Please report all spam threads, posts and suspicious members. We receive spam notifications and will take immediate action!
Results 1 to 6 of 6

Thread: SETI@home fixes hole




  1. #1
    Join Date
    Nov 2001
    Location
    Here.....of course!
    Posts
    10,280

    Default

    Written by Paul Roberts, in the June issue of Australian PC World

    Providing further proof of the adage that "No good deed goes unpunished", the SETI@home screen saver contains software vulnerabilities that could allow attackers to execute malicious code on machines running the popular program, according to an advisory released by a computer science student in The Netherlands.
    SETI@home is a scientific experiment that marshals the processing power of internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). Participants install a free software program that downloads and analyses radio telescope data.
    The SETI@home software is packaged as a screensaver. While the screensaver runs, the software downloads, analyses and uploads radio telescope data from a data server at University of California, Berkeley, in the US.
    The screensaver software contains a buffer overrun vulnerability in coded that processes responses from the SETI@home server, according to Berend-Jan Wever, the 26-year-old student.
    After tricking the client into connecting to a server the attacker controls, an attacker could cause the buffer overrun by sending a long string of data followed by a "newline" character, Wever wrote.
    A seperate problem concerns the SETI@home client's transmission of information back to the SETI@home server.
    Wever discoverd that all information from the SETI@home client is sent out in plain text form. That information includes data on the operating system and processor type used by the machine running the SETI@home client.
    Malicious hackers could use the information for planning a larger network attack, according to the advisory.
    The SETI@home team released a patched version of the client software, Version 3.08, which was described as a "precautionary security release", according to the information o the SETI@home Webpage (http://setiathome.ssl.berkeley.edu/download.html).
    The vulnerability would require attackers to "spoof" a fake SETI@home server and trick the software clients into connection to it b4 they could be comprimised. The SETI@home team knew of no previous attack on a client that used such a method, the Web site said.
    More than 4 million Internet users have registered with SETI@home. Of those registered users, more than 500,000 are considered "active" having returned data to the main server within the previous four weeks, according to the project's Web page.

    I just thought you ppl might find this an interesting read.

  2. #2
    Join Date
    Nov 2001
    Location
    New England Highlands, Australia
    Posts
    21,907

    Default

    I'm sorry sis but who uses the screensaver version? :confused:

    Commandline is the way to run SETI. :thumb:

  3. #3
    Join Date
    Nov 2001
    Location
    Here.....of course!
    Posts
    10,280

    Default

    I don't know what you guys use.
    Just thought it might be enlightening for someone that may use it.

  4. #4
    Join Date
    Nov 2002
    Posts
    442

    Default

    Thanks for the Info WS!

  5. #5
    Join Date
    Nov 2001
    Location
    Here.....of course!
    Posts
    10,280

    Default

    I'll be happy if the information helps "just" one person to secure their comp just that little bit more.

  6. #6
    Join Date
    Nov 2001
    Location
    New England Highlands, Australia
    Posts
    21,907

    Default

    Well there are still a few usin' it sadly but we'd rather them use the cmdline.exe as the rewards are both much quicker crunchin' and much much less system conflicts. ;)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •