this does have something to do with the LHC

Anything unrelated to the LHC
Post Reply
draph91
Posts: 179
Joined: Tue May 08, 2012 5:31 pm
Location: Manchester, UK

this does have something to do with the LHC

Post by draph91 » Thu Sep 03, 2015 10:18 am

but I didn't know where to put it, so please move it to the correct place

If you look after the Large Hadron Collider you should read this...
Link: https://grahamcluley.com/2015/09/large- ... erability/

should we alert CERN about this?

also I'm curious what would this do to the LHC?

:think:
A person is smart. People are dumb, panicky, dangerous animals, and you know it - Agent K

You hear one doomsday prediction, you hear them all

User avatar
DCWhitworth
LHCPortal Guru
Posts: 599
Joined: Mon Nov 30, 2009 8:13 am
Location: Norwich, UK

Re: this does have something to do with the LHC

Post by DCWhitworth » Sat Sep 05, 2015 8:55 am

TL;DR the TL;DR - It's a non-story.

TL;DR - Security 'investigator' uncovers obscure security issue applicable to an unlikely scenario, manufacturer has already corrected the issue, CERN are very likely to have applied the update.


I would imagine CERN already know and have already patched. Also they don't go into any detail about what the 'critical systems' involved are.

Also they are rather overplaying some of the supposed vulnerabilities e.g. "One of the vulnerabilities, as described in ICS-CERT's advisory explains that a hacker might only need a hash of the system's password - rather than the password itself - to gain access to privileged systems."

Well OK, that means that it is technically less secure than it might be but getting hold of a hash of the password is only marginally easier than getting hold of the password itself.

And "If attackers obtain password hashes for SIMATIC WinCC users, they could possibly use the hashes to authenticate themselves"

"if" . . "could possibly", it's all sounding pretty improbable. They're basically saying that if you manage to get hold of the password database you could crack the system . . possibly. No shit Sherlock !

Also the allusion to the fact that protecting the LHC is in any way related to protecting your home PC is just scaremongering. CERN employ people to do computer security as their full time job, they'll be on top of this.

Also the attack target is unlikely. While it would potentially be spectacular to hack such a system it is unlikely to be of any financial gain and that is what the hackers are after these days. They much prefer low-level stuff directed at 'soft' targets. You can bet your bottom dollar that CERN are not a soft target. They know there could be people out there that want to get into their systems and they take the matter seriously.
DC

The LHC - One ring to rule them all !

User avatar
chelle
Posts: 757
Joined: Thu Nov 19, 2009 11:32 am
Location: O - FL - B - EU - W

Re: this does have something to do with the LHC

Post by chelle » Wed Sep 09, 2015 11:16 am

DCWhitworth wrote:TL;DR the TL;DR - It's a non-story.

TL;DR - Security 'investigator' uncovers obscure security issue applicable to an unlikely scenario, manufacturer has already corrected the issue, CERN are very likely to have applied the update.


I would imagine CERN already know and have already patched. Also they don't go into any detail about what the 'critical systems' involved are.

Also they are rather overplaying some of the supposed vulnerabilities e.g. "One of the vulnerabilities, as described in ICS-CERT's advisory explains that a hacker might only need a hash of the system's password - rather than the password itself - to gain access to privileged systems."

Well OK, that means that it is technically less secure than it might be but getting hold of a hash of the password is only marginally easier than getting hold of the password itself.

And "If attackers obtain password hashes for SIMATIC WinCC users, they could possibly use the hashes to authenticate themselves"

"if" . . "could possibly", it's all sounding pretty improbable. They're basically saying that if you manage to get hold of the password database you could crack the system . . possibly. No shit Sherlock !

Also the allusion to the fact that protecting the LHC is in any way related to protecting your home PC is just scaremongering. CERN employ people to do computer security as their full time job, they'll be on top of this.

Also the attack target is unlikely. While it would potentially be spectacular to hack such a system it is unlikely to be of any financial gain and that is what the hackers are after these days. They much prefer low-level stuff directed at 'soft' targets. You can bet your bottom dollar that CERN are not a soft target. They know there could be people out there that want to get into their systems and they take the matter seriously.
TL;DR :mrgreen:

... and again TL;DR I guess that's also what (potential) hackers must think when they are within the system and see the massive stream of data that the LHC produces ... adding here a quote from the CERN website:

"Collisions in the Large Hadron Collider (LHC) generated about 75 petabytes of this data in the past three years. One hundred petabytes (which is equal to 100 million gigabytes) is a very large number indeed – roughly equivalent 700 years of full HD-quality movies."
Dance, even if you have nowhere to do it but your own living room.
Wear Sunscreen by Baz Luhrmann - Mary Schmich

Post Reply