A dissection by Andrew Sampson, as well as people on the /r/Piracy subreddit, has thrown up a few worries about how the plugin works. At heart, Torrents Time is trying to run an entire torrent client in a webpage and using a service, which leads to some “creative” programming, and some serious security flaws. The most egregious is the abuse of cross-origin resource sharing (CORS), a mechanism that lets one webpage request resources from another webpage. Sampson shows that because of how it’s set up, it proves to be a gaping security hole that could compromise what you download, not to mention your real IP address—not good for something used for illegal downloads. - Chris Mills, Gizmodo [via/web:http://streaming-tv.us]
Streaming-TV on Blogger has moved to its new home at: http://streaming-tv.us Come check us out!
No comments:
Post a Comment