Short Bytes: Today in its blog, BitTorrent announced that it has fixed a vulnerability that allowed the attackers to take down websites by carrying out distributed reflective denial of service attacks (DRDoS).
However, Christian Averill, Vice President of Communications and Brand for BitTorrent, tells fossBytes that such an attack has not been observed in the wild. He states: “First, it’s important to understand that this is a theoretical scenario and that such an attack has not been observed in the wild. Florian Adamsky and his co-authors conducted an experiment in a controlled environment producing the results presented in the paper.”
In his recent blog post, he outlines the fact that the BitTorrent engineering team has mitigated any distant possibility of such an attack. In another post, Francisco De La Cruz, software engineer on the uTorrent/BitTorrent team, tells how such an attack works and further explains the steps taken by his team.
Christian tells fossBytes that Florian and the co-authors reported their findings to BitTorrent team responsibly few weeks back and they have issued a fix to the torrent client.
He also shares an interesting point about the vulnerability in Sync. “Even before the recent updates to Sync, the severity of the vulnerability was reduced by a few factors. First, the attacker would have to know the Sync user they are trying to exploit to get their “Secret” – or the Sync user would have to have exposed that “Secret” publicly in some way. In addition, Sync, by design, limits the amount of peers in a share making the attack surface much smaller. It would not serve as an effective source to mount large-scale attacks,” he explains.
Having something to add? Share your opinions through comments.
Also read: Top 10 Most Popular Torrent Websites of 2015