Slashdot Mirror
Exploit Found in Seti@Home
Jamie noted that an Exploit was found in Seti@Home and there is code exploiting the hole actually running about in the wild. Patches are available for those of you not interested in running a public warez server or DoS client ;)
This early post is for AXJ!
r0x0r
I wonder whether aliens are exploiting this to control us /me screams and runs in fear.
ftp://alien.ssl.berkeley.edu/pub/setiathome-3.08.i 686-pc-linux-gnu.tar
ftp://alien.ssl.berkeley.edu/pub/setiathome-3.08.s parc-sun-solaris2.6.tar
Can't seem to find 'em on wcarchive.cdrom.com, the other mirror site -- anyone got a link?
Carousel is a lie!
Something tells me that this exploit is going to lead to a lot more people getting fired than, say, that OpenSSH one a while back.
First POST!
I 0w/\/ j0o a1l!
Got an FP!
cool.
this is great.
But I already run a public warez server!
Must be because of evil bits sent by menacing aliens!
Just a bunch of h4x0rs having fun again? Dang.
You win... at the game of losing! LOL ROTFLWTFBBQ!!111
the Aliens doing this. Not to worry though. I will use my I-Book to hack into their systems and upload a virus.
You suck worse than the last wanna-be frist proster, who was also a failure.
You are a failure as a slashdot poster and human being, even more so than usual.
Of course, they're secretly using our cycles now. It must stop.
There are illegal aliens in my computer!#!@
Who am I kidding, no-one watches the X-Files anymore/
I'm sure the Aliens will love it when we try to DoS attack them. That's one way to make friends with a new species. "Oh sorry about that, yeah were a smart world, REALLY!!"
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
Thank you!
I could have dug around, but now I don't need to.
It's good to be lazy.
My mom says I'm cool.
If the aliens would be exploiting that, our computers would be full of alien pr0n, which it isn't the case... Right? RIGHT?
I demand the Cone of Silence!
mmmmmm BBQ *drools*
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
/. can suck on deez, god damn fags.
distributed.net in support of Team Slashdot. Let's crack that RC5-72 so that we can move on to RC5-128! Only 657,374 days (~1800 years) left to go!
where are those karma whores when you need them?
- There was a potential buffer overrun in the networking code of the client that is fixed with version 3.08. Note that to exploit this vulnerability, a potential attacker would have to trick the client into contacting a fake server rather than the actual SETI@home server. To our knowledge,
- no SETI@home client has ever been attacked in this manner.
Whereas Jamie claims that- an Exploit [sic.] was found in Seti@Home and
- there is code exploiting the hole actually running about in the wild.
Can anybody help clear this up until the linked site get back online?"If you think education is expensive, try ignorance" - Derek Bok
Seems a lot of people freaked over this, understandable, but aren't they aware that running any software leads to security risks?
/040
- Oh my bad, I guess it's mostly the windows client users that have experienced that before...
(I was also always sure there was a little man inside my computer doing all the work, little did I know that it was a little alien).
Well, let's see here. I'm going to be reading data from an untrusted source. So, I feel it's safe to assume that this data will be no longer than, oh, let's say 100 characters. Yeah, 100. I mean, who would send more than that. That'd be crazy!
That'd be about as crazy as wasting cycles on checking the length of my input. Or, dynamically allocating buffers. Or, using safe, bounded copy/read instructions. What kind of wacko would do that! Hah!
Justin Dubs
No you dumb moron coders never make mistakes. At least i never make mistakes and i write Windosw and that is why Windows is perfect. You have obviusly never been to Seatle. Come here and we will show you that the backspase key was aded for dumb users not for coders.
Look! Their site is down! Someone must have used this exploit to launch a Dos on them! Oh wait... damn you slashdot!
Everybody denies I am a genius--but nobody ever called me one!
at least its doing something useful... rather than just pointlessly scanning some random data with no hope of finding anything.
I'm smarter than the average bear.
over here.
"If you think education is expensive, try ignorance" - Derek Bok
running winxp on the spaceship woo -.-
This sig was cut off by the sla
Confirmed information leaking:
This issue affects all clients.
Confirmed remote exploitable:
setiathome-3.03.i386-pc-linux-gnu-gnulibc2.1
setiathome-3.03.i686-pc-linux-gnu-gnulibc2.1
setiathome-3.03.i386-pc-linux-gnulibc1-static
setiathome-3.03.i686-pc-linux-gnulibc1-static
setiathome-3.03.i386-winnt-cmdline.exe
i386-unknown-freebsd2.2.8 (Special thanks to Niels Heinen)
SETI@home.exe (v3.07 Screensaver)
Confirmed DoS-able using buffer overflow:
The main seti@home server at shserver2.ssl.berkeley.edu
Presumed vulnerable to buffer overflow:
All other clients.
PATCHED VERSION
Are available
BACKGROUND INFORMATION
From "http://setiathome.berkeley.edu/" :
"SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). You can participate by running a free program that downloads and analyzes radio telescope data. "
"The SETI@home program is a special kind of screensaver. Like other screensavers it starts up when you leave your computer unattended, and it shuts down as soon as you return to work. What it does in the interim is unique. While you are getting coffee, or having lunch or sleeping, your computer will be helping the Search for Extraterrestrial Intelligence by analyzing data specially captured by the world's largest radio telescope. "
"The client/screensaver is available for download only from this web page - we do not support SETI@home software obtained elsewhere. This software will upload and download data only from our data server here at Berkeley. The data server doesn't download any executable code to your computer. All in all, the screensaver is much safer than the browser you're running right now!"
There are currently over four million registered users of seti@home. Over half a million of these users are "active"; they have returned at least one result within the last four weeks.
THE VULNERABILITIES
The seti@home clients use the HTTP protocol to download new workunits, user information and to register new users. The implementation leaves two security vulnerabilities:
1) All information is send in plaintext across the network. This information includes the processor type and the operating system of the machine seti@home is running on.
2) There is a bufferoverflow in the server responds handler. Sending an overly large string followed by a newline ('\n') character to the client will trigger this overflow. This has been tested with various versions of the client. All versions are presumed to have this flaw in some form.
3) A similar buffer overflow seems to affect the main seti@home server at shserver2.ssl.berkeley.edu. It closes the connection after receiving a too large string of bytes followed by a '\n'.
THE TECHNIQUE
1) Sniffing the information exposed by the seti@home client is trivial and very usefull to a malicious person planning an attack on a network. A passive scan of machines on a network can be made using any packetsniffer to grab the information from the network.
2) All tested clients have similar buffer overflows, which allowed setting eip to an arbitrairy value which can lead to arbitrairy code execution. An attacker would have to reroute the connection the client tries to make to the seti@home webserver to a machine he or she controls. This can be done using various widely available spoofing tools. Seti@home also has the ability to use a HTTP-proxy, an attacker could also use the machine the PROXY runs on as a base for this attack. Routers can also be used as a base for this attack.
3) Exploitation of the bug in the server
Live to be Moderated
Wasn't this SET@home thing programmed in Ada? Ada isn't supposed to allow buffer overruns. What gives?
Are many individuals (on their own machines and not he company hardware) actually running the SETI client? I started it back in 1999 but gave up when I discovered that it took about 24hrs to process one unit on my 366 Toshiba laptop making it rather unlikely that at that rate I would live long enough to find anything. To be honest I had pretty much forgotten about the project altogether.
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
wouldn't it make sense to at least allow people to know what they're running?
I'm not saying that open source is the best solution in all circumstances, but when you're asking people to run your code it seems that the least you could do would be to provide them with the source code.
Tarsnap: Online backups for the truly paranoid
or, us vs. us.
now you see IT? now you DOWt.
pay attention, that's cheap enough.
lookout bullow. the daze of the Godless greed/fear/murder based payper liesense hostage ransom stock markup frauds is upon US.
the creator is participating lookout bullow.
check with yOUR creator to discover what yOUR role might be in the rescue of the planet, from those who would hold IT hostage.
gooed 'job' there robbIE, turning off va lairIE's patentdead PostBlock(tm) device. that didn't cause a flareup of trust/cohesion in the 'community' buy the weigh. everIE 'man' for himself dooing the 'hard times'?
Being part of a community involves give and take. /. has done its fair of giving, so far as links to news and a place to comment is concerned. This has also involved more than a fair share of taking.
As a responsible net-citizen, though, the editors need to be far more considerate of other people. This is a clear case of inproper net behavior, something I would expect the newest AOL-newbie, spam producing, weenie to do.
Instead of complaining about how much spam you get everyday, Taco, why don't you do the community something useful and mirror the websites that you link to. We whine and complain about bad patents, spam, copyright abuse, monopolies, and then treat the net community with disrespect by effectively dos'ing random servers? It isn't funny anymore.
How about using your cycles on something that isn't a complete waste of time, like folding@home, or some other project?
Can anyone give any practical advice on how to figure out if your own system has been compromised? No, I don't have any tripwires installed :-(
Find free books.
I got up this morning and SETI was reporting a fatal error i've never seen before - coincidence?
-
Seriously, with the kind of computational power that is now available even in a bottom-of-the-line gray-box PC the time has come to retire mainstream languages that do not have array bounds checking built-in.
<rant>
We are placing the entire computing infrastructure of the nation at risk in the name of a few measly clock cycles that would be spent performing bounds check.
Engineers know that the only way to have realiable systems is to have substantial safety margins and backup systems. This is a lesson that we software developers ignore at our own peril.
</rant>
How do we know aliens don't communicate by propogating buffer overruns throughout the planet? Has anyone analysed this code, if it is indeed out in the wild?
There's gotta be more to extraterrestial life than mutilating cows and doing donuts in crop fields.
Does anyone know if this exploit effects folding@home clients? I do not know if they use the same engine or if the '@Home' name is the only thing they have in common.
Good thing the 20 computers I'm running it on aren't even mine!
The coolest voice ever.
It's not I-Book - it's iBook.
What gave you the idea that Seti@home is "waste"? It could bring humanity the greatest revelation there is. And besides, S@H-data is used in variety of scientific projects, not just hunting aliens. And finally: S@H was the forerunner of these kinds of projects. It showed what could be done and how to do it. Without S@H your precious folding@home wouldn't even exist. S@H was the first, it showed others the way.
Lesbian Nazi Hookers Abducted by UFOs and Forced Into Weight Loss Programs - -all next week on Town Talk.
and just where is Jeff Goldblum when we need him; we could ask him to write up a virus on his Mac and just let it sit there on our hard drives and when the aliens get to that file: BOOM!
...we are from the government - we are here to help...
Where do you download the software for warez servers and DoS clients? I know some people who have old DOS programs that they need to run for their business, and they also need a warez server to search for stock quotes online and tell them "ware" they are.
nevermind, that was stupid....
...we are from the government - we are here to help...
I got spam from seti@home encouraging me to run the client again on March 21st, but nowhere did it mention this security problem even though they knew about it back in December or Janauary.
...
This seems pretty irresponsible to me. Notice they say in the email, you "can" download the software, they should have really said you _should_ download it!
This is an exciting time for SETI@home. On March 18-20 2003 we travel to the Arecibo radio telescope to re-observe the most promising "candidates" produced by our search so far. There is a chance that these new observations will yield the first real evidence of extraterrestrial life. Thanks for being part of this history-making effort! According to our records, you have processed 44 work units, the most recent on October 27, 1999. Your contribution of computer time to SETI@home is greatly appreciated. If you have taken a break from SETI@home, now is a great time to start up again; you can download the latest software
Is it safe to assume that the command line version for other platforms will take similar URLs? The presumed OSX version at ftp://alien.ssl.berkeley.edu/pub/setiathome-3.08.p owerpc-apple-darwin1.2.tar, and the presumed WinNT version at http://wcarchive.cdrom.com/pub/setiathome/setiatho me-3.03.i386-winnt-cmdline.exe, both don't work yet. (I got these urls by hand editing the links on the Unix download page to replace 3.03 with 3.08, so I'm assuming that the new versions will be consistent with what was already there.) Maybe these links will work by the time you read this, but as of now (2:30 pm EST) they haven't been updated yet.
DO NOT LEAVE IT IS NOT REAL
As I've commented before, I'm intrigued that we have our planetary computer network hooked up to an open port on a radio-telescope. Hoping for a superior alien race to send us e-mail. What if they also have alien computer viruses?
Gives new meaning to the honeynet concept.
This advisory came 4 months late. While I'm glad this person contacted Seti first before releasing the advisory, I cannot believe that it took them two months to fix a bufer overflow! While seti@home isn't a mission critical app, I would think the seti people would want to release a new version very quickly, at the very least so that they know that their personal omputers can't get exploited.
Yep, see that news story? "NASA were proud to announce the finding of 18 more satellites around Jupiter. They said, It is thought that 3 of these, w00t, l33t and h4x0r, may be capable of sustaining life. Soon after the announcement, analysts were sceptical that whilst these planets may contain life, they would not be socialable creature who use a similar form of communication to humans"
This advisory came 4 months late. While I'm glad this person contacted Seti first before releasing the advisory, I cannot believe that it took them two months to fix a bufer overflow! While seti@home isn't a mission critical app, I would think the seti people would want to release a new version very quickly, at the very least so that they know that their personal omputers can't get exploited.
Bah, forgot about a username.
Only dead fish swim with the stream...
Go chase some girls.
They are covering their tracks. How else could you explain this suspicious lack of alien signal evidence after all of these years of searching? This is a coverup of galactic proportions.
I am risking my life by sharing this with you, but someone must speak out before it's too late!
There ARE no such things as aliens. The real coverup is that the government has been manipulating the public to accept that there may be aliens, and is using that to get funding and public support for sinister military projects that, otherwise, would be difficult to run.
Seti@Home is the most recent, and diabolical, of them all. Hundreds of thousands of people have been conned into believing that they're actually searching for "alien communications." The truth is that they're processing massive amounts of data, fed directly to the Arecibo dish by the military as part of a massive attempt at global mind control / thoughtcrime detection.
The signals being processed are actually brainwaves of the billions of people on the planet. Currently, they are researching normal brainwave activity in the global population and experimenting on a select group of individuals using weather satellites to beam mind control signals directly into their skulls. Once phase 1 has been completed, they will being experimenting with lightly controlling the minds of a whole country or continent. Finally, total control of the world population will take place.
The odds of my computer being tricked into contacting a fake SETI@home server, are about as slim as they are of me finding alien life.
Saskboy's blog is good. 9 out of 10 dentists agree.
Then you might write a quick and dirty function that calls sprintf to format a message (snprintf is not portable, so you might not have a simple fix). Then after a while you forget that it was quick and dirty and use it in a client that will only connect to your own server. I think its a very easy mistake to make. It gets more interesting. Say you are reading a 1024 bit number that is supposed to be a product of two 512 bit primes. Your code has a hand-optimized assembler loop that will not violate bounds of a fixed-length array if the number is what it's supposed to be. But if it has small factors, the loop might blow away the memory. On the other hand, checking the bounds would make your performance-critical loop twice slower. Still think it's easy to validate the input?
anyone know if there's a new version of the windows command-line client? all i could find is the ancient setiathome-3.03.i386-winnt-cmdline.exe. i tried exploring a couple of the ftp servers with no luck.
anyone able to locate a newer version or am i stuck running the crappy gui?
THERE IS NO DATA. THERE IS O
If this was a microsoft hole, slashdot would be jumping all over it. "MS sucks! Look at these security holes! Waa! I'm gonna go cry about it now, even though they patch them quickly!"
I know a lot of people hate MS, especially the slashdot/open source community. But at least be fair....why is it so egregious for MS to have a few security holes where any other company would be cut some considerable slack? Like Seti@Home for example. No piece of software is perfect, open or closed.
The client connects to Seti@home's servers and downloads a 'work packet'. This packet is stored locally and when analysis is complete the results are uploaded to Seti@home.
>
I'd rather have a program that defaults to an uncaught exception and program crash to one that is instead vulnerable. One is somewhat more dangerous than the other, though an uncaught ArrayOutOfBounds or whatnot exception isn't perfect and still results in program crashes.
Indeed the sooner it breaks the sooner it will be fixed in normal applications distributed to society at large. And if you know what you're doing and are ever vigilant you can perhaps avoid these sorts of errors. But its becoming increasingly clear that few and fewer know what they're doing behind that veneer, while still choosing C/C++ because its the standard. To fix this, we can either educate these people in the way of the code warrior or they can select another language. There's an entire body of information on the way of the warrior, so perhaps another language is indeed a viable option. Java actually implements an array class that throws your suggestion of an intelligent object/class built into the library.
Microsft has chosen C#, or Managed C(++). Universities have chosen Java. I'd love to see enterprise level support for OCaml personally, but I think that's doubtful. Stateful inspection of possible overflows is a long way from being complete. It seems a lot of research at my university is focused on such stuff.
I Browse at +4 Flamebait
Open Source Sysadmin
And a very special "fuck you" to Taco for complaining about there being nothing worth posting today.
This is the reason employers have problems when their employees run Seti@Home (and indeed, any unauthorized software) on their machines.
As an IT professional, you talk and talk and talk and talk trying to warn your superiors of the danger of running unnecessary network services -- why you can't just open the firewall wide up to let them use their proprietary stock-tracking application; hell, why you even have a firewall in the first place.
And then Seti@Home, the ultimate nonessential network service, comes along and validates everything you've been saying. But you're running it anyway, because it's "cool". And now your network is compromised.
Should have taken your own advice.
NO CARRIER
You can just FTP to ftp://alien.ssl.berkeley.edu/pub/ and see for yourself what's there.
When I checked, the only 3.08 versions available were the GUI versions for Windows and Mac OS 9 (not OS X), and the two command line versions mentioned above (x86 Linux and Sparc Solaris). The ones I personally care about, the command line versions for WinNT and OS X, were not there yet.
before installing the patch, I had 441 workunits. now it says I have 240. Anyone else experiencing this?
So... for those people who installed Seti on 100 machines at school/work, are you updating them RIGHT NOW? One guy where I am put Seti on a bunch of cluster machines because, after all, no one else is using them. I certainly hope that he's working unpaid overtime patching his (against the rules) pet project.
-- Is "Sig" copyrighted by www.sig.com?
For thouse looking for an alternative, there is always distributed.net.
I shouldn't think we'd need anything very elaborate for a DoS attack on the aliens. Just link /. to them.
It's the queers. They're in it with the aliens. They're building carefully crafted packets to remote control the SETI client for gay martians. I swear...
This exploit really isn't as bad as people here like to make it out to be. In order to perform this buffer overrun, you would have to trick the S@H client to connect to a different server. Short of actually breaking into the host computer of the client, I believe this would prove extremely difficult (anyone know how to do this?).
And as was mentioned in the advisory, there has been no reported case of this actually being exploited (outside of proof of concept of course, where the discoverer changed the S@H server address in the client itself).
I've contributed lots of cycles to many DC projects. A little while ago the people from UD and SETI were talking about making one screensaver that allows you to pick and choose what projects you want to contribute to.
Some of the proposed features were switching to another project after finishing a WU, auto updates, ad hoc teams, simultaneous DC use with custom priority, etc.
I wonder what ever happened to that idea. It sounded great. It would also give not so famous groups a chance to write their screensaver using the API, script, or however the one-screensaver-to-rule-them-all DC client works.
It would be nice to be able to see a list of projects from students asking for a group to do the math for them. How cool would offering your team's PC power to the local high school doing a simple DC experiment?
In the meantime the big boys rule. That's not bad, but it could be better.
interesting concept, anyone tried this out? http://www.trepia.com/
In addition, I noted how the S@H team seemed to neglect optimizing the client, so I got into other projects. S@H sucks particularly on the K6. My P2-350 runs it over twice as fast as the K6-2 of similar MHz, partly because it can use the 686 optimized version.
I still prefer S@H over things like distributed.net; the latter poses purely mathematical problems, which IMHO should not be bruteforced. The RC5 crack is plain silly, and the OGR is something that might be 'solved' by other means some day. In addition, things like protein folding could use a proper theory, as you can only bruteforce individual cases. But there's no scientific shortcut in SETI, you just have to keep looking.
Escher was the first MC and Giger invented the HR department.
I guess the command line versions are uneffected... They are still at version 3.03 AFAIK.
After 50 years the aliens hadn't inovated at all. The craft that crashed at roswell in '47 was the same ones they used to attack earth with in the late '90s(i dont remember what year the movie came out). We have new fighters every few years, wouldn't the aliens have made some progress over 5 decades?
"Sic Semper Tyrannosaurus Rex."
THE SLANT
The Slant
You've actually sparked a great idea.
A kind of software book exchange club. A client (kind of p2p in nature) that randomly uploads and downloads a new piece of software every couple days. You never know what you're gonna get, and you have no say in what you send the other person. There's no personal interaction at all. You could get an mp3.. or an iso. However, you could limit your downloads to say, Mac, PC, or Linux.
Anyway, I think this would be cool. p2p, but with no say in what you send or receive. Open your "received" folder every morning and look at what you got. Maybe it's an mp3 that absolutely sucks -- or maybe a really cool app you never knew existed. Or maybe just a really funny picture.
Sadly, when I have mod points, I can't find these informative posts. :)
jX [ Make everything as simple as possible, but no simpler. - Einstein ]
If they do this, then all those unpatched clients will stop working, and people running them will have to either (a) figure out how to get a new client or (b) stop running the existing client, both of which fix the exploit problem.
Does the client have facilities for informing the user of things like this? Like, can the screensaver replace the graphic with "please download a new client"? Otherwise if people get "cannot connect to server" over and over they might just get stupid and give up.
Of course, if they do this, SETI@HOME might actually lose half the current number of computers giving them data, if they would actually consider that useful or not.
How is talking about SETI@home offtopic in this story?
Worse is the reality that, in an effort to help the SETI find an extraterrestrial Yeti (or just to rack up points for geeky ego-boost) it is not too uncommon for junior admins to install SETI clients on fat production servers (I'm confident of the 'junior' status of such admins because even if they are otherwise 'senior' admins this busts them back down to junior status).
In fact, I recall being hired in July of 2001 by a small web design/ecommerce company to work on a new project for a pharmaceutical company to lead their development team. Now, anyone who knows me knows I'm not a sys admin, but I know enough to crash really big systems ;). So, having been entrusted with root on the firms production servers I snooped around and, you guessed it, found SETI@home running on them racking up points for one of the members of the firm.
These servers were being used for credit card processing for ecommerce sites and were scheduled to be used for processing prescriptions and HIPAA-sensitive patient data (they weren't at this point; remember, I was hired for that project and found SETI during an initial server assessment--but these admins knew the purpose of these servers).
So, without ceremony or fanfare I killed and deleted SETI along with this admin's user account. Being new I didn't outright fire the moron but I did recommend strongly that this loser be tossed, which he was within a month.
-- @rjamestaylor on Ello
its Monday and still no patches for non gui clients.
"Oh sh*t there goes the the planet"
ERR 411[Max number of witty sigs reached]
I thought we had them to moderate posts like your as redundent or offtopic.
and posts like this one (mine) as trolls.
oh well, to each his own.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
Well, if you want a noble goal for your spare cycles...
Give 'em to Google!
Seriously, though - this is a distributed program to find protein folding solutions, that could eventually be used for creating new medicines... Plus, it's run by everyone's favorite search engine!
-T
That's a rather narrow viewpoint. You don't think finding, say, primes, even one at a time, has any value, and we must wait for a mathematical solution for calculating any given one?
Shrug. Closed source: what do you expect?
Actually, much of the delay was due to the fact that all of our non-Solaris clients are ported and tested by volunteers whose available time to put toward such things is limited. (On a properly set up SPARC solaris machine, the bug doesn't result in a vulnerability by the way.)
The primary bug was fixed by me prior to 1/25/03, at which point the code was sent to the porters of the Win32 versions. The Win32 versions continued to show a segfault on overflow. The porters eventually tracked down a more subtle bug. Not every buffer overflow is as simple as "he used gets() rather than fgets()." The buggy was far uglier than it needed to be for the job it was doing. Given the time, I probably would have reimplemented it from scratch. I'm not going to reveal who wrote the flawed code other than to say it wasn't me.
Meanwhile, the main team was in panic mode getting ready for the trip to Arecibo. I was out of town on business for much of that two months. (2.5 weeks in Korea, 1.5 Weeks at Arecibo). Maybe we weren't pushing hard enough on our volunteers, but hell, they are volunteers with real jobs that they get paid for.
As has been said, so far as we know at this point no client has been comprimised by exploiting this hole. In order to break the client, an attacker would need to set up a machine to act as a proxy or pretend to be the server. That's not the easiest thing in the world to do without access to the local network (or a security breach at your ISP). And if an attacker has access to your local network or routers and proxies at your ISP, holes the in SETI@home client are the least of your worries.
At any rate, if you're worried, get the upgrade. Given I haven't upgraded my machines yet, you can see how concerned I am about it.
Support SETI@home
The WinNT command line version is now available.
Still no OS X version.
You can check check to see what's avaiable here: ftp://alien.ssl.berkeley.edu/pub/
Can't do it, simple fact that it's the property of the pubisher not slashdot. If Slashdot went a did make copies of all the pages they were going to refer to they would get sued. Google does is as a cache. It's dicey, but if you refer to the google cache then google takes the hit. Most pages on the web with interesting content have banner ads. If you sent slashdotters to google then the ads don't get seen, the site loses money. Damned if you do, Damned if you don't.
Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
The Grub project is a distributed method of crawling the internet. You download the client and you help Looksmart( their search engine wisenut is pretty good but not the best ) crawl the web.a a2b3b639ab6f4b92965e132a1418df9
In my opinion it is better to help contribute your spare bandwith and cpu to help make sure more of the internet is crawled and more frequently instead of something more pie in the sky like SETI. Grub has a more down to earth use. Help make sure all of cyberspace can be crawled.
Download the grub client:
http://www.grub.org/html/downloads.php?PHPSESSID=
There is a linux version. Get crawling, forget seti, helping crawl all the internet is more of an attainable goal.
A manager went to the master programmer and showed him the requirements
document for a new application. The manager asked the master: "How long will
it take to design this system if I assign five programmers to it?"
"It will take one year," said the master promptly.
"But we need this system immediately or even sooner! How long will it
take it I assign ten programmers to it?"
The master programmer frowned. "In that case, it will take two years."
"And what if I assign a hundred programmers to it?"
The master programmer shrugged. "Then the design will never be
completed," he said.
-- Geoffrey James, "The Tao of Programming"
- this post brought to you by the Automated Last Post Generator...