Questions and Answers :
Wish list :
BOINC Security
Message board moderation
Author | Message |
---|---|
TK Send message Joined: 29 Sep 00 Posts: 10 Credit: 21,199 RAC: 0 |
|
Heffed Send message Joined: 19 Mar 02 Posts: 1856 Credit: 40,736 RAC: 0 |
And being able to see the CPU type and OS is a risk how? |
robert tucker Send message Joined: 18 Dec 00 Posts: 1 Credit: 17,201 RAC: 0 |
> And being able to see the CPU type and OS is a risk how? > > Well if someone were trying to "map" a network for reasons other than "good intentioned ones" .. knowing as much information about those machines can be very helpful in finding "exploits/bugs". The past years exploits found and used in windows XP is a good example. I have to agree with Trishank Karthik on this. I just started looking over the new seti and was a bit dismayed at the amount of information about each machine being held on the boinc servers... I'm not going to get into specifics as to what could and most likely will be attempted with that, but.. given that much information and possiblity of access to it, didn't impress me at all. Not being able to remove that information from boinc servers and possible public access to it, Well will keep me from putting any other of my machines into the project. If that doesn't change soon, will also mean the removal of the ones that I am currently testing the project out on. |
Mr. Kevvy Send message Joined: 15 May 99 Posts: 3776 Credit: 1,114,826,392 RAC: 3,319 |
[Edited by poster] I had hoped that automatic code updates could be turned off in future editions of the BOINC client (ie prompt when installing them,) but I've decided it's secure enough and of minimal risk. |
guruhobo Send message Joined: 22 Apr 00 Posts: 1 Credit: 277 RAC: 0 |
> And being able to see the CPU type and OS is a risk how? > I'm not aware of a way to exploit a specific CPU type, but if you know the users OS, you already know enough to get started with some exploits. Most OS's have well known flaws. Knowing what the targets OS is gives you a starting point from which to determine vulnerabilities. By itself, it does not give you the keys to a persons PC, but it's a good place to start. Now if you also know their IP address ... oh wait, Seti tells me that too now! |
Gareth Lock Send message Joined: 14 Aug 02 Posts: 358 Credit: 969,807 RAC: 0 |
As has been mentioned by someone else. Only YOU can see your IP address. If you view someone else's info their IP address is hidden! Likewise anyone who views your stats won't be able to see your IP. |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.