Are developers aware of this published from Secunia vulnerability of BOINC 6.4.5?
BOINC "RSA_public_decrypt()" Spoofing Vulnerability

Are developers aware of this published from Secunia vulnerability of BOINC 6.4.5?
BOINC "RSA_public_decrypt()" Spoofing Vulnerability

The Secunia advisory references BOINC's own trac [trac]#823[/trac], where a fix has already been added to the code. (12 January 2009)

So the developers are aware of the problem: full marks for that one.

But the "recommended" download is dated 9 December 2008 (and I have re-downloaded it tonight - the executables are also datestamped 9 December 2008): no sign of a recall and re-issue. Not so good.

Are developers aware of this published from Secunia vulnerability of BOINC 6.4.5?
BOINC "RSA_public_decrypt()" Spoofing Vulnerability

The Secunia advisory references BOINC's own trac [trac]#823[/trac], where a fix has already been added to the code. (12 January 2009)

So the developers are aware of the problem: full marks for that one.

But the "recommended" download is dated 9 December 2008 (and I have re-downloaded it tonight - the executables are also datestamped 9 December 2008): no sign of a recall and re-issue. Not so good.

I have not been able to login on seti or seti beta for the last hour. I wonder if the account is locked out while they are fixing it? I can log in on other projects.

Back up now. They must have been working on something. The main login page was displaying some debug info in the top left corner (i am guessing) as shown here:




When I attempted to log in with the seti private key, the key was displayed in the top left instead of that email in the picture.