TIME TO GET THE BANDAGES in place for Seti@Home users. It seems that all versions of the client software are at risk from a buffer overflow hack. There are new versions of the software up on the Seti@Home website that stop the hack.
The problem comes in the way that the software sends information back to the main server. Even the server had the vulnerability up until a short while ago. The client sends details of what processor and operating system were used to crunch the data in plain text to the server. If an attacker has control of a machine between the Seti@Home client and the server, it is possible to packet sniff and then use the information to launch an attack.
There's already an exploit available for Linux based servers so others won't be too far away. It's probably a good idea to get the patched version as soon as possible, otherwise you could find a distinctly Earth-bound type of invader probing you.
Download: Version 3.08 of SETI@home for Windows 95/98/2000/NT/ME/XP
Download: Version 3.08 of SETI@home for Macintosh
News source: The Inq
-1 Comments - Add comment