[RC5] 'Distributed' Web Projects Raise Security Issues

blitz blitz at macronet.net
Mon Feb 25 06:34:05 EST 2002


>
>
>http://www.newsbytes.com/news/02/174660.html
>
>By Ariana Eunjung Cha, Washington Post
>WASHINGTON, D.C., U.S.A.,
>21 Feb 2002, 6:57 AM CST
>
>The projects' creators describe them as akin to digital ant colonies.
>
>They are networks composed of millions of computers working together
>across the Internet to solve some of the world's most intractable
>problems: analyzing possible cures for cancer or AIDS, scouting the
>universe for signs of life, or even cracking a code for prize money.
>
>The machines are ordinary PCs. Volunteers need only download a free
>screensaver to participate. The software program harnesses any
>leftover processing power, without interrupting a volunteer's normal
>activities, and diverts it to tackle some large computing problem. In
>this way, average citizens are helping scientists help the world.
>
>The projects have already managed to aid researchers in analyzing
>global climate changes and to find new prime numbers. They've also
>screened a series of compounds with the potential to render anthrax
>toxins harmless; that project, sponsored by Oxford University, United
>Devices, Microsoft and Intel, among others, was completed in just 24
>days.
>
>But just as these "distributed computing" projects are beginning to
>yield results, new concerns about security have put many efforts in
>jeopardy.
>
>Since Sept. 11, companies large and small have begun stripping the
>software from machines out of fear they create an open channel to the
>Internet that could be exploited by terrorist hackers. Richard
>Chambers, the former inspector general at the Tennessee Valley
>Authority, America's largest public power company, and other
>government officials have declared the projects a risk to computer
>security and banned them from their systems. And in an unusual case
>that has riled up the high-tech community, a technician at the DeKalb
>Technical Institute, a public, two-year college in Clarkston, Ga., was
>charged by authorities with computer theft and trespass after
>installing such a program on several school machines.
>
>Tim Mullen, chief software architect for software firm AnchorIS.Com
>and a columnist for the SecurityFocus.com site, is among those who
>tell clients to remove those programs from their machines.
>
>"Unless you have people onboard who are going to do a code-level
>review for security on what's going in that screensaver, it's not
>worth the risk," he said.
>
>The companies that make such software -- firms such as Fairfax-based
>Parabon Computation Inc. and United Devices Inc. in Austin -- insist
>their products are safe. Indeed, in an testament to at least one of
>these systems, a well-known hacker-group-turned-security-consultancy
>@Stake l0pht has loaned out 86 PCs to work on a math puzzle called the
>Optimal Golomb ruler. A Golomb ruler is a special ruler where all
>marks have unique distances from each other with no duplications.
>These rulers can help determine positions of antenna in an array for a
>radio telescope, among other applications.
>
>Many of the researchers who have constructed the screensavers as
>largely academic projects brush aside possible risks as unimportant
>given the value they potentially bring to society.
>
>That includes the directors of SETI at Home, which analyzes data from a
>radiotelescope for signs of alien life and, with 3.5 million users, is
>probably the largest distributed computing project.
>
>In June of last year, when hackers gained access to its volunteer
>database and escaped with information about 50,000 users, the
>administrators said they would not rewrite the software to add more
>security because it is a nonprofit project without the time or
>resources to do so.
>
>David Anderson, the director of SETI at Home, said the screensaver itself
>has been bug-free for 2 1/2 years -- hackers had gained access to the
>project's central servers. Still, he supports decisions by some
>administrators to remove the screensaver from their workers' machines
>for security reasons. For instance, "any computer that's connected
>with a nuclear power plant shouldn't be running any extra things," he
>said.
>
>The number of active users of the program has dropped off by a few
>tens of thousands since September. But Anderson attributes the decline
>mostly to congestion on the University of California at Berkeley
>network that his project runs on. As students trade a growing number
>of digital music and other electronic files, the resulting traffic is
>preventing SETI at Home from being able to communicate effectively with
>its network of computers because some messages are not getting
>through.

--
To unsubscribe, send 'unsubscribe rc5' to majordomo at lists.distributed.net
rc5-digest subscribers replace rc5 with rc5-digest



More information about the rc5 mailing list