Security Flaw Spotted, Fixed In Seti@home ProgramSecurity Flaw Spotted, Fixed In Seti@home Program

As if more proof was needed that any noble deed can potentially be punished: A security flaw has been discovered in the popular distributed-processing program seti@home, which looks for signs of extraterrestrial communication.

The flaw can result in an attacker gaining information about a seti@home user's computer. It also can cause a buffer overflow. There are 4.4 million computers running seti@home, the pioneering distributed-processing app created by the organization of the same name. The screen-saver software distributes the process of analyzing space-borne radio signals over a worldwide volunteer network of individual computers. Seti@home project director David Anderson acknowledged the vulnerability and said he is unaware of anyone being exploited by it. The organization's Web site, setiathome.berkeley.edu/, points to what is being called a "precautionary security" update of the program that addresses the problem. The site credits computer user Berend-Jan Wever with finding and reporting the flaw. Vulnerabilities like this one might set back "optional" grid-computing programs such as seti@home, says Pete Lindstrom, research director of market-research firm Spire Security, but they're unlikely to hurt acceptance of more formal business-oriented grid computing, which has stronger security and use controls. Seti@home is like the entertainment-trading site Kazaa," Lindstrom says. "Both are good, but both come with security risks."