You might want to uninstall BlueFrog

by Chris Josephes

Related link: http://castlecops.com/t156126-Everyone_Please_Uninstall_your_Frog_Immediately.ht…




Since the BlueSecurity project has been shut down, users of the BlueFrog software are recommending that all other BlueFrog users shut down the application and remove it from their systems.



According to the annoucement, if an attacker could trick the clients into thinking it was the BlueFrog master server, that server could compromise all running clients.



I haven't been able to find any specifics, such as what network ports BlueFrog uses, or how the protocol works. Some webpages for BlueFrog clients have already been taken offline. I'm assuming that if there is a threat to the client, then there was no encryption or host verification performed during normal BlueFrog communications.