osm0sis Posted March 26, 2008 Report Share Posted March 26, 2008 From a notable private tracker, ~4 days ago:"1.6.1 was banned because ... we recently discovered a remotely (P2P) exploitable hole in it. The info on this exploit has been passed on to the developer, and we will not publish any further details on it."Is this legit? If so, does this exploit affect the 1.8 code tree or just put the final nails in the coffins of 1.6.1 zealots? Link to comment Share on other sites More sharing options...
DreadWingKnight Posted March 26, 2008 Report Share Posted March 26, 2008 There are already standing exploits (probably previous to this one, but this could be already fixed) in 1.6.1 that have been fixed in current trees that will NOT be backported to 1.6.1Regardless, 1.6.1 is less safe than 1.7.7 or the current 1.8.x development tree. Link to comment Share on other sites More sharing options...
osm0sis Posted March 26, 2008 Author Report Share Posted March 26, 2008 Well I know that, but some sites are still holding out on 1.6.1 (with some more tinfoiled ones going so far as to ONLY allow it) so if there are any show-stoppers maybe a bit of publicity is in order? Link to comment Share on other sites More sharing options...
jewelisheaven Posted March 26, 2008 Report Share Posted March 26, 2008 I don't think they should publicize things they fixed.. that's bad mojo.The developers and staff know what HAS been patched, and if others have POCs in the wild exploiting this I don't think they'd stop the publicity here. Take for instance the 1.7.6 and 1.7.7 holes... the tester was kind enough to report the first bugs on the forum before being asked to report additional security vulnerabilities to the devs directly Keep in mind 1.6.1 is old OLD now. Even the old stable 1.7.5 has been phased out on 90% of the swarms I frequent. I'm happy knowing that as people use their grey matter they understand and conclude nothing negative has changed in the client over the last two development cycles and they eventually come to the conclusion newer is better for uT Link to comment Share on other sites More sharing options...
osm0sis Posted March 26, 2008 Author Report Share Posted March 26, 2008 well i wish the holdouts would get over their reservations. Link to comment Share on other sites More sharing options...
jewelisheaven Posted March 26, 2008 Report Share Posted March 26, 2008 As you say the ones holding back are tinfoil-hat wearers... and don't deserve any notoriety except being seen as such.They choose to outlaw a more secure and more importantly SUPPORTED version of uT. As it is any users requesting official help are either told to upgrade or to go to the site they got the old version of uT from for support. I can only imagine the extra load this places on the site's resources. Of course another possibility exists.. the trackers' admin(s) may just not like uT. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.