ET Could Hack SETI.
November 24, 2003 9:43 AM Subscribe
ET Could Hack SETI. SETI, which uses down time on the computers of thousands of volunteers to search for intelligent signals from space, has a potential problem—besides information, a broadcast to us from an alien intelligence could also carry a computer virus. Leonard David writes in the main link's space.com article that physicist Richard Carrigan (who works here) takes it seriously. He thinks SETI should figure out how to decontaminate any signals it receives.
I think this is a big potential problem. After all, it was incredibly easy for us to destroy that big alien mother ship using a virus written on a Mac, right?
posted by Johnny Assay at 10:00 AM on November 24, 2003
posted by Johnny Assay at 10:00 AM on November 24, 2003
I think it would be a modification of the one Jeff Goldblum wrote, which is ok since it'll only affect Macs.
posted by Stan Chin at 10:01 AM on November 24, 2003
posted by Stan Chin at 10:01 AM on November 24, 2003
And just think! If they hacked SETI, they would have access to everyone's email accounts from SETI@Home, then the dastardly denizens of deep space could spam us unmercilessly with unsolicited e-mail hawking Quisnicho Qream, tentacle lengtheners, and the best snark on snark action you've ever SEEN!
And we'd be powerless to stop them! Horrors!
posted by tittergrrl at 10:02 AM on November 24, 2003
And we'd be powerless to stop them! Horrors!
posted by tittergrrl at 10:02 AM on November 24, 2003
yeah, *ahem*... i'm sure *that's* what we should be worried about... yeah...
posted by muppetboy at 10:04 AM on November 24, 2003
posted by muppetboy at 10:04 AM on November 24, 2003
Then this explains the strange email I got recently, written in rather urgent but poor english, by an alien bank clerk by the name of Moggnab. He offered me a 50% cut in a business deal -- all I've got to do is give him my bank information, and he'll give me half the money in an account that belonged to the deposed dictator of Rykar 7. I knew it sounded too good to be true!
posted by contessa at 10:16 AM on November 24, 2003
posted by contessa at 10:16 AM on November 24, 2003
Since it's impossible to know their level of technology, it's impossible to create anti-virus software for whatever they came up with. Otherwise, one would be able to create an unhackable program, which has proven to be impossible. We can't protect ourselves completely from hackers here on Earth. It's stupid to pretend we could do anything about potential damage from outside the solar system.
It's fun to argue about though, innit?
Let's face it, the odds of us being able to even determine that someone's sending us a message which doesn't sound to us like so much background noise is slim at best. I mean until we're able to place a manmade, broadcasting and receiving satelite out past The Oort Cloud this entire issue is moot anyway. Chances are, we can't hear or be heard because there's simply way too much debris in the way. What we presently pick up as static could be in some small part brief portions of being-made signals outside our solar system which are altered and distorted by all the debris and celestial bodies between our planet and the rest of the universe. Y'know how when you go under a highway bridge, most AM stations and some FM stations fizzle in and out? Imagine a large, finite but unspecified number of bridges floating randomly between you and Alpha Centauri. IF there's a rock station on Alpha Centauri, it'd sound like Carol Anne's favorite TV channel. "They're here!" Whether they're out there or not, we'll never know for certain, no matter how big we make the antenna here on Earth. We're simply in the worst place in the galaxy for a decent reception. We need like.. rabbit ears or somethin'.
posted by ZachsMind at 10:17 AM on November 24, 2003
It's fun to argue about though, innit?
Let's face it, the odds of us being able to even determine that someone's sending us a message which doesn't sound to us like so much background noise is slim at best. I mean until we're able to place a manmade, broadcasting and receiving satelite out past The Oort Cloud this entire issue is moot anyway. Chances are, we can't hear or be heard because there's simply way too much debris in the way. What we presently pick up as static could be in some small part brief portions of being-made signals outside our solar system which are altered and distorted by all the debris and celestial bodies between our planet and the rest of the universe. Y'know how when you go under a highway bridge, most AM stations and some FM stations fizzle in and out? Imagine a large, finite but unspecified number of bridges floating randomly between you and Alpha Centauri. IF there's a rock station on Alpha Centauri, it'd sound like Carol Anne's favorite TV channel. "They're here!" Whether they're out there or not, we'll never know for certain, no matter how big we make the antenna here on Earth. We're simply in the worst place in the galaxy for a decent reception. We need like.. rabbit ears or somethin'.
posted by ZachsMind at 10:17 AM on November 24, 2003
Windows security holes are apparently well-known throughout the galaxy.
posted by chuq at 10:24 AM on November 24, 2003
posted by chuq at 10:24 AM on November 24, 2003
Columnist is way too bored, has too much time on hands, ridiculous and laughable article at 11.
posted by xmutex at 10:26 AM on November 24, 2003
posted by xmutex at 10:26 AM on November 24, 2003
Yeah, you know, I can't believe we're wasting all this money on a missile defense system, when all we really need is a good firewall...
posted by mkultra at 10:28 AM on November 24, 2003
posted by mkultra at 10:28 AM on November 24, 2003
Any sufficiently advanced technology is indistinguishable fr0m t3h l337 h4xx0r. 34rth i5 0000wn0r3d.
posted by condour75 at 10:30 AM on November 24, 2003
posted by condour75 at 10:30 AM on November 24, 2003
Otherwise, one would be able to create an unhackable program, which has proven to be impossible.
it's already possible to write code that's guaranteed not to execute instructions hidden in the data - all you need is a strong type system that separates the two (and sufficient checking to avoid forbidden errors). just because the world insists on using c and its bastard offspring doesn't mean that better things don't exist.
there's a really good paper on type systems here, but it's not the kind of thing most mefites would enjoy, i suspect.
posted by andrew cooke at 10:52 AM on November 24, 2003
it's already possible to write code that's guaranteed not to execute instructions hidden in the data - all you need is a strong type system that separates the two (and sufficient checking to avoid forbidden errors). just because the world insists on using c and its bastard offspring doesn't mean that better things don't exist.
there's a really good paper on type systems here, but it's not the kind of thing most mefites would enjoy, i suspect.
posted by andrew cooke at 10:52 AM on November 24, 2003
Metafilter: the best snark on snark action you've ever SEEN!
posted by Johnny Assay at 11:17 AM on November 24, 2003
posted by Johnny Assay at 11:17 AM on November 24, 2003
i'm no expert, but the last two points don't seem to hold water:
(3) the whole point is that they'd be non-random sequences (isn't it?) (and impossible != improbable). maybe the argument is that the observation process is sufficiently unpredictable that it is very difficult to introduce meaningful structure in the data being processed (but then how do they hope to detect a signal?).
(4) implies that it's trivial to protect from buffer overflows - that's clearly not the case, or we wouldn't have buffer overflow attacks. openbsd (generally considered one of the most secure os around) announced in april that they had implemented measures like those above, but i thought that was the exception, not the rule: http://news.com.com/2100-1002-996584.html
but then i'd have thought that any alien that was able to exploit this could probably spend his time more productively. maybe the threat comes from bored teenage aliens with nothing better to do? like kids burning ants with magnifying glasses...
posted by andrew cooke at 12:28 PM on November 24, 2003
(3) the whole point is that they'd be non-random sequences (isn't it?) (and impossible != improbable). maybe the argument is that the observation process is sufficiently unpredictable that it is very difficult to introduce meaningful structure in the data being processed (but then how do they hope to detect a signal?).
(4) implies that it's trivial to protect from buffer overflows - that's clearly not the case, or we wouldn't have buffer overflow attacks. openbsd (generally considered one of the most secure os around) announced in april that they had implemented measures like those above, but i thought that was the exception, not the rule: http://news.com.com/2100-1002-996584.html
but then i'd have thought that any alien that was able to exploit this could probably spend his time more productively. maybe the threat comes from bored teenage aliens with nothing better to do? like kids burning ants with magnifying glasses...
posted by andrew cooke at 12:28 PM on November 24, 2003
(3) the whole point is that they'd be non-random sequences (isn't it?)
So the aliens know the RISC instruction set? How? If they don't know the instruction set, their only chance for "hacking" SETI is to send random sequences of bits.
impossible != improbable
I think he's talking age-of-the-universe improbable.
(4) implies that it's trivial to protect from buffer overflows - that's clearly not the case, or we wouldn't have buffer overflow attacks.
I'm no expert on this, but aren't buffer overflows a non-issue when they're applied to non-privileged applications? I mean, you can still crash the application, but you won't be able to get any access. Buffer overflow attacks are a problem on the internet because they're applied to communications daemons running with some sort of administrative privilege, and the attacker can use this privilege to execute arbitrary commands on the system. I could be wrong about this, though.
To me, this idea (aliens "hacking" SETI) is profoundly absurd. It's like arguing that the rat cells I imaged on my microscope this morning might conspire in some way to form a set of bits in the image such that when I process it this afternoon it will cause a buffer overflow in my imaging program that will give the rat cells access to my system in the next image I load. I suppose there is some non-zero probability of this happening, but I'm not sweating it.
Another analogy: it would be like a Metafilter user gaining access another user's computer by posting a comment with the properly formatted sequence of bits. I would guess that no such sequence exists, though the right javascript could probably crash most browsers.
posted by mr_roboto at 12:52 PM on November 24, 2003
So the aliens know the RISC instruction set? How? If they don't know the instruction set, their only chance for "hacking" SETI is to send random sequences of bits.
impossible != improbable
I think he's talking age-of-the-universe improbable.
(4) implies that it's trivial to protect from buffer overflows - that's clearly not the case, or we wouldn't have buffer overflow attacks.
I'm no expert on this, but aren't buffer overflows a non-issue when they're applied to non-privileged applications? I mean, you can still crash the application, but you won't be able to get any access. Buffer overflow attacks are a problem on the internet because they're applied to communications daemons running with some sort of administrative privilege, and the attacker can use this privilege to execute arbitrary commands on the system. I could be wrong about this, though.
To me, this idea (aliens "hacking" SETI) is profoundly absurd. It's like arguing that the rat cells I imaged on my microscope this morning might conspire in some way to form a set of bits in the image such that when I process it this afternoon it will cause a buffer overflow in my imaging program that will give the rat cells access to my system in the next image I load. I suppose there is some non-zero probability of this happening, but I'm not sweating it.
Another analogy: it would be like a Metafilter user gaining access another user's computer by posting a comment with the properly formatted sequence of bits. I would guess that no such sequence exists, though the right javascript could probably crash most browsers.
posted by mr_roboto at 12:52 PM on November 24, 2003
andrew cooke: thanks for the type systems link. It's really very readable.
posted by sonofsamiam at 1:01 PM on November 24, 2003
posted by sonofsamiam at 1:01 PM on November 24, 2003
I'm coining a new term:
Planck Risk: The smallest amount of risk that can be perceived. Measured as the risk of HACKERS FROM SPACE.
--Dan
posted by effugas at 1:42 PM on November 24, 2003
Planck Risk: The smallest amount of risk that can be perceived. Measured as the risk of HACKERS FROM SPACE.
--Dan
posted by effugas at 1:42 PM on November 24, 2003
Wouldn't having a SETI@home computer get infected by an alien virus be the best thing SETI@home could hope for? Assuming that the signal could be verified as being extra-terrestrial in origin, this would be pretty good proof that you're dealing with intelligent life. I, for one, would gladly rebuild my system if only an alien virus would infect it.
Of course, the above ignores all the problems with the whole idea in the first place. How is this virus being executed again? How do the aliens know the instruction set of current processors when those processors didn't exist when we sent the signals they have (hypothetically) so far received?
posted by samw at 1:55 PM on November 24, 2003
Of course, the above ignores all the problems with the whole idea in the first place. How is this virus being executed again? How do the aliens know the instruction set of current processors when those processors didn't exist when we sent the signals they have (hypothetically) so far received?
posted by samw at 1:55 PM on November 24, 2003
Planck Risk: The smallest amount of risk that can be perceived. Measured as the risk of HACKERS FROM SPACE.
ha!
posted by jacobsee at 1:55 PM on November 24, 2003
ha!
posted by jacobsee at 1:55 PM on November 24, 2003
Man, hasn't anyone here read His Master's Voice by Stanislaw Lem? It's a whole book about an ET signal hacking Earth. Well, it's about a third about that. One of Lem's finest.
posted by Nelson at 4:21 PM on November 24, 2003
posted by Nelson at 4:21 PM on November 24, 2003
Planck Risk: The smallest amount of risk that can be perceived. Measured as the risk of HACKERS FROM SPACE.
brilliant.
posted by dejah420 at 8:28 PM on November 24, 2003
brilliant.
posted by dejah420 at 8:28 PM on November 24, 2003
We've already been haxored. Porn is an aL13n virus, designed to interfere with our reproductive capabilities. and don't forget mushrooms.
posted by pekar wood at 8:47 PM on November 24, 2003 [1 favorite]
posted by pekar wood at 8:47 PM on November 24, 2003 [1 favorite]
The way I read this, the reporter was having a hard time communicating the idea that the aliens could send us, a la Contact, a nifty set of plans for a warp drive, which is in reality a pocket black hole.
posted by dhartung at 10:21 PM on November 24, 2003
posted by dhartung at 10:21 PM on November 24, 2003
I think if the aliens could alter the background radio signals in such a way that SETI's satellites would pick it up and be able to send the virus around so that it infects a large number of computers, I'd say they could just use the ray gun instead.
posted by Space Coyote at 11:17 PM on November 24, 2003
posted by Space Coyote at 11:17 PM on November 24, 2003
Those damn malevolent aliens. Always trying to crash our computers and launch DOS attacks against windowsupdate.microsoft.com and stuff. There ought to be a law! Next thing you know, they'll be coming to destroy us with near-c rocks or death rays or something.
posted by moonbiter at 11:50 PM on November 24, 2003
posted by moonbiter at 11:50 PM on November 24, 2003
Oh my god. I can't belive someone so stupid is allowed to use a computer, much less allow his insanely stupid drivel to be posed anywhere.
The possibility of anyone including a virus in the raw signal code of a seti work-unit is absolutly imposible.
The insanity of trying to do it that way, as opposed to simply sending a cellphone signal to log onto the internet and just hack straight away.
If they are too far away to do that (just actualy hack the system) then they are too far way to write a virus that would work
Finaly, an alien virus could not do any more harm then a human made one, and there are plenty of those.
posted by delmoi at 12:35 AM on November 25, 2003
The possibility of anyone including a virus in the raw signal code of a seti work-unit is absolutly imposible.
The insanity of trying to do it that way, as opposed to simply sending a cellphone signal to log onto the internet and just hack straight away.
If they are too far away to do that (just actualy hack the system) then they are too far way to write a virus that would work
Finaly, an alien virus could not do any more harm then a human made one, and there are plenty of those.
posted by delmoi at 12:35 AM on November 25, 2003
ZachsMind:
Let's face it, the odds of us being able to even determine that someone's sending us a message which doesn't sound to us like so much background noise is slim at best. I mean until we're able to place a manmade, broadcasting and receiving satelite out past The Oort Cloud this entire issue is moot anyway.
If that were true, we wouldn't be able to pick up any natural signals, we wouldn't even be able to see any stars. Dumbass.
posted by delmoi at 12:38 AM on November 25, 2003
Let's face it, the odds of us being able to even determine that someone's sending us a message which doesn't sound to us like so much background noise is slim at best. I mean until we're able to place a manmade, broadcasting and receiving satelite out past The Oort Cloud this entire issue is moot anyway.
If that were true, we wouldn't be able to pick up any natural signals, we wouldn't even be able to see any stars. Dumbass.
posted by delmoi at 12:38 AM on November 25, 2003
andrew cooke:
it's already possible to write code that's guaranteed not to execute instructions hidden in the data - all you need is a strong type system that separates the two (and sufficient checking to avoid forbidden errors). just because the world insists on using c and its bastard offspring doesn't mean that better things don't exist.
Yes, it's absolutely idiotic that people use set-length, unchecked buffers (something that's not even possible in java), although type-safety only affects a program at compile time, and wouldn't help prevent a buffer overflow.
But there would still be security holes if this particular problem were solved. For example, outlook security holes caused by lack of sand boxed scripting, and other 'semantic' security holes (i.e. programs do what they are programmed to do, but have been programmed incorrectly, rather then doing exactly what the hacker wants by code injection)
posted by delmoi at 12:44 AM on November 25, 2003
it's already possible to write code that's guaranteed not to execute instructions hidden in the data - all you need is a strong type system that separates the two (and sufficient checking to avoid forbidden errors). just because the world insists on using c and its bastard offspring doesn't mean that better things don't exist.
Yes, it's absolutely idiotic that people use set-length, unchecked buffers (something that's not even possible in java), although type-safety only affects a program at compile time, and wouldn't help prevent a buffer overflow.
But there would still be security holes if this particular problem were solved. For example, outlook security holes caused by lack of sand boxed scripting, and other 'semantic' security holes (i.e. programs do what they are programmed to do, but have been programmed incorrectly, rather then doing exactly what the hacker wants by code injection)
posted by delmoi at 12:44 AM on November 25, 2003
(4) implies that it's trivial to protect from buffer overflows - that's clearly not the case, or we wouldn't have buffer overflow attacks.
It is trivial to protect from buffer overflows. All you have to do is use java. It's also trivial to use buffers that cannot be overflowed (bounds checked arrays or vectors), if you actualy care. People just don't care.
posted by delmoi at 12:47 AM on November 25, 2003
It is trivial to protect from buffer overflows. All you have to do is use java. It's also trivial to use buffers that cannot be overflowed (bounds checked arrays or vectors), if you actualy care. People just don't care.
posted by delmoi at 12:47 AM on November 25, 2003
(kind of late, but...)
- if aliens don't understand the instruction set of the system they're "hacking" then this danger is no different to any other that is processing large amounts of data (and the author considers this to be a problem related specifically to seti). i agree that it all seems kind of silly, i'm just arguing within what's assumed...
- "buffer overflows" aren't restricted to array use. the same thing is possible wherever you have assignment to a pointer in c (the pointer may be valid for a particular type, but if a different type is cast incorrectly and stored there, you'll corrupt memory). hence the need for a type system as well as array bounds checking. so even if java checked array bounds correctly, it might still be open to attack if it had errors in its type system (apart from the silly native types, java uses references (pointers)). more accurately, i guess, i should say that java's type system is broken and unsafe (you can get classcastexceptions), but that the implementation and dynamic checking of type related information guarantees (apparently) safety. (there may be errors in the wording above - i'm not an expert - but i hope you get the drift, if it's at all important, which i kind of doubt).
sonofsamiam - you're welcome. you might want to check out lambda (where i got the link from).
posted by andrew cooke at 8:28 AM on November 25, 2003
- if aliens don't understand the instruction set of the system they're "hacking" then this danger is no different to any other that is processing large amounts of data (and the author considers this to be a problem related specifically to seti). i agree that it all seems kind of silly, i'm just arguing within what's assumed...
- "buffer overflows" aren't restricted to array use. the same thing is possible wherever you have assignment to a pointer in c (the pointer may be valid for a particular type, but if a different type is cast incorrectly and stored there, you'll corrupt memory). hence the need for a type system as well as array bounds checking. so even if java checked array bounds correctly, it might still be open to attack if it had errors in its type system (apart from the silly native types, java uses references (pointers)). more accurately, i guess, i should say that java's type system is broken and unsafe (you can get classcastexceptions), but that the implementation and dynamic checking of type related information guarantees (apparently) safety. (there may be errors in the wording above - i'm not an expert - but i hope you get the drift, if it's at all important, which i kind of doubt).
sonofsamiam - you're welcome. you might want to check out lambda (where i got the link from).
posted by andrew cooke at 8:28 AM on November 25, 2003
« Older All I want for Christmas... | iPod's Dirty Secret Newer »
This thread has been archived and is closed to new comments
posted by jasonspaceman at 9:56 AM on November 24, 2003