Hi all, At 08:10 PM 2/12/2002 +0100, Ignacio Larrosa Ca�estro wrote: >In my personal account report of yesterday could be read: > >Assignment overdue check-in is set at 60.0 days (0.0 days to expire) >But now this exponent is missing. How is it possible??
OK, the cat is out of the bag..... In late January, one of the more productive teams was hacked. Prime95/Primenet has some security holes. One of these holes is that a team must make its password public for new members to join. Someone exploited this hole. This loser thought it would be "cute" to unreserve all the team's exponents (a few hundred) via the manual web pages. Brad & Scott patched the manual forms and embarked on implementing a more permanent solution. A week ago, they struck again using prime95 itself to again unreserve some of the team's exponents. Unfortunately, rather than hurting the team, the hacker ended up hurting ordinary users. The server reassigned all the unreserved exponents. Since the team's computers had a head start on these exponents they are likely to finish them first. When they report a result, your assignment will "disappear" from the active assignments list. GIMPS, of course, can use your result for double-checking. Brad/Scott have now changed server so that none of this team's exponents can be unreserved. They are still working on making this feature available to all teams to prevent this in the future. Brad & Scott are better able to comment on this, but I think that this is the first hacker attack on the reservation system. There have been many denial of service attacks and attempts at defacing the web pages (don't people have better things to do with their time?) Are there other security holes? Yes. For obvious reasons I don't know if we should discuss these in a mailing list. Beefing up security costs time and money. These are limited resources in an all-volunteer, not-for-profit, zero-revenue project. We'll try to do the best we can given our limitations. Always remember.... GIMPS is just for fun, George _________________________________________________________________________ Unsubscribe & list info -- http://www.ndatech.com/mersenne/signup.htm Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers
