Outage Notices and other news

Moderator: Super Moderators

User avatar
Gwen
Pirate
Posts: 332
Joined: 10-24-2000 02:00 AM

Post by Gwen » 04-04-2003 03:08 PM

all appears to be working fine now

User avatar
Doug
Pirate
Posts: 259
Joined: 01-01-2003 03:00 AM
Contact:

Post by Doug » 04-05-2003 07:27 AM

Surprisingly enough (to me) I actually missed the downtime quite well. I had no problems yesterday whatsoever... except for one time I couldn't get the team stats page up. Guess I should consider myself lucky, huh? I returned a WU @ 12:20 pm EST.

Onward!!
ï'm ®ïgh‡ ߀hïÑÐ ¥Øµ!
~Doug~

User avatar
Gwen
Pirate
Posts: 332
Joined: 10-24-2000 02:00 AM

Post by Gwen » 04-05-2003 09:56 AM

IMPORTANT! [email protected] put this up last night! Doug, will you look at this and see if it affects command line? It looks to me as if it is only for the screensaver version, because it refers to 3.08. I am running i386-winnt-cmdline verssion 3.03. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
— April 4, 2003 —
There is a software update with a precautionary security fix. To obtain it, go the the download page. http://setiathome.ssl.berkeley.edu/download.html

— April 4, 2003 —
OUTAGE NOTICES. There will be intermittent service drops for one hour starting tomorrow at 0800 UT while maintenance is performed on our Internet link.
On Monday 4/7 there will be a 2 hour data server outage starting at 1700 UT while Sun performs some maintenance.



[This message has been edited by Gwen (edited 05 April 2003).]

User avatar
Gwen
Pirate
Posts: 332
Joined: 10-24-2000 02:00 AM

Post by Gwen » 04-05-2003 05:08 PM

<font face="Verdana, Arial" size="2">Originally posted by Gwen:
IMPORTANT! [email protected] put this up last night! Doug, will you look at this and see if it affects command line? It looks to me as if it is only for the screensaver version, because it refers to 3.08. I am running i386-winnt-cmdline verssion 3.03. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
— April 4, 2003 —
There is a software update with a precautionary security fix. To obtain it, go the the download page. http://setiathome.ssl.berkeley.edu/download.html

— April 4, 2003 —
OUTAGE NOTICES. There will be intermittent service drops for one hour starting tomorrow at 0800 UT while maintenance is performed on our Internet link.
On Monday 4/7 there will be a 2 hour data server outage starting at 1700 UT while Sun performs some maintenance.

[This message has been edited by Gwen (edited 05 April 2003).]
</font>
It appears this security fix just affects screensaver users...I think lrs, TJ, webrad98 and daboodaddy use screensaver...Mark (Tabwebmaster) or Doug, do they need to DL this fix? Is this something they need to be concerned about?

User avatar
Doug
Pirate
Posts: 259
Joined: 01-01-2003 03:00 AM
Contact:

Post by Doug » 04-05-2003 10:08 PM

<font face="Verdana, Arial" size="2">
> Berkeley have released a new version of the client, 3.08 which fixes a
> buffer overflow error that could potentially be a security threat.
>
> "Version 3.08 is a precautionary security release. There was a potential
> buffer overrun in the networking code of the client that is fixed with
> version 3.08. Note that to exploit this vulnerability, a potential attacker
> would have to trick the client into contacting a fake server rather
> than the actual [email protected] server. To our knowledge, no [email protected] client
> has ever been attacked in this manner."
</font>
It's a possible security hazard... one I'm sincerely doubting would have any effect on any of us. I wouldn't bother. I'm thinking maybe people who are using office/work computers on their business network would be basically the only ones with any risk factor.

But, it's a personal decision. It won't help or hinder the processing of data. But I doubt it's necessary for most of us.

What are you using Tracker?? With 30+ machines in a business environment, it might be wise for you?

Oh - yes, this only affects the screensaver version.
ï'm ®ïgh‡ ߀hïÑÐ ¥Øµ!
~Doug~

User avatar
TABwebmaster
Boatswain
Posts: 2717
Joined: 05-25-2002 02:00 AM
Contact:

Post by TABwebmaster » 04-06-2003 02:49 AM

Ditto what DougB said...it's not absolutely necessary IMO. It's up to you and yes it only affects the screensaver version which nobody should be using anyway since it's about 10% slower than setiathome-3.03.i386-winnt-cmdline.exe. Image

Look at the ORR Cheetos room from last week or so to see a full description of how to get SETI Driver and cmdline set up together if you need it.

Mark

User avatar
Gwen
Pirate
Posts: 332
Joined: 10-24-2000 02:00 AM

Post by Gwen » 04-06-2003 01:03 PM

Thanks, Doug and Mark. I'll come back with the link to the ORR thread where Mark walked CK through installing command line version, if any of the screensaver users are interested, or you can e-mail me and I will send you instructions. Honestly, I think Mark's instructions in ORR are much easier to follow than the ones I have saved from waaaay back.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~
edited to add:

Okay, here's the ORR link: http://www.fantasticforum.com/ubb/Forum ... 560-3.html Starts on TABwebmaster's 1:27am post on page 3, about 1/4 way down the page.



[This message has been edited by Gwen (edited 06 April 2003).]

Tracker3
Pirate
Posts: 80
Joined: 03-25-2003 03:00 AM

Post by Tracker3 » 04-07-2003 10:07 AM

<font face="Verdana, Arial" size="2">Originally posted by DougBupstateNY:
It's a possible security hazard... one I'm sincerely doubting would have any effect on any of us. I wouldn't bother. I'm thinking maybe people who are using office/work computers on their business network would be basically the only ones with any risk factor.

But, it's a personal decision. It won't help or hinder the processing of data. But I doubt it's necessary for most of us.

What are you using Tracker?? With 30+ machines in a business environment, it might be wise for you?

Oh - yes, this only affects the screensaver version.
</font>
I am using my office and home office for this project. Security is always an issue for me. I haven't seen any security bypass attempts other than the random hacker trying to ping my local IP addresses (without any success). I must say that this issue shouldn't concern anyone too much. It would only concern me if someone was to use this on a much larger network in a banking or securities industry. Considering that I am work for a real estate company, I have no data that anyone would want.

------------------
<SSSS}|--Tracker-3----->
oSSSS}--Tracker-3--------

User avatar
Gwen
Pirate
Posts: 332
Joined: 10-24-2000 02:00 AM

Post by Gwen » 04-08-2003 11:25 AM

This is from http://cnet.com news from 4-7-03. I don't know about this. I seen no patch up for cmdline yet.
``````````````````````````````````
[email protected] flaw could let invaders in


By Robert Lemos and Patrick Gray
Staff Writer, CNET News.com
April 7, 2003, 11:42 AM PT

The [email protected] project has released a new version of its software in order to close up a security hole that could let invaders into participants' PCs.
The project, which allows desktop and workstation users to contribute processing time to the search for extraterrestrials, issued the new distributed client on Friday. It fixes a buffer overflow vulnerability that could allow an attacker to take control of a computer just by sending specially formatted Web requests.

The flaw is one of three reported to [email protected] by a Dutch security researcher last December. The three vulnerabilities only became public knowledge this weekend.

"This has been tested with various versions of the client," Berend-Jan Wever, a 26-year-old computer-science student from Delft University and the researcher who found the flaw, stated on his Web site. "All versions are presumed to have this flaw in some form."

[email protected] software has been installed on more than 4.4 million registered users' desktops and has between 500,000 and 600,000 active users, according to the [email protected] Web site. The group defines an "active" user as one from which they have received a calculated result in the past month.

The vulnerability affects all versions of the client, including the Windows screensaver, the MacOS screensaver and the Linux and Unix command-line clients. The flaw requires that the attacker either successfully create a fake [email protected] server and route the victim there, or take control of one of the project's own Web servers.

[email protected] stated that those caveats make an attack unlikely. "The vulnerability involves a scenario in which hackers are able to impersonate the [email protected] data server, that is, trick the client into communicating with a fake server," said David Anderson, director of the [email protected] project. "This scenario has never happened, as far as we know."

However, Wever pointed out that software to help an attacker reroute a victim's communications already exists.

"This can be done using various widely available spoofing tools," he noted on his Web site. "An attacker could also use the machine the proxy runs on as a base for this attack."

Wever and [email protected] both recommend that users download the latest software from the project's Web site. In addition, [email protected] software users can download a patch from its Web site. The command-line versions of the software for Windows, Linux and Solaris will be available later on Monday, said [email protected]'s Anderson. Information about the security flaw has been sent to open-source projects that have created other versions of the software as well.

The Dutch security researcher pointed out two other flaws in the SETI software. One involves the amount of information sent unencrypted by the client to the server. The information includes a great deal of information about the computer running the client, Wever noted, and should be considered a flaw.

The other flaw, apparently in the [email protected] servers, could let an attacker compromise the main servers, the Dutch researcher said. That would allow all [email protected] clients to be exploited, if the flaw could be exploited. E-mails to Wever were not immediately answered.

[email protected]'s Anderson, however, stressed that the server vulnerability had been fixed nearly two months ago using information Wever provided.

The [email protected] project uses distributed computing to analyze radio-telescope data. The client software, in the form of a screen saver, downloads raw data collected by the telescope and scours it for intelligent signals embedded in it.

This type of number crunching is computationally intensive. But with around 4.3 million users, the researchers are able to make the most of the world's idle processing power, logging 48 teraflops, or floating point operations per second.

The SETI Web site explains the logic: "While you are getting coffee, or having lunch or sleeping, your computer will be helping the Search for Extraterrestrial Intelligence by analyzing data specially captured by the world's largest radio telescope."

Web designer Sean Rainey of Melbourne, Australia, has used the SETI client for about two years.

He joked that intelligent extraterrestrials may have used the vulnerability already in order to smudge the project's findings. "It's clear as day," he said. "They're quite happy just being left alone."

ZDNet Australia's Patrick Gray reported from Sydney.


[This message has been edited by Gwen (edited 08 April 2003).]

User avatar
Doug
Pirate
Posts: 259
Joined: 01-01-2003 03:00 AM
Contact:

Post by Doug » 04-08-2003 01:24 PM

Gwen - It appears that there is a new cmdln version 3.08. I have it on my site for those who are interested.

http://www.superior.net/~smiley/seti/

I personally don't feel that it's necessary - but if anyone would feel safer, by all means, go ahead and update. Image

Edit to add:

It would appear, according to rumors currently circulating, that the new version is up to 15% slower than the old version.

Also - Be sure and finish any WU's that you are currently working on, as you will most likely lose all work completed, and the new client will start from 0%.

Just thought you might want to know.

[This message has been edited by DougBupstateNY (edited 08 April 2003).]
ï'm ®ïgh‡ ߀hïÑÐ ¥Øµ!
~Doug~

User avatar
megman
Parrothead
Posts: 13243
Joined: 08-07-2000 02:00 AM

Post by megman » 04-08-2003 03:38 PM

Command-line is/was 3.03 Hasn't changed.

Just came from seti and the 3.08 screensaver patch is no longer there. Back to 3.07. big goof in the patch???

------------------
~~Can't sleep, the clowns will eat me....~~
Come visit us at
www.megmansgym.ca
Still an Original Pirate since Aug 2000
Wanna ride the Zamboni?

User avatar
Gwen
Pirate
Posts: 332
Joined: 10-24-2000 02:00 AM

Post by Gwen » 04-08-2003 03:58 PM

Thanks doug and megman for the input. I think I will stick with what I have..don't want 15% slower processing time. Will just keep my fingers crossed...are you confident with using it, megman, cause I am on aDSL too, so am always on? I have had numerous attempts from subseven backdoor trojans that were blocked by Norton Internet Security, but just this morning a Senna Spy trojan was blocked...have never heard of that, but at least it was caught...I always stay current with virus definitions and security updates. Guess I'm getting to be a nervous nelly in my old age Image I have been reading the [email protected] message boards and other BBS....no one seems to be too concerned about this. Back to crunchin'.

[This message has been edited by Gwen (edited 08 April 2003).]

User avatar
Doug
Pirate
Posts: 259
Joined: 01-01-2003 03:00 AM
Contact:

Post by Doug » 04-08-2003 07:53 PM

<font face="Verdana, Arial" size="2">Originally posted by megman:
Command-line is/was 3.03 Hasn't changed.</font>
Beg to differ - I have setiathome-3.08.i386-winnt-cmdline.exe, and have run it for 1 WU. It is v3.08. It is slower, so I'm going to continue with 3.03.
ï'm ®ïgh‡ ߀hïÑÐ ¥Øµ!
~Doug~

User avatar
Doug
Pirate
Posts: 259
Joined: 01-01-2003 03:00 AM
Contact:

Post by Doug » 04-08-2003 07:59 PM

Welcome aboard to our newest member - Chuck Currey! Glad to have ya! Come on in - relax - join the gang! They'll be along any time now. Image
ï'm ®ïgh‡ ߀hïÑÐ ¥Øµ!
~Doug~

User avatar
Gwen
Pirate
Posts: 332
Joined: 10-24-2000 02:00 AM

Post by Gwen » 04-08-2003 08:12 PM

Chuck, welcome! I am so glad to have you with us. Stop by and post a hello. Image

Post Reply

Return to “FANTASTIC FORUM ~ SETi Team”