Choosing a cloud hosting partner with confidence
Popular file sharing platform BitTorrent Sync is 'probably' leaking hashes to its website and access to shared data, a group audit has found.
The platform downloaded some 10 million times allowed users to synchronise data over networks using encrypted peer-to-peer at speeds said to be 16 times faster than Dropbox, using architectures intentionally designed to be secure.
The research group operating under the popular Hackito conference said security flaws the severity of which was unconfirmed could be the result of a backdoor to facilitate tapping by the National Security Agency and friends.
"[A] change of sharing paradigm that introduced this vulnerability happened after the first [Bittorrent Sync] releases," the group wrote in a report.
"This may be the result of National Security Letters, from [the] US Government to businesses to pressure them in giving out the keys or introducing vulnerabilities to compromise previously secure systems that could have been received by BitTorrent Inc and / or developers."
One BitTorrent Sync staffer 'kos13' moved to quash the security hole was a deliberate backdoor.
"[The] researcher hasn't found anything bad, besides [a] few crashes on random tests.
"There is nothing even close to 'Bittorrent Inc has access to all your encrypted files'."
They said the company was working on a more detailed response.
Seven security issues marked high severity were reported including some in a web admin interface and various leaks.
Five medium vectors were found including dependence on possibly insecure architecture and leaking of IP addressees to trackers.
Readers could follow the technical analysis, or community commentary.
Remote control for virtualized desktops
from ffffff http://go.theregister.com/feed/www.theregister.co.uk/2014/11/18/cries_of_spies_as_audit_group_finds_possible_backdoor_in_bittorrent_sync/
via IFTTT
Entradas
0 comentarios:
Publicar un comentario