Folding Forum

OMG, that's fun. Well, nothing changed since that time year ago...

Sidicas wrote:My dad called me over today saying that Russians hacked into his computer and was making it send bogus data to folding@home.. So he hasn't been running folding@home anymore. Checked the logs and sure enough.. "Giving Russians Opium May Alter Current Situation" was one of the last things in the logs before he shut it down.

I thought the Folding@home servers were compromised when I first saw one of these messages.

No compromised servers in over 10 years, and none now. The clent server communicatios are encrypted, so not likely to happen soon.

Why would hackers try to compromise FAH servers? They can't issue updates to FAHClient or FAHControl, and as far as I know there is no backdoor in them, so all compromising the servers could do would be to give out bogus work units. I suppose a hacker could use an advanced technique like a buffer overflow, but even then why FAH? Not only is Stanford's servers quite secure, but the amount of FAH users that would get successfully infected and become part of an (involuntary) botnet would be too low to be profitable. It would be much more likely for a hacker to break into a news site or forum, and install an exploit kit in it than to compromise FAH assignment/collection servers.

1. Try to hack into a site with very good security
2. Somehow send a WU that acts as malware or use an undisclosed backdoor in FAH
3. Possibly infect a low number of FAH users (many of which will clean their computers of the malware)
4. ???
5. Don't profit...

The bottom line is that hackers don't care about something with such a poor botnet-recruitment potential like FAH, and they'd have no reason to go to all the trouble just to get a few more slaves in their net.

7im wrote:The clent server communicatios are encrypted, so not likely to happen soon.

If a hacker were to successfully compromise the actual servers and were to gain root access (with a rootkit, etc) then encryption wouldn't matter, and it would be trivial to bypass it. Plus, SSL is only to prevent eavesdroppers from reading the data, if the server is compromised then the encryption doesn't matter, they could easily get the SSL certificate. And most hackers/botmasters will use SSL for their own security. Furthermore, SSL is usually uses the RC4 algorithm, which is extremely trivial to brute-force (it's old and insecure). The only thing protecting the servers is its own security, not SSL encryption.

Stonecold wrote:The bottom line is that hackers don't care about something with such a poor botnet-recruitment potential like FAH, and they'd have no reason to go to all the trouble just to get a few more slaves in their net.

True, but Stanford is going to continue to be vigilant about security.

Why do hackers write viruses? That's about like the famous question about why would someone want to climb Mount Everest . . . "Because it's there" . . . not necessarily because the target is an easy target for botnet-recruitment.

bruce wrote:True, but Stanford is going to continue to be vigilant about security.

Yeah, and I doubt most hackers would possess the skills to break into it even if they tried.

bruce wrote:Why do hackers write viruses? That's about like the famous question about why would someone want to climb Mount Everest . . . "Because it's there" . . . not necessarily because the target is an easy target for botnet-recruitment.

Actually the majority of viruses are for profit. Only a few trojans made by bored programmers are just "for the lulz". Like Windows Optimizer is just to destroy data as an (evil) prank. Otherwise, you can name every major virus/worm/trojan/bot/RAT etc and they're virtually all for profit, whether because the programmer wants to use it themselves or (more likely) to sell them to script kiddies who will then use it to make money (e.g. Zeus and SpyEye for credit card theft). Or the Optima bot (for selling DDoS services), or even the $10,000 Chaos RAT (for personalized and highly FUD attacks against Macs). The "why do people make viruses" question has been answered long ago when it shifted from nasty hobby to huge for-profit deep web services. Now days its more of a myth that viruses have no purpose.

These days hacking and malware is either financially motivated (e.g. Zeus's creator and deep web "pay-per-hack" services) or especially recently, politically motivated (Anonymous, LulzSec, UGNazi, Cult of the Dead Cow, etc).

There are lots of fringe hacking the media doesn't cover, so be careful about generalizing too much. DC projects have always been "hacking" targets at one level or another. Google it. Money is not the only motivation. Fame, ideology, even points are also strong motivations. You know what they say about assuming...

7im wrote:There are lots of fringe hacking the media doesn't cover, so be careful about generalizing too much. DC projects have always been "hacking" targets at one level or another. Google it. Money is not the only motivation. Fame, ideology, even points are also strong motivations. You know what they say about assuming...

I know. I'm just saying it's far less likely that Stanford's FAH servers would be hacked then anything else.

Thank you for clearing that up, because parts of your earlier posts carried a different message.

Oh OK. Sorry.

I got "Working on Good ROcking Metal Altar for Chronical Sinners" its funny cause I play heavy metal and rock guitar!

Good evening.

I just received this tag line on PRCG 8072 (0, 1284, 56). What ever happened to removing this tag line from the code, as indicated by the early thread?

Take care and have a good day.

Rich Seyfert

I think they switched it to Rabbits, but then PETA protested them.

And when they switched Opium with Orange, Anita Bryant threw a rock through their window.

SeyfertR wrote:Good evening.

I just received this tag line on PRCG 8072 (0, 1284, 56). What ever happened to removing this tag line from the code, as indicated by the early thread?

Take care and have a good day.

Rich Seyfert

Please understand this has nothing to do with the functionality of the client and is thus low on the priority list of things to get resolved. Second, Folding@home has no direct control over the working of status messages that are added to the Gromacs.org coding used by FAH. Lastly, there is a 2 year upgrade cycle while gromacs updates, and while FAH incorporates that update code with the "marginally less offensive" language.

Also note that older fah projects running the current fahcores will not be ending for several additional years. Don't hold your breath. This change is in the "not soon" category.

New FAHCore will not have any of this.