about_them_facts on Nostr: There are two distinct scenarios worth exploring. One is that somebody makes a fake ...
There are two distinct scenarios worth exploring. One is that somebody makes a fake BOINC project, this is only relevant if the user signs up for the fake boinc project, users must pick their own projects with discretion. The other is that an BOINC project may be hacked and forced to deliver malware to devices attached to it. This has never happened in BOINC 20+ year history, likely because all BOINC workunits are signed by projects and projects are instructed to keep signing keys offline. Possible, but exceedingly rare. BOINC also includes some built-in sandboxing but the degree of sandboxing depends on the way it's installed and which OS it's on. Android, of course, comes with some sandboxing of its own as well.
Published at
2024-12-21 01:30:54Event JSON
{
"id": "2bc2c4d05654bc074fa75ef7207b5a4d6152ae49cfb157d5fe9265f535aab8ad",
"pubkey": "c7e72f4b7bd933798d324b473dc67a4165448eec7dd10fa6ac7d689ad6890cd5",
"created_at": 1734744654,
"kind": 1,
"tags": [
[
"e",
"a9b7396dc573e0cf75d3d1b80da1eb0aff8628c0d023c8cdee5421cef343a9c4",
"",
"root"
],
[
"e",
"6fc3fe7eddc2eb32d950fd2849e954624cd2151b502f7148365d5af210a05898",
"wss://nos.lol/",
"reply",
"f7168a3d9d34ac7be9cddd1edf021441cd9a0a56e0bb13a88d00384cf288c441"
],
[
"p",
"c7e72f4b7bd933798d324b473dc67a4165448eec7dd10fa6ac7d689ad6890cd5"
],
[
"p",
"010df0c948fe9ab54d2cb7ea420ffa08d57958981b6ea68e83aaa7eb2dd3f05a"
],
[
"p",
"f7168a3d9d34ac7be9cddd1edf021441cd9a0a56e0bb13a88d00384cf288c441"
],
[
"client",
"noStrudel",
"31990:266815e0c9210dfa324c6cba3573b14bee49da4209a9456f9484e5106cd408a5:1686066542546"
]
],
"content": "There are two distinct scenarios worth exploring. One is that somebody makes a fake BOINC project, this is only relevant if the user signs up for the fake boinc project, users must pick their own projects with discretion. The other is that an BOINC project may be hacked and forced to deliver malware to devices attached to it. This has never happened in BOINC 20+ year history, likely because all BOINC workunits are signed by projects and projects are instructed to keep signing keys offline. Possible, but exceedingly rare. BOINC also includes some built-in sandboxing but the degree of sandboxing depends on the way it's installed and which OS it's on. Android, of course, comes with some sandboxing of its own as well.",
"sig": "dca2b0a4cc6920292b3a42fcd264b99cf0ef20f56db43d807061f6b1cc46d51b8cfa9e8e85082dcad14fa1e65128ecf5a1060bb82a67a058e0cc1b607159478b"
}
