There is so much wrong with this article. As Oliver said it seems likely this is a PR article by unnex. It also seems that either unnex didn't understand the BOINC system or the author didn't listen to the so called Hacker, which I wouldn't call myself if I would do penetration testing for a living. I'm going to write a complaint/comment to the MDR later today.
Regards Christian ----- Reply message ----- Von: "Oliver Bock" <[email protected]> An: <[email protected]> Betreff: [boinc_dev] Security Issue in BOINC reported on the German MDR website Datum: Mi., Feb. 13, 2013 11:22 On 2/13/13 10:46 , Timo Strunk wrote: > There is a very inflammatory article about BOINC on the MDR website, > which blames the University of Berkeley for not fixing security holes, Indeed, and it clearly shows that neither the "hacker" (see below) nor the MDR have a clue how BOINC works - unfortunately. Good journalism is done differently... > The picture shows the recent php security vulnerability changeset, which > was on our server a day after it went to git. Is this the security hole, > which was reported by the security firm Unnex? Most likely, the interviewed "hacker" is called Matthias Ungethüm who, despite the unusual last name, is in fact the founder of Unnex, a penetration testing "company". While existing security flaws are certainly something that needs urgent fixing, the general tone of this "breaking news" article sounds more like a PR stunt for his own "company" if you ask me. Oliver _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address. _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
