Security flaw hits SETI@home

[InfoSec News <isn () c4i org>]

http://news.zdnet.co.uk/story/0,,t278-s2133025,00.html

Patrick Gray
ZDNet Australia   
7th April 2003

The flaw means that an attack could target any of the distributed
computing project's millions of clients around the world A security
vulnerability has been found in SETI@home, the software used by
millions of Internet users to search for extraterrestrial life.

The flaw has been found in both the SETI (Search for Extra Terrestrial
Intelligence) client and server software. According to an advisory,
the successful breach of the main server could result in the
compromise of all SETI@home clients.

"Do understand that successful exploitation of the bug in the server
would offer a platform from which ALL SETI@home clients can be
exploited," it says.

The SETI@home project uses distributed processing to analyse
radio-telescope data. The client software, in the form of a screen
saver, downloads raw data collected by the telescope and scours it for
intelligent signals embedded in it.

This type of number crunching is computationally intensive, but with
around 4.3 million users, the researchers are able to make the most of
the world's idle processing power. The SETI Web site explains the
logic: "While you are getting coffee, or having lunch or sleeping,
your computer will be helping the Search for Extraterrestrial
Intelligence by analysing data specially captured by the world's
largest radio telescope."

Users of the software can download a patch here.

Melbourne based web designer Sean Rainey has used the SETI client for
about two years.

He joked that intelligent extraterrestrials may have used the
vulnerability already in order to smudge the project's findings. "It's
clear as day," he told ZDNet Australia, "they're quite happy just
being left alone."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.