begin quoting Gus Wirth as of Tue, Dec 05, 2006 at 03:30:51PM -0800: [snip] > What the hell was running a web server locally on port 45100? Answer: > Azureus > > So here we have an undisclosed service running on an undocumented port > that is remotely controllable by a foreign web site. Well, it is open > source so I guess I could have read the source code before using it. > > I wonder what other things are built into Azureus that I don't know > about? Time to look at that source. I wonder what else I'm using that > could do something like this? Almost anything.
I gave up on Azureus when it wouldn't run in a locked-down Java sandbox (allowing network access and some filesystem access to /tmp). IIRC, it wanted to load a custom classloader (which can subvert the sandbox). > Just because you're paranoid doesn't mean they aren't out to get you. I don't trust developers who add features that subvert security mechanisms. -- _ |\_ \| -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
