 |
 |
|
November 28, 2005E.T. phreak homeMan those dorks at the SETI project. You gotta wonder if they even did a threat model against the very adversies they are trying to find. They didn't even consider the fact that the Earth could be 0wned if E.T. decides to send malicious data to exploit the SETI clients that are running on the critical infrastructure around the world over the Internet. Or at least, that's what Richard Carrigan, a particle physicist at the US Fermi National Accelerator Laboratory in Illinois, thinks. Today I saw this 'newsworthy' (*snicker*, must be a slow news day) drivel from a few different sources. First it hit Infosec News where a science correspondant discussed a report written by Mr. Carrigan entitled "Do potential Seti signals need to be decontaminated?". Dr Carrigan wants the SETI scientists to build safety features into their network to act as a quarantine so any potentially damaging signals can be trapped before they infect the internet. What was more interesting to me though was a blog response by David Bianco on the matter. I think he sums it up elequantly when he states that: The closest star is about 4.5 light years away from Earth. Assuming that we broadcast complete technical details of the x86 architecture and an entire copy of the Windows OS, along with a comprehensive set of security bulletins and an SDK, the necessary roundtrip time for data travelling at the speed of light would mean that by the time the "exploit" could arrive here, we'd be about 9 years further on. Let's see, 9 years ago, we'd all have been running NT 4 and Windows 95. Good luck trying a Win95 overflow on my XP system! The offsets are wrong now, and new security technologies exist now that weren't dreamed of then (like the non-executable stack). What will we have 9 years from now? I don't know (and neither do the aliens), but I do know the aliens don't stand a chance. Security is about risk mitigation, not risk avoidance. Worrying about E.T. would be one of the last risks on my mind when I should more worry about the script kiddie that will use a vulnerability in one of those SETI clients to exploit the next nuclear power facility. Don't laugh... I've seen SETI clients in the most secure of places where they shouldn't be. So stop the presses!! E.T. may be phreaking you soon! Posted by SilverStr at November 28, 2005 03:04 PM | TrackBackComments
Yeah, but what if E.T. sends the signals from a ship hiding behind the moon? [snicker] But I'm kinda guessing that E.T. has a lot of other, better hacking tools at his (her?) disposal.... Posted by: Don Kiely at November 28, 2005 05:09 PMNah, ET's a n00b. Posted by: na85 at November 28, 2005 11:10 PMYou mean someone reads my blog? ;-) The paper (posted on his website) is quite interesting. Most of it is spent talking about the cheapest way to get signals to the earth, and very little actually has to do with "SETI hacker". There's also some talk about DNA, which I really haven't figured out yet. Posted by: David Bianco at November 29, 2005 06:27 AM |
 
My 5 Favorite Books
Writing Secure Code
Secure Programming Cookbook Security Engineering Secure Coding Principles & Practice Inside the Security Mind
My 5 Favorite Papers
Smashing the Stack
Penetration Studies Covert Channel Analysis of Trusted Systems DoD Trusted Computer System Evaluation Criteria NSA Security Recommendation Guides
Archives
November 2006
October 2006 September 2006 August 2006 July 2006 June 2006 May 2006 April 2006 March 2006 February 2006 January 2006 December 2005 November 2005 October 2005 September 2005 August 2005 July 2005 June 2005 May 2005 April 2005 March 2005 February 2005 January 2005 December 2004 November 2004 October 2004 September 2004 August 2004 July 2004 June 2004 May 2004 April 2004 March 2004 February 2004 January 2004 December 2003 November 2003 October 2003 September 2003 August 2003 July 2003 June 2003 May 2003 April 2003 March 2003 February 2003 January 2003 December 2002 November 2002 October 2002 September 2002 August 2002 July 2002 |
|
