UBBFriend: Email This Page to Someone!
  Get 3DNow! Message Board
  Team 3DNow! SETI
  can't update stats from Seti spy

Post New Topic  Post A Reply
profile | register | preferences | faq | search

next newest topic | next oldest topic

Author Topic:   can't update stats from Seti spy
wl6538
Follower of Athlon
posted June 01, 2001 06:24     Click Here to See the Profile for wl6538     Edit/Delete Message
Just wondering if any one have this problem since yesterday?

IP: Logged

Martin
Follower of Athlon
posted June 02, 2001 13:16     Click Here to See the Profile for Martin     Edit/Delete Message
Down load New version for fix
SETI Spy 3.0.6
http://pages.tca.net/roelof/setispy /

workaround described in FAQ 2.17


[This message has been edited by Martin (edited June 02, 2001).]

IP: Logged

DanBall
Follower of Athlon
posted June 02, 2001 13:36     Click Here to See the Profile for DanBall     Edit/Delete Message
Here's the reason (from Arstechnica):

Recently on May 17th the SETI@Home project celebrated their two year anniversary. While this was a time of celebration for the project, it was also a break time between two security issues that hit the project. The first incident occurred at the end of April with claims of an undetectable and untraceable hack to the S@H client. News about these claims were made on the alt.sci.seti newsgroup by an anonymous poster posting through an IP address in Canada. Some posters who spoke out against this person on the newsgroup soon found their work units totals increasing far more than the work units they had actually done. I happened to be one of those people that were affected. Eric Korpela, who deals with server and database issues, responded on the newsgroup with the following:

"On to the identity theft saga. A couple weeks ago I noticed the newsgroup thread from the self proclaimed cheater. It was pretty easy to track him down and delete his account. He was using a known cheat mechanism that I won't bother to describe. I also closed, (or at least thought I had closed), the loophole he was exploiting. As revenge he decided to send bogus results using the accounts of others, mostly people who decried his cheating in the newsgroup. It turns out there was a bug in my fix and the results kept getting through. That hole has been closed, but it will be a while before I can fix peoples' stats."

The identity theft that Eric talked about was really not identity theft at all. As it turns out, all that is needed to post work units to any person's account is their email address that is attached to their S@H account. The people who were affected during this time were people who posted on the newsgroup using the same email addresses that were used on their S@H account. Simple as that.

Fast forward to the Memorial Day weekend. Many S@H users were greeted with an email which claimed the user database information from the S@H servers was obtained through an exploit.

"Dear Seti@home user.
Seti@home Webpage been exploited. We have the intire user database as well all your information. http://www.angelfire.com...(rest of URL omitted)
SEE FOR YOURSELF.
have nice day.
regards UFCF Team 2001."

The "UFCF Team", it turns out, were the same people who claimed responsibility for the April episode. By the time I found out about this claim, the website had been pulled by angelfire for terms of service violations. From reports, the webpage included two .zip files for download that contained user information. I obtained a copy of some information from these .zip files. The file included the user ID, email address, user name and other information. Actually, the information included was the same information that is included in the user_info.sah file the S@H client produces. The file did not include any account password information, nor information on the location of the user (other than a zip code/postal code). User accounts cannot be accessed and changed by information that was available in this .zip file.

As far as I can tell, the S@H databases/servers were not hacked or compromised in themselves. The only hacking that was done involved sending bogus results to the S@H servers. How did they obtain the user information? When the S@H client sends results to their servers, the servers are sent information in the user_info.sah file, and results get posted to the user ID number included in the file. If the data in the user_info.sah file is not up to date, the server sends an updated user_info.sah file back to the computer. The group apparently used a script to simulate results being sent to the S@H servers, and then trick the server into sending back the user_info.sah file for the user ID number that was sent. The obtained results were compiled and then placed in the .zip files that were on the angelfire website.

S@H has responded by limiting the information sent back in the user_info.sah file. The file no longer contains the email address, url, country, postal code, or any other statistical information for users. Does this make the clients completely secure? No. If a malicious user knows a different user's email address, they still can post work units to that account. Forcing the client to use both the user's ID and password for submitting results would be one way to solve this. Currently the S@H client cannot do this, and such modifications would require a totally new client, and server/database changes. The next version of the S@H client will probably be set up this way, but would take several months for a new version to be released.

[This message has been edited by DanBall (edited June 02, 2001).]

[This message has been edited by DanBall (edited June 02, 2001).]

IP: Logged

DanBall
Follower of Athlon
posted June 02, 2001 13:44     Click Here to See the Profile for DanBall     Edit/Delete Message
BTW, both my accounts have been affected by this, but I never got an e-mail

IP: Logged

All times are ET (US) next newest topic | next oldest topic

Administrative Options: Close Topic | Archive/Move | Delete Topic
Post New Topic  Post A Reply
Hop to:

| Get 3DNow!

All submissions are copyrighted by their respective authors and are not for re-use in any form without their explicit written consent.

Powered by: Ultimate Bulletin Board, Version 5.37
© Madrona Park, Inc., 1998 - 1999.

Pentingnya Review Slot Online

Membaca review slot online bisa menjadi panduan yang sangat berguna. Review sering kali memberikan informasi tentang RTP slot tertinggi dan pengalaman pemain sebelumnya. Dengan memilih slot gacor yang telah direkomendasikan, peluang untuk menang dapat meningkat. Jadi, jangan lewatkan untuk memeriksa ulasan sebelum mulai bermain.

Beberapa situs kini menawarkan Slot Depo 5k sebagai pilihan deposit yang sedikit lebih tinggi, memberikan lebih banyak variasi dalam permainan dan peluang kemenangan. Meskipun sedikit lebih besar, modal ini tetap cukup terjangkau bagi banyak pemain.

Jika Anda menyukai permainan yang menggabungkan strategi dengan keberuntungan, Slot Mahjong adalah pilihan yang tepat. Permainan ini menggabungkan elemen-elemen dari permainan Mahjong klasik dengan fitur-fitur permainan slot yang menguntungkan. Setiap putaran dalam Slot Mahjong memberikan pengalaman yang berbeda, dengan berbagai peluang untuk mendapatkan kemenangan besar berkat simbol-simbol unik yang tersedia.

Mengakses Link yang Memberikan Peluang Menang Lebih Besar untuk Pemain

Menemukan platform yang tepat sangat penting bagi pemain yang ingin mendapatkan keuntungan lebih dalam bermain. Salah satu yang paling sering dicari adalah Link Slot Gacor yang memberikan akses langsung ke berbagai permainan dengan peluang menang lebih tinggi. Dengan dukungan teknologi canggih, pemain bisa menikmati pengalaman bermain yang lebih nyaman dan menguntungkan setiap saat.

Situs Togel Dua Digit yang Memberikan Layanan Terpercaya dan Hadiah Besar Setiap Hari

Untuk menikmati permainan togel dengan hadiah besar, penting memilih platform yang aman dan terpercaya. Salah satu rekomendasi terbaik adalah Situs Togel 2d, tempat yang ideal untuk pemain yang menginginkan hadiah besar.

Related Links