LHC portal

but I didn't know where to put it, so please move it to the correct place

If you look after the Large Hadron Collider you should read this...
Link: https://grahamcluley.com/2015/09/large- ... erability/

should we alert CERN about this?

also I'm curious what would this do to the LHC?

TL;DR the TL;DR - It's a non-story.

TL;DR - Security 'investigator' uncovers obscure security issue applicable to an unlikely scenario, manufacturer has already corrected the issue, CERN are very likely to have applied the update.


I would imagine CERN already know and have already patched. Also they don't go into any detail about what the 'critical systems' involved are.

Also they are rather overplaying some of the supposed vulnerabilities e.g. "One of the vulnerabilities, as described in ICS-CERT's advisory explains that a hacker might only need a hash of the system's password - rather than the password itself - to gain access to privileged systems."

Well OK, that means that it is technically less secure than it might be but getting hold of a hash of the password is only marginally easier than getting hold of the password itself.

And "If attackers obtain password hashes for SIMATIC WinCC users, they could possibly use the hashes to authenticate themselves"

"if" . . "could possibly", it's all sounding pretty improbable. They're basically saying that if you manage to get hold of the password database you could crack the system . . possibly. No shit Sherlock !

Also the allusion to the fact that protecting the LHC is in any way related to protecting your home PC is just scaremongering. CERN employ people to do computer security as their full time job, they'll be on top of this.

Also the attack target is unlikely. While it would potentially be spectacular to hack such a system it is unlikely to be of any financial gain and that is what the hackers are after these days. They much prefer low-level stuff directed at 'soft' targets. You can bet your bottom dollar that CERN are not a soft target. They know there could be people out there that want to get into their systems and they take the matter seriously.

DCWhitworth wrote:TL;DR the TL;DR - It's a non-story.

TL;DR - Security 'investigator' uncovers obscure security issue applicable to an unlikely scenario, manufacturer has already corrected the issue, CERN are very likely to have applied the update.


I would imagine CERN already know and have already patched. Also they don't go into any detail about what the 'critical systems' involved are.

Also they are rather overplaying some of the supposed vulnerabilities e.g. "One of the vulnerabilities, as described in ICS-CERT's advisory explains that a hacker might only need a hash of the system's password - rather than the password itself - to gain access to privileged systems."

Well OK, that means that it is technically less secure than it might be but getting hold of a hash of the password is only marginally easier than getting hold of the password itself.

And "If attackers obtain password hashes for SIMATIC WinCC users, they could possibly use the hashes to authenticate themselves"

"if" . . "could possibly", it's all sounding pretty improbable. They're basically saying that if you manage to get hold of the password database you could crack the system . . possibly. No shit Sherlock !

Also the allusion to the fact that protecting the LHC is in any way related to protecting your home PC is just scaremongering. CERN employ people to do computer security as their full time job, they'll be on top of this.

Also the attack target is unlikely. While it would potentially be spectacular to hack such a system it is unlikely to be of any financial gain and that is what the hackers are after these days. They much prefer low-level stuff directed at 'soft' targets. You can bet your bottom dollar that CERN are not a soft target. They know there could be people out there that want to get into their systems and they take the matter seriously.

TL;DR

... and again TL;DR I guess that's also what (potential) hackers must think when they are within the system and see the massive stream of data that the LHC produces ... adding here a quote from the CERN website:

"Collisions in the Large Hadron Collider (LHC) generated about 75 petabytes of this data in the past three years. One hundred petabytes (which is equal to 100 million gigabytes) is a very large number indeed – roughly equivalent 700 years of full HD-quality movies."