[ISN] Grid computing boosts hacker network

From: InfoSec News (isnat_private)
Date: Wed Mar 13 2002 - 01:17:15 PST

  • Next message: InfoSec News: "[ISN] Army securing wireless LAN"

    http://asia.cnet.com/newstech/security/0,39001149,39031881,00.htm
    
    By Wayne Rash, Special to CNETAsia
    Wednesday, March 13 2002 1:52 AM 
    
    Commentary: Just before I start writing, I look at the colorful blocks
    and jagged lines of the SETI at Home screen saver that runs on my
    workstation.
    
    SETI at Home is a distributed computing application that divides a
    massive signal processing problem into tiny segments and sends them to
    millions of computers worldwide. Since SETI's inception, many other
    distributed--or grid--computing projects have begun work, and vendors
    such as Sun, IBM, and Compaq have jumped into the fray.
    
    One particular project, however, has nefarious intentions. A worldwide
    hacker confederation is quietly setting up a global, real-time,
    peer-to-peer grid of processing power to crack encryption--especially
    passwords--used in commerce.
    
    Cracking passwords is not an easy task; you need a huge amount of
    computing power to get results. Grid computing, however, gives hackers
    the horsepower they need in an unprecedented way.
    
    Here's how it works: Hackers send clients into your system via a worm,
    or through any other site that's been hacked or intentionally set up
    to run programs on your PC remotely. Or, a user downloads a
    screensaver from any of the sites that let you share computing assets.
    
    After the clients are inside users' machines, they lend processing
    power to the encryption-cracking effort. The hacker clients sniff the
    password and user IDs from a stream going to a commerce site. With all
    that processing power, it doesn't take very long to encrypt a
    password; you could crack the average seven-character password in
    about an hour if you had 160 computers working on it.
    
    Worse, these clients donít stop using resources when you start
    working; they take advantage of the real-time connections in a
    corporate environment and continue cracking.
    
    To guard your computing power, make sure your firewall is set to stop
    outgoing traffic on ports and by unauthorized applications. Use strong
    passwords (eight really random characters will do) and change them
    regularly. Also, deploy auditing software that will search for
    unauthorized applications--including those that may contribute to a
    hacker network.
    
    If you decide you donít mind contributing some of your computing
    resources, make sure you know whoís really behind the effort. SETI at
    Home is backed by the University of California at Berkeley, but not
    every backer is legitimate.
    
    Wayne Rash runs a product testing lab near Washington, DC. He's been
    involved with secure networking for 20 years and is the author of four
    books on networking topics.
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Mar 13 2002 - 04:33:03 PST