Vulnerability Development mailing list archives

Re: distributed.net and seti@home

From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Sun, 30 Jan 2000 09:19:12 -0800


"Robert Wojciechowski Jr." wrote:


If the clients contact the server, the only way to exploit the clients is to
make the client contact your own server I suppose.


As a general rule in this type of situation (trying to exploit client
holes when there is a hardcoded server) I know of 3 choices:

-Compromise server
-Trick client into contacting your server
-Hijack connection

You might add compromise the client, but then you wouldn't need the client
hole in the first place.

                                        BB

Current thread:

distributed.net and seti@home Seth R Arnold (Jan 28)
- Re: distributed.net and seti@home Justin Lintz (Jan 28)
- Re: distributed.net and seti@home CyberPsychotic (Jan 30)
- <Possible follow-ups>
- Re: distributed.net and seti@home Robert Wojciechowski Jr. (Jan 28)
  - Re: distributed.net and seti@home Seth R Arnold (Jan 29)
- Re: distributed.net and seti@home Robert Wojciechowski Jr. (Jan 29)
  - Re: distributed.net and seti@home Blue Boar (Jan 30)
- Re: distributed.net and seti@home Shashi Dookhee (Jan 30)
  - Re: distributed.net and seti@home Matthew Pemble (Jan 30)
  - Re: distributed.net and seti@home hypnos (Jan 30)
  - Oracle liberal world (Jan 30)
- Re: distributed.net and seti@home Bryce Walter (Jan 30)