Grid computing boosts hacker network

[InfoSec News <isn () c4i org>]

http://asia.cnet.com/newstech/security/0,39001149,39031881,00.htm

By Wayne Rash, Special to CNETAsia
Wednesday, March 13 2002 1:52 AM 

Commentary: Just before I start writing, I look at the colorful blocks
and jagged lines of the SETI at Home screen saver that runs on my
workstation.

SETI at Home is a distributed computing application that divides a
massive signal processing problem into tiny segments and sends them to
millions of computers worldwide. Since SETI's inception, many other
distributed--or grid--computing projects have begun work, and vendors
such as Sun, IBM, and Compaq have jumped into the fray.

One particular project, however, has nefarious intentions. A worldwide
hacker confederation is quietly setting up a global, real-time,
peer-to-peer grid of processing power to crack encryption--especially
passwords--used in commerce.

Cracking passwords is not an easy task; you need a huge amount of
computing power to get results. Grid computing, however, gives hackers
the horsepower they need in an unprecedented way.

Here's how it works: Hackers send clients into your system via a worm,
or through any other site that's been hacked or intentionally set up
to run programs on your PC remotely. Or, a user downloads a
screensaver from any of the sites that let you share computing assets.

After the clients are inside users' machines, they lend processing
power to the encryption-cracking effort. The hacker clients sniff the
password and user IDs from a stream going to a commerce site. With all
that processing power, it doesn't take very long to encrypt a
password; you could crack the average seven-character password in
about an hour if you had 160 computers working on it.

Worse, these clients don’t stop using resources when you start
working; they take advantage of the real-time connections in a
corporate environment and continue cracking.

To guard your computing power, make sure your firewall is set to stop
outgoing traffic on ports and by unauthorized applications. Use strong
passwords (eight really random characters will do) and change them
regularly. Also, deploy auditing software that will search for
unauthorized applications--including those that may contribute to a
hacker network.

If you decide you don’t mind contributing some of your computing
resources, make sure you know who’s really behind the effort. SETI at
Home is backed by the University of California at Berkeley, but not
every backer is legitimate.

Wayne Rash runs a product testing lab near Washington, DC. He's been
involved with secure networking for 20 years and is the author of four
books on networking topics.




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.