a rankup port sniffing tool could break foldit encryption (if any)

Case number:671076-2005428
Topic:Server
Opened by:Seagat2011
Status:Closed
Type:Bug
Opened on:Saturday, June 23, 2018 - 15:11
Last modified:Saturday, June 23, 2018 - 17:27

A recently noticed identical autosave solutions on my 1535 Puzzle

A malicious actor utilizing a network monitoring tool and or port sniffing tool could monitor foldit traffic for a rankup msg embedded within a downstream packet. the actor could then decode said packet (if encrypted), adding a malicious payload, to be downloaded on the end-users computer as an auto-save solution, unbeknownst to the end user. Effectively bypassing any proxy or NAT router. A so-called Man-in-the-Middle, or MIMs attack.

SOLUTION
All downstream packets should be encrypted and hand-shaked.

(Sat, 06/23/2018 - 15:11  |  3 comments)


Joined: 08/24/2010

I just realized auto-save solutions are generated on my computer, and do not come from the server, so looks like the problem is solely on my end.

Joined: 08/24/2010
Status: Open » Closed

:(

Joined: 08/24/2010

You may have to expel a few of your CS students ;)

Sitemap

Developed by: UW Center for Game Science, UW Institute for Protein Design, Northeastern University, Vanderbilt University Meiler Lab, UC Davis
Supported by: DARPA, NSF, NIH, HHMI, Amazon, Microsoft, Adobe, Boehringer Ingelheim, RosettaCommons