BOINC Security


log in

Advanced search

Questions and Answers : Wish list : BOINC Security

Author Message
TK
Send message
Joined: 29 Sep 00
Posts: 10
Credit: 21,199
RAC: 0
Message 1053 - Posted: 24 Jun 2004, 8:26:05 UTC
Last modified: 28 Sep 2004, 16:51:36 UTC

Heffed
Volunteer tester
Send message
Joined: 19 Mar 02
Posts: 1856
Credit: 40,736
RAC: 0
United States
Message 1064 - Posted: 24 Jun 2004, 9:09:59 UTC

And being able to see the CPU type and OS is a risk how?

robert tucker
Send message
Joined: 18 Dec 00
Posts: 1
Credit: 17,201
RAC: 0
United States
Message 1128 - Posted: 24 Jun 2004, 12:38:23 UTC - in response to Message 1064.

> And being able to see the CPU type and OS is a risk how?
>
>

Well if someone were trying to "map" a network for reasons other than "good intentioned ones" .. knowing as much information about those machines can be very helpful in finding "exploits/bugs". The past years exploits found and used in windows XP is a good example.

I have to agree with Trishank Karthik on this. I just started looking over the new seti and was a bit dismayed at the amount of information about each machine being held on the boinc servers...

I'm not going to get into specifics as to what could and most likely will be attempted with that, but.. given that much information and possiblity of access to it, didn't impress me at all.

Not being able to remove that information from boinc servers and possible public access to it, Well will keep me from putting any other of my machines into the project. If that doesn't change soon, will also mean the removal of the ones that I am currently testing the project out on.

Profile Mr. KevvyProject donor
Volunteer tester
Avatar
Send message
Joined: 15 May 99
Posts: 726
Credit: 76,628,278
RAC: 83,054
Canada
Message 2394 - Posted: 26 Jun 2004, 16:28:25 UTC
Last modified: 11 Jul 2004, 18:31:28 UTC

[Edited by poster]

I had hoped that automatic code updates could be turned off in future editions of the BOINC client (ie prompt when installing them,) but I've decided it's secure enough and of minimal risk.

guruhobo
Send message
Joined: 22 Apr 00
Posts: 1
Credit: 277
RAC: 0
Australia
Message 2959 - Posted: 1 Jul 2004, 3:03:06 UTC - in response to Message 1064.

> And being able to see the CPU type and OS is a risk how?
>

I'm not aware of a way to exploit a specific CPU type, but if you know the users OS, you already know enough to get started with some exploits. Most OS's have well known flaws. Knowing what the targets OS is gives you a starting point from which to determine vulnerabilities.

By itself, it does not give you the keys to a persons PC, but it's a good place to start. Now if you also know their IP address ... oh wait, Seti tells me that too now!

Gareth Lock
Send message
Joined: 14 Aug 02
Posts: 358
Credit: 503,753
RAC: 70
United Kingdom
Message 10149 - Posted: 20 Jul 2004, 2:28:09 UTC
Last modified: 20 Jul 2004, 2:29:31 UTC

As has been mentioned by someone else. Only YOU can see your IP address. If you view someone else's info their IP address is hidden! Likewise anyone who views your stats won't be able to see your IP.

Questions and Answers : Wish list : BOINC Security

Copyright © 2014 University of California