-----Original Message-----
From: Brian J. Beesley <[EMAIL PROTECTED]>
To: Daran <[EMAIL PROTECTED]>
Date: 11 March 2001 22:48
Subject: Re: Mersenne: Security of prime95 + electricity costs.
>You are of course correct. But to make this work requires a lot of
>knowledge about how the application is coded, and it's more or less
>pointless when the program which you _might_ be able to hack in to
>has no particular priveleges...
As I said in my other replies, the source code is freely available, and
anyway, security through obscurity is deprecated, and rightly so. The client
has one crucial privilege:- the right to run on that machine. If prime95 can
be made to execute arbitrary hostile code then the entire system is breached.
Things are better on a properly secured NT/*nix, but a breach is a breach, and
a hostile program running locally can attack daemons which don't listen to the
network. As far as the amount of work is concerned, well, crackers - real
ones, not scriptkiddies - are patient and hardworking, and if a vulnerability
is discovered then it will be exploited sooner or later.
>...and is running at idle priority.
At idle priority, mprime gets over 99.9% of my CPU when I'm not doing anything
else. When I am, it averages at about 96%. Prime95 gets about 99.5% on an
idle system, as low as 50% when busy, but that's Windows for you. Either way,
that's more than enough time to do as much damage as it wants.
>Even if there is a theoretical possibility, I think the chance
>of an attack succeeding is about the same as that of the Queen Mother
>(God bless her - she's 100 years old) has of being killed by a
>meteorite whilst standing naked on the summit of Mount Everest.
If there is a vulnerability, (and I don't think there is, from looking at the
source), then I see no reason why it should be any more difficult to implement
that any other buffer overflow exploit, yet such exploits have been
implemented and used to breach security. In fact, I can't see any reason why
an exploit written for another program shouldn't be used, with minor
modifications, for any other.
>I rather suspect that a _really determined_ attack would be more
>likely to be "successful" in crashing the TCP driver than it would be
>to actually compromise the system through the client.
An attacker could easily set up a 'development' system with a client to
practice his attacks on.
[...]
>Yes, the server is at more risk than the clients. There is an obvious
>threat from denial-of-service attacks, for a start. However, even if
>a cracker got into the server, I don't think he'd be able to launch
>an attack against client systems which it wouldn't be able to launch
>using telnet on an arbitary host.
Yes he could. While the client /system/ may have other vulnerabilities that
could be attacked using telnet, he couldn't attack the client itself, because
it's only listening to Primenet, and then for no more than a few seconds at a
time. What puts the Primenet server in a unique position to attack is that
the clients connect to it. They tell it when they're listening to it.
[...]
>Well, being diagnosed paranoid doesn't prove no-one's persecuting you
>... I think it makes sense to run Tripwire (or something equivalent);
>you _can't_ be sure that a system has no vulnerabilities, but you
>_do_ want to be able to detect & eject any successful gatecrashers.
Agreed, but you can also be aware of the likely sources of risk, and how to
minimise them.
>Actually browsers are a significant security hazard, especially if
>you fail to disable Java / Javascript / ActiveX / any plugins.
All disabled. There are other known vulnerabilities in IE4 for which there
are no patches - you're expected to upgrade to IE5. Unfortunately my system
is so old and unstable that the last upgrade (to IE4) caused a major crash. I
dare not do another. So for the time being I'm conscious of being vulnerable.
Another reason for getting a new system with Linux and a real modem.
>Anyone
>who feels reasonably running a browser, or an e-mail client, should
>have no concerns in respect of mprime/Prime95.
That may be true, but it is the for the user to decide what risks he is
prepared to tolerate, not the GIMPS admins and programmers. /Their/ job is to
make that risk as small as possible. I have no idea how or whether you are
involved in that effort, but - no offence intended - I have found your replies
to this thread shockingly complacent. It's not just the users that stand to
lose in the event of a security breach. The entire GIMPS project - and
distributed computing in general - would be devastated if a client were
implicated in a serious security breach at, say, a large company or a major
university.
> I don't know the security models for WIN98/NT/ME But I expect something
> similar would be possible. WIN95 and earlier can't be secured in this way.
Eh? ME & 98 are the same as 95 from the security point of view -
I'll take your word of it. I've never used either.
Regards
Brian Beesley
Daran G.
_________________________________________________________________________
Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm
Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers
