BOINC Security

Questions and Answers : Wish list : BOINC Security

To post messages, you must log in.

AuthorMessage
TK

Send message
Joined: 29 Sep 00
Posts: 10
Credit: 21,199
RAC: 0
Message 1053 - Posted: 24 Jun 2004, 8:26:05 UTC
Last modified: 28 Sep 2004, 16:51:36 UTC

ID: 1053 · Report as offensive
Heffed
Volunteer tester

Send message
Joined: 19 Mar 02
Posts: 1856
Credit: 40,736
RAC: 0
United States
Message 1064 - Posted: 24 Jun 2004, 9:09:59 UTC

And being able to see the CPU type and OS is a risk how?
ID: 1064 · Report as offensive
robert tucker

Send message
Joined: 18 Dec 00
Posts: 1
Credit: 17,201
RAC: 0
United States
Message 1128 - Posted: 24 Jun 2004, 12:38:23 UTC - in response to Message 1064.  

> And being able to see the CPU type and OS is a risk how?
>
>

Well if someone were trying to "map" a network for reasons other than "good intentioned ones" .. knowing as much information about those machines can be very helpful in finding "exploits/bugs". The past years exploits found and used in windows XP is a good example.

I have to agree with Trishank Karthik on this. I just started looking over the new seti and was a bit dismayed at the amount of information about each machine being held on the boinc servers...

I'm not going to get into specifics as to what could and most likely will be attempted with that, but.. given that much information and possiblity of access to it, didn't impress me at all.

Not being able to remove that information from boinc servers and possible public access to it, Well will keep me from putting any other of my machines into the project. If that doesn't change soon, will also mean the removal of the ones that I am currently testing the project out on.
ID: 1128 · Report as offensive
Profile Mr. KevvyCrowdfunding Project Donor
Volunteer tester
Avatar

Send message
Joined: 15 May 99
Posts: 1151
Credit: 195,719,030
RAC: 353,399
Canada
Message 2394 - Posted: 26 Jun 2004, 16:28:25 UTC
Last modified: 11 Jul 2004, 18:31:28 UTC

[Edited by poster]

I had hoped that automatic code updates could be turned off in future editions of the BOINC client (ie prompt when installing them,) but I've decided it's secure enough and of minimal risk.
ID: 2394 · Report as offensive
guruhobo

Send message
Joined: 22 Apr 00
Posts: 1
Credit: 277
RAC: 0
Australia
Message 2959 - Posted: 1 Jul 2004, 3:03:06 UTC - in response to Message 1064.  

> And being able to see the CPU type and OS is a risk how?
>

I'm not aware of a way to exploit a specific CPU type, but if you know the users OS, you already know enough to get started with some exploits. Most OS's have well known flaws. Knowing what the targets OS is gives you a starting point from which to determine vulnerabilities.

By itself, it does not give you the keys to a persons PC, but it's a good place to start. Now if you also know their IP address ... oh wait, Seti tells me that too now!
ID: 2959 · Report as offensive
Gareth Lock

Send message
Joined: 14 Aug 02
Posts: 358
Credit: 711,124
RAC: 281
United Kingdom
Message 10149 - Posted: 20 Jul 2004, 2:28:09 UTC
Last modified: 20 Jul 2004, 2:29:31 UTC

As has been mentioned by someone else. Only YOU can see your IP address. If you view someone else's info their IP address is hidden! Likewise anyone who views your stats won't be able to see your IP.
ID: 10149 · Report as offensive

Questions and Answers : Wish list : BOINC Security


 
©2016 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.