AfterDawn: Tech news

Serious security problem in FastTrack apps

Written by Petteri Pyyny (Google+) @ 27 May 2003 8:52

A security researcher, known only by his nickname Random Nut, has found a severe bug in FastTrack P2P protocol that can be used to crash or take control of so-called "supernode" computers in the P2P network. Supernodes are P2P users that have "sufficient resources" to act as supernodes and they hold together "nodes" (normal users), connect to other "supernodes" and deliver the search results within their node networks.
According to Random Nut's comments, he informed Joltid (the American subsdiary of Kazaa BV, Netherlands-based company that owns the FastTrack technology, although not any of the clients, such as Kazaa, anymore) about the bug two weeks ago, but didn't get any reply back. This week he informed kazaa.com about the vulnerability and now at least Sharman Networks, who develops the Kazaa client, has reacted. Sharman has promised to issue a bugfix within next 24 hours.

Other FastTrack-based applications are vulnerable to the bug as well -- these include Kazaa Lite (and all its variations), Grokster and iMesh. Random Nut hasn't disclosed the exploit code: "I don't want some little script-kiddie to close down all of the [FastTrack] network or parts of it".

Source: Silicon.com

Previous Next  
Comments have been disabled for this article.

News archive