Read this and tell me if you really think it unlikely that whoever performed the mitm there wouldn't be able to or interested enough in doing similar things to known seedbox hosts, distributors, or just whoever is distributing information they'd rather not be.
Qbittorrent is one of the most be popular choices for hosted bittorrent seeders across the world. This was trivially exploitable for anyone with access to the right network path for >10years. Sure it'd have to be targeted to qbittorrent users but I don't think much individual targeting is needed if you aim for dozens, hundreds, thousands, or just as many as you can of them.
Besides sketchy government-related entities with legal wiretapping capabilities, you also have well-funded private interest groups on the malicious side.
First of all those are linux boxes that not effected by this.
Second, attacker here had a valid certificate, it was only noticed when certificate expired (so 6 months after, since it was LE cert).
> Besides sketchy government-related entities with legal wiretapping capabilities, you also have well-funded private interest groups on the malicious side.
If you're targeted by goverment-related entities you probably shouldn't run windows and torrent software.
Are hosted servers typically running Windows? The Linux version doesn't download Python (generally your package manager would do that). I would expect updates to qbittorrent are also handled by the package manager on Linux.
Generally not. Seedbox services are heavily cost-driven; running a Windows install for each client would add a lot of unnecessary hardware and licensing costs.
https://news.ycombinator.com/item?id=37961166
Read this and tell me if you really think it unlikely that whoever performed the mitm there wouldn't be able to or interested enough in doing similar things to known seedbox hosts, distributors, or just whoever is distributing information they'd rather not be.
Qbittorrent is one of the most be popular choices for hosted bittorrent seeders across the world. This was trivially exploitable for anyone with access to the right network path for >10years. Sure it'd have to be targeted to qbittorrent users but I don't think much individual targeting is needed if you aim for dozens, hundreds, thousands, or just as many as you can of them.
Besides sketchy government-related entities with legal wiretapping capabilities, you also have well-funded private interest groups on the malicious side.