Nasty Idea of the Night: Bittorrent "Worm"

It's been awhile, but then again, it's always been awhile, but I digress.

So a nasty idea popped into my head tonight. Imagine attacking a BitTorrent by finding a buffer overflow in the client software and each host compromised checks it's peer list and compromises all those as well? Add extra nasty and have the payload also check for other torrents and send the exploit payload to those as well.

Interesting points:

• Could move incredibly fast.
• Complicated issues with client vulnerabilities vs protocol vulnerabilities. Unlikely to write an attack that works universally. 
• Price the RIAA would pay for such a thing? *What's the keystroke for infinity*
• Tracker vulnerabilities.

Just a random thought. More to come.

Black Hat Field Report #1: Design Review of the Web - Kaminsky

Dan Kaminsky takes a closer look at some interesting aspects of 'Wed 2.0'.
Using 'Slirpi' (back from the dead) VPN'ing into Protected Networks With Nothing But A Lured Web Browser.
The fundamental design of the web is late binding, pieces are pulled together and assembled at runtime, independent from one another. So as soon as independence was established, people wanted to be able to create dependencies ("you read my page, I read your mail")
DNS Pinning still works?
Dan demonstrated an extension of RSnake that grants full IP connectivity, by design, to any attacker who can lure a web browser to render his page.This used to be taken care of by Same Origin Policy, which attempts to restrict scripting and other forms of enhanced access to sites with the same name. But scripts are not acquired from names, they come from addresses.
Dan also demonstrates how Slirpie can cut through some implementations of Single Sign-on.