Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Information Security News: 'Distributed' Web Projects Raise Security Issues

'Distributed' Web Projects Raise Security Issues

From: InfoSec News <isn_at_c4i.org>
Date: Mon, 25 Feb 2002 02:41:32 -0600 (CST)

http://www.newsbytes.com/news/02/174660.html

By Ariana Eunjung Cha, Washington Post
WASHINGTON, D.C., U.S.A.,
21 Feb 2002, 6:57 AM CST
 
The projects' creators describe them as akin to digital ant colonies.

They are networks composed of millions of computers working together
across the Internet to solve some of the world's most intractable
problems: analyzing possible cures for cancer or AIDS, scouting the
universe for signs of life, or even cracking a code for prize money.
 
The machines are ordinary PCs. Volunteers need only download a free
screensaver to participate. The software program harnesses any
leftover processing power, without interrupting a volunteer's normal
activities, and diverts it to tackle some large computing problem. In
this way, average citizens are helping scientists help the world.

The projects have already managed to aid researchers in analyzing
global climate changes and to find new prime numbers. They've also
screened a series of compounds with the potential to render anthrax
toxins harmless; that project, sponsored by Oxford University, United
Devices, Microsoft and Intel, among others, was completed in just 24
days.

But just as these "distributed computing" projects are beginning to
yield results, new concerns about security have put many efforts in
jeopardy.

Since Sept. 11, companies large and small have begun stripping the
software from machines out of fear they create an open channel to the
Internet that could be exploited by terrorist hackers. Richard
Chambers, the former inspector general at the Tennessee Valley
Authority, America's largest public power company, and other
government officials have declared the projects a risk to computer
security and banned them from their systems. And in an unusual case
that has riled up the high-tech community, a technician at the DeKalb
Technical Institute, a public, two-year college in Clarkston, Ga., was
charged by authorities with computer theft and trespass after
installing such a program on several school machines.

Tim Mullen, chief software architect for software firm AnchorIS.Com
and a columnist for the SecurityFocus.com site, is among those who
tell clients to remove those programs from their machines.

"Unless you have people onboard who are going to do a code-level
review for security on what's going in that screensaver, it's not
worth the risk," he said.

The companies that make such software -- firms such as Fairfax-based
Parabon Computation Inc. and United Devices Inc. in Austin -- insist
their products are safe. Indeed, in an testament to at least one of
these systems, a well-known hacker-group-turned-security-consultancy
@Stake l0pht has loaned out 86 PCs to work on a math puzzle called the
Optimal Golomb ruler. A Golomb ruler is a special ruler where all
marks have unique distances from each other with no duplications.
These rulers can help determine positions of antenna in an array for a
radio telescope, among other applications.

Many of the researchers who have constructed the screensavers as
largely academic projects brush aside possible risks as unimportant
given the value they potentially bring to society.

That includes the directors of SETI_at_Home, which analyzes data from a
radiotelescope for signs of alien life and, with 3.5 million users, is
probably the largest distributed computing project.

In June of last year, when hackers gained access to its volunteer
database and escaped with information about 50,000 users, the
administrators said they would not rewrite the software to add more
security because it is a nonprofit project without the time or
resources to do so.

David Anderson, the director of SETI_at_Home, said the screensaver itself
has been bug-free for 2 1/2 years -- hackers had gained access to the
project's central servers. Still, he supports decisions by some
administrators to remove the screensaver from their workers' machines
for security reasons. For instance, "any computer that's connected
with a nuclear power plant shouldn't be running any extra things," he
said.

The number of active users of the program has dropped off by a few
tens of thousands since September. But Anderson attributes the decline
mostly to congestion on the University of California at Berkeley
network that his project runs on. As students trade a growing number
of digital music and other electronic files, the resulting traffic is
preventing SETI_at_Home from being able to communicate effectively with
its network of computers because some messages are not getting
through.

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo_at_attrition.org with 'unsubscribe isn' in the BODY
of the mail.
Received on Feb 25 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]