Please report all spam threads, posts and suspicious members. We receive spam notifications and will take immediate action!
Results 1 to 6 of 6

Thread: [email protected] fixes hole




  1. #1
    Join Date
    Nov 2001
    Location
    Here.....of course!
    Posts
    10,280

    Default

    Written by Paul Roberts, in the June issue of Australian PC World

    Providing further proof of the adage that "No good deed goes unpunished", the [email protected] screen saver contains software vulnerabilities that could allow attackers to execute malicious code on machines running the popular program, according to an advisory released by a computer science student in The Netherlands.
    [email protected] is a scientific experiment that marshals the processing power of internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). Participants install a free software program that downloads and analyses radio telescope data.
    The [email protected] software is packaged as a screensaver. While the screensaver runs, the software downloads, analyses and uploads radio telescope data from a data server at University of California, Berkeley, in the US.
    The screensaver software contains a buffer overrun vulnerability in coded that processes responses from the [email protected] server, according to Berend-Jan Wever, the 26-year-old student.
    After tricking the client into connecting to a server the attacker controls, an attacker could cause the buffer overrun by sending a long string of data followed by a "newline" character, Wever wrote.
    A seperate problem concerns the [email protected] client's transmission of information back to the [email protected] server.
    Wever discoverd that all information from the [email protected] client is sent out in plain text form. That information includes data on the operating system and processor type used by the machine running the [email protected] client.
    Malicious hackers could use the information for planning a larger network attack, according to the advisory.
    The [email protected] team released a patched version of the client software, Version 3.08, which was described as a "precautionary security release", according to the information o the [email protected] Webpage (http://setiathome.ssl.berkeley.edu/download.html).
    The vulnerability would require attackers to "spoof" a fake [email protected] server and trick the software clients into connection to it b4 they could be comprimised. The [email protected] team knew of no previous attack on a client that used such a method, the Web site said.
    More than 4 million Internet users have registered with [email protected] Of those registered users, more than 500,000 are considered "active" having returned data to the main server within the previous four weeks, according to the project's Web page.

    I just thought you ppl might find this an interesting read.

  2. #2
    Join Date
    Nov 2001
    Location
    New England Highlands, Australia
    Posts
    21,905

    Default

    I'm sorry sis but who uses the screensaver version? :confused:

    Commandline is the way to run SETI. :thumb:

  3. #3
    Join Date
    Nov 2001
    Location
    Here.....of course!
    Posts
    10,280

    Default

    I don't know what you guys use.
    Just thought it might be enlightening for someone that may use it.

  4. #4
    Join Date
    Nov 2002
    Posts
    442

    Default

    Thanks for the Info WS!

  5. #5
    Join Date
    Nov 2001
    Location
    Here.....of course!
    Posts
    10,280

    Default

    I'll be happy if the information helps "just" one person to secure their comp just that little bit more.

  6. #6
    Join Date
    Nov 2001
    Location
    New England Highlands, Australia
    Posts
    21,905

    Default

    Well there are still a few usin' it sadly but we'd rather them use the cmdline.exe as the rewards are both much quicker crunchin' and much much less system conflicts. ;)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •