Pirate Bay Browser Streaming Technology Is a Security and Privacy Nightmare

An anonymous reader writes: Last week the Pirate Bay added support for streaming video torrents inside the browser in real-time. Kickass Torrents followed the next week. The technology they used is called Torrents Time. A security researcher has discovered that this technology which is a mix of client and server side code is actually a security and user privacy disaster. Attackers can carry out XSS attacks on TPB and KAT, the app runs on Mac as root, attackers can hijack downloads and force malicious code on the user's PC, and advertisers can collect info on any user that has Torrents Time installed.

Next on the news...

[MitchDev]

MPAA and RIAA releases tainted movies and music on torrents themselves...

Re:Next on the news...

[gstoddart]

You don't need to hear their name, the US government has now been tasked to do this shit on their behalf, they just write the text of the laws and treaties behind the scenes.

You don't think ICE policing copyright because they're under the control of DHS was an accident, do you?

Once the agency with the keys to the kingdom polices copyright, you can be more in the background.

Re:Next on the news...

[CeasedCaring]

MPAA and RIAA releases tainted movies and music on torrents themselves...

Didn't they merge to become MAFIAA (Music And Film Industry Associations of America)?

Re:Next on the news...

[JustAnotherOldGuy]

You don't need to hear their name, the US government has now been tasked to do this shit on their behalf, they just write the text of the laws and treaties behind the scenes.

This is, sadly, an extremely accurate description of how things work now. The corporations provide "advice" and "policy position consulting" in the form of fully-written bills and treaty amendments, and the law makers just staple them into the binder.

I'm not kidding in the least, this is literally how it woks these days.

"the app runs on Mac as root"

This isn't a security issue! Modern app appers know that ONLY apps can app other apps, so if you're apping The Pirate App, then only that app can app your apps!

Apps!

Shady thevies do shady things to computers

[naris]

News at 11!

Re:Active content *is* a priv & sec nightmare

[gstoddart]

As long as the dried up lame bed (lake?) has text, we don't give a crap.

Some of us still prefer to get information in the form of text, and not video ... and animate whirligigs and other crap add nothing to the experience.

But, really, in terms of not trusting javascript? That really should be common sense by now.

Re:So?

[houghi]

Who expects privacy and security when they use Internet ?

Fixed that for you.

Re:I hope they hack Linux and BSD users

[Rik+Sweeney]

That's right! One renders your system inoperable, the other is a Windows fatal system error.

(ducks)

Re:Oh dear balls.

[tnk1]

Even The Pirate Bay itself is quite hacked code.

Remember that these softwares are made by amateurs who spent their time downloading warez instead of getting proper professional programming education.

Actually, I doubt that they lack CS education. What they lack is QA. "Good" developers with educations let this sort of shit through all the time. The businesses who make software actually make an effort to test their software for security and functionality.

The problem with these guys is that coding is sexy, QA is not.

Re:Rome was not build in one day

[wonkey_monkey]

Or just have some patience. Bloody kids.

When I were a lad, it took days to download a 700mb Xvid DVD rip at 640x360 resolution. And we felt blessed.

A couple of hours to download a 1080p MKV with 5.1 sound? Luxury!