Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: distributed.net and seti@home

From: OFriedrichs () SECURITY-FOCUS COM (Oliver Friedrichs)
Date: Tue, 1 Feb 2000 11:23:05 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


what's always bugged me about things like seti@home and
distributed.net is the fact that they are in place to conduct
massive network sniffing.

all these clients on a lot of different networks running software
that report some kind of info (who can tell what is sent?) to a
central point...scares me.


I think in theory your right.  However in reality, I for one would
notice if my system was running an NDIS driver sitting in promiscuous
mode (infact, I doubt it would run, since all of the other drivers I
have running would probably conflict with it).  Either way, someone
would notice this.  I doubt distributed.net would willingly do
something like this, however attackers have replaced legitimate
software with trojans before, and it will happen again.

Oliver Friedrichs
securityfocus.com

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com>

iQA/AwUBOJcxYMm4FXxxREdXEQL9kgCfbnt/TcGp6jSZAAs2jdTxMOqt66wAoM1V
0ca/RVrRcgKDlxtaMyrY3f/A
=1H9a
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: