software applications use for communication. Some voice-over-Internet applications also require a direct connection to the Internet and need ports to be open if the hardware is placed behind a firewall.
If such applications grow more popular, security may suffer, said Johannes Ullrich, chief research officer for the Internet Storm Center, a network-threat monitoring service hosted by the SANS Institute. "Opening more ports is never a good idea," he said. "Adding more functionality to heavily attacked applications like Web browsers isn't that great (of an idea) either."
Read the complete article
Apparently the implemention sucks (very dated) and may not make it into a final release. :icon_puke
I may block any Opera connections to my BT client, as a safety measure.
This article was on security focus too. This article should not have gotten so much publicity, its rediculous. Obviously added features increases the attack surface. However YOU HAVE TO LISTEN ON A PORT FOR P2P TO WORK. LimeWire, Azureus and the mainline BitTorrent client are all written in a secure languages. The threat of remote exploitation is very small. You can't cripple the software and call it secure, like Microsoft.
my PC is largely at risk. i have a shitty linksys router and port forwarding just simply refuses to work properly. sharaza, BT and my FTP just simply dont work if the router is present (well, shareaza and BT work... if you can call it working). in desparation, i have even opened every port and it still doesnt work right.
Posting Permissions
Reply With Quote
Bookmarks