Security Basics mailing list archives

Re: SETI@Home - Safe or Exploitable?

From: <counterpol () shaw ca>
Date: 22 Oct 2002 18:54:56 -0000

In-Reply-To: 
<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAt/2qR/Xdb06rl3cHeaFPJsKAAAAQAAAA8MAsuxLIM0Wec26NJ8lGagEAAAAA () 
gwstephens com>

Never gave this too strong a consideration until I read a TechRepublic
article pondering the safety of running distributed computing programs
on corporate computers.  While I discourage our employees from
installing personal software on company computers and I monitor our
workstations for unapproved installations, I do not want to be
completely dictatorial and allow some seemingly innocuous software to be
installed once I satisfy my own security/licensing/stability issues.
Seti@Home is one such program.  While it is understandable that there
could be some concern caused by the use of this program because it
remotely sends and retrieves data for processing, I have never heard of
SETI being exploited.  Any thoughts, opinions, or facts the community
would like to share would be appreciated.


I don't run SETI@home but recall a couple of years ago that there was once 
reports of a vulnerability and exploit using SETI based on user 
information in SETI files stored on the user's PC, I believe. See
http://www.arstechnica.com/archive/2001/0501-1.html. Another reference, 
http://seti.sentry.net/archive/public/1999/6-99/0195.html, asks a similar 
question but you will note no one answered it in the seti mail list.

Regards
counterpol

Current thread:

SETI@Home - Safe or Exploitable? James Shaw (Oct 21)
- Re: SETI@Home - Safe or Exploitable? Johan De Meersman (Oct 22)
- RE: SETI@Home - Safe or Exploitable? - How About UD? Doc Farmer (Oct 28)
- <Possible follow-ups>
- Re: SETI@Home - Safe or Exploitable? counterpol (Oct 23)
- RE: SETI@Home - Safe or Exploitable? Trevor Cushen (Oct 24)
- RE: SETI@Home - Safe or Exploitable? Tim Donahue (Oct 25)