|
|
|
|
|
|
by simias
4653 days ago
|
|
|
I don't understand, if the user is prompted to download the file using an external application it's no different than a direct download. If users have their browsers configured to automatically start the download of any .torrent files without confirmation, twitter giving bogus .torrent is no more dangerous than $malware_site linking a .torrent. So that's not a security issue on twitter's site. And anyway, I still fail to see how downloading a file (through bittorent or otherwise) constitutes a security breach on its own. Unless of course the bittorent client auto-executes binaries when it's done downloading, but that's just silly (and still nothing to do with twitter's security policy). |
|
|
1. User configures browser to automatically start torrent downloads when a ".torrent" link is clicked
2. User clicks twitt button which leads to a torrent file
3. The file is downloaded and opened in a torrent client
At this point, one could imagine a specifically crafted torrent file which exploits some vulnerability of the torrent client to gain (say) arbitrary code execution and now the user is, to use a mild term, screwed.
This attack could be used by any malicious site, really, but it's easier to get people to click a twitt button rather than some link on some site and besides, by preforming the attack this way the attacker would infect a sizable chunk of all internet sites (any site that uses the twitt button).