-
1: Tim_Axe, great flash you found! i sent that off to a few people to get them enticed. thanks.
2: 199! there are a few teams out there and considering the slowdown, i think thats a great job.
3: i've been gone for a while.... and temporarily have no internet to my box. :( so i cannot fold at the moment. i hope to be up and running soon.
4: congrats to bluebeard for the 10,000 point certificate! congrats to all who have kept up and recieved certificates.
well done and thanks to those who have kept in it. i hope more will help out, if not for the team but for ethical reasons....
-
I was recently asked about the security risks that may be posed by using Folding@home. I read about the digital signing and restricted download servers, but I could not find any information on how the program transfers data. Such as what protocol does the program use? I also could not find any information on known vulnerabilities with the software. Does anyone know of any? Offhand I would think of an attacker finding a way to phish users or spoof the download server and then attempt to exploit a buffer overflow using the processes or services that Folding@home uses to transfer data. Any comments community?
-
Folding-community.org ( http://forum.folding-community.org/homepage.php ) forums would be a good place to start figuring this information out. I did some quick searches, and the moderators appear to be very willing to help people understand how F@H works.
Basically, F@H gets data from stanford servers like a web browser, using ports 80 and 8080. I would assume that HTTP is used. It only connects when it completes a work packet/protien/etc and uploads the results of the simulation to the servers and gets a new work packet. The F@H client does not open any ports on your computer to listen, it only connects to stanford's servers for workpacket stuff.
I don't know of any vulnerabilities in F@H. From what I understand of it, it uploads simulation results to stanford. It then downloads a new simulation. The stanford servers pick the best simulation for the speed of the computer (the F@H client reports benchmark/CPU speeds) so the work packet finishes simulations in time. The work packet is basically a text file, with a LOT of numbers that have to do with positions and temperatures of different atoms that make up protiens. It then probably verifies the files, and if something is wrong, it would probably stop. You can ask the above posted community about it, along with searching for posts related to "Security" on their forums.
Interesting Note: AntiOnline is in position 404. It correctly describes what happened to the webpage we had, and participation.
Another Note: I don't fold much anymore. My power-hungry computer is now being turned off...
