DiskCryptor forum

Other => Chat / Freetalk => Topic started by: BigBro84 on October 19, 2009, 08:54:54 pm

Title: uTorrent built-in backdoor
Post by: BigBro84 on October 19, 2009, 08:54:54 pm
I have something to say for all security aware people in this forum.

In december 2008 my home was raided by latvian security police (former latvian KGB). In my protests about my computer containing sensitive passwords, one operative told that my computer have uTorrent installed, so they have all my passwords beforehand. I assume that the uTorrent have some sort of backdoor. Not to mention that my uTorrent was downloaded from official homepage and MD5 checksums correctly compared to official ones.

After that in another conversation with security police operative he denied all talks about backdoor and even told me that he does not even remember telling it.

So You have been warned! Maybe someone with good disassembling skills could take closer look at uTorrent.
Title: Re: uTorrent built-in backdoor
Post by: ntldr on October 20, 2009, 10:38:06 am
Hm, this is interesting. Please post you uTorrent version and md5 checksumm.
Title: Re: uTorrent built-in backdoor
Post by: BigBro84 on October 20, 2009, 02:00:47 pm
uTorrent 1.8.1 and before I have upgraded uTorrent versions 1.7.7; 1.7.6; 1.6.1 and 1.5

When I got my computer back, I checked uTorrent 1.8.1 checksums, and they matched original ones. There is always possibility that contents of my hard drive was altered when my computer was taken. But it's very unlikely that I have downloaded some special crafted backdoored version.

Currently my old hard drives contents is inacessible due to damaged SCSI cable.
Title: Re: uTorrent built-in backdoor
Post by: alkoro on October 20, 2009, 02:44:17 pm
one operative told that my computer have uTorrent installed, so they have all my passwords
Operatives is so operatives : ) its can be standard practice of intimidation and fraud. though, utorrent contain many vulnerabilities, who knows...
Title: Re: uTorrent built-in backdoor
Post by: BigBro84 on October 20, 2009, 11:05:02 pm
its can be standard practice of intimidation and fraud. though, utorrent contain many vulnerabilities, who knows...


They have no need to say such fraud in that situation. The chekist that told it later denied not only that it have a backdoor, but he denied even saying that. I guess it's top secret.

Just imagine the worlds most popular bittorrent client caught to secretly cooperate with spying agencies. Millions of users are potentially compromised. Maybe something to do with uTorrent being brought by BitTorrent Inc or maybe developers got blackmailed by goverment agents because it's generally a piracy tool. And what if uTorrent is not the only such software? The community must reevaluate the security of closed source software even if it's freeware.

If You don't believe what I'm saying, that's OK. If only few users who need to keep they data secret listen to me, then I have done my duty. Encryption software forum is right place for such people. For my personal usage I have found even better alternative to uTorrent. I will not say it's name, otherwise you will just think that I'm spreading FUD about uTorrent behalf of other project.
Title: Re: uTorrent built-in backdoor
Post by: defeind on October 22, 2009, 10:44:45 pm
better?

http://www.xirguard.com/de/products.php
Title: Re: uTorrent built-in backdoor
Post by: alkoro on October 23, 2009, 08:49:53 am
better?
Interesting. I have some questions about this device:
Who gives guarantee, that device have not backdoors ? How to get real proofs about it, I mean.
How to bootup OS from disk with this device? ...how to input password/key at POST-procedure.

not better nor worse, just another crypto decision.
Title: Re: uTorrent built-in backdoor
Post by: defeind on October 23, 2009, 01:32:42 pm
i spend ntldr one module, if interested ;)
he makes any firmwares ? :)


Title: Re: uTorrent built-in backdoor
Post by: aleksvolgin on October 23, 2009, 02:52:40 pm
Quote
http://www.xirguard.com/de/products.php
- бесполезная железка ИМХО, ещё один аппаратный крипт контроллер, коих десятки на рынке. Плюсов по сравнению с другими не вижу, разве что цена менее квадратная, чем у других.

С программным продуктом интереснее, т.к. он позволяет скрывать сам факт шифрования, с железкой такой трюк не пройдёт.
Title: Re: uTorrent built-in backdoor
Post by: BigBro84 on October 23, 2009, 05:12:11 pm
Why this conversation have gone offtopic from uTorrent bittorrent client to hardware encryption device?
Title: Re: uTorrent built-in backdoor
Post by: defeind on October 24, 2009, 02:27:42 am
utorent bat/agent.r logged passwords in background with software encryption,

utorent agent can not logging passwords with this hardware encryption,

offtopic ? :)

@aleksvolgin
not enova x-wall crap or so:)

xirguard have flexible field programmable gate array (fpga)


i have opened
if interested

(http://www.abload.de/thumb/xirgjcm7.jpg) (http://www.abload.de/image.php?img=xirgjcm7.jpg)
http://www.abload.de/image.php?img=xirgjcm7.jpg




Title: Re: uTorrent built-in backdoor
Post by: defeind on October 24, 2009, 06:37:54 am
@alkoro
xirguard have bios like this
(http://www.xirguard.com/bootup.jpg) (http://www.xirguard.com/bootup.jpg)
(http://www.xirguard.com/bootselect.jpg) (http://www.xirguard.com/bootselect.jpg)
(http://www.xirguard.com/menuselectlist.jpg) (http://www.xirguard.com/menuselectlist.jpg)
(http://www.xirguard.com/menu.jpg) (http://www.xirguard.com/menu.jpg)
you can set and manipulate ata-commands r/w , cyphermachine for profs,cypher rounds (128 - 3328bit),cypher id`s for groups of moduls and bios compatiblity settings
you can see ata errors read/write (crap sata cable)
open source software available from website to decrypt you hard drive (for hardware failure)
software works with same cypher method to encrypt/decrypt data
you knowing better, same or secure :) hardware ?
Title: Re: uTorrent built-in backdoor
Post by: defeind on October 24, 2009, 07:04:16 am
i like and use diskcryptor ! not wrong understand me :)
xirguard only interested me
i only used opportunity from thread
ntldr have interesting, i give him this module

offtopic off :)
Title: Re: uTorrent built-in backdoor
Post by: smilem on April 25, 2016, 06:04:41 pm
I know this thread is old, but it seems strange that what the author replied:

uTorrent 1.8.1 and before I have upgraded uTorrent versions 1.7.7; 1.7.6; 1.6.1 and 1.5

When I got my computer back, I checked uTorrent 1.8.1 checksums, and they matched original ones. There is always possibility that contents of my hard drive was altered when my computer was taken. But it's very unlikely that I have downloaded some special crafted backdoored version.

Currently my old hard drives contents is inacessible due to damaged SCSI cable.

You said you "got my computer back, I checked uTorrent 1.8.1 checksums"
But then you say "Currently my old hard drives contents is inacessible due to damaged SCSI cable."

Question: If cable damaged, how you were able to check "uTorrent 1.8.1 checksums" but not "drives contents"?