Hacking The Large Hadron Collider.
Is anyone yet convinced why I don't trust that Large Hadron Collider? should we be concerned? I think that's a healthy question. If DNS doesn't blow up the world as we know it, the Large Hadron Collider will. You might heard about some Greek hackers who defaced a CERN sub domain, if not, there you go: you know now. That was kind of interesting because CERN said that the hacker was 1 step away from entering the CPU of the hadron detectors and could shut it off if he knew how.
Read that again please:
They defaced a CERN subdomain that was 1 CPU away from one of the detectors and could shut the LHC off.
“Hacking is a bad thing,” said Lee Smolin, a professor at the Perimeter Institute for Theoretical Physics who is not involved with the Collider.[1] Maybe it’s a good idea to collide two braincells before hallucinating on the idea that smashing two proton beams into each other is of no concern and only produces pretty fractal visuals, because it turns out the net is everywhere. Being responsible involves letting the public know the potential risks, and that is exactly what the Greek hackers did.
So how hard is it really? hacking the LHC for destruction and fun? CERN probably has a wide range of computers running. So it's easy to even imagine a single flaw some place. A six billion dollar failure in completion is, of course, too tempting for most scientist to screw around with, let alone for hackers. Here is what Google found for me in under 2 minutes. I am certain you will find the rest.
http://hcc.web.cern.ch/hcc/safety_subsec.php?safetysub=A45' OR 1=1--
That doesn’t do much, it’s only a blind SQL injection indicator, or Web 1.0 page navigation, depending on where you stand. So, some advise to the CERN people: Hire someone to secure your systems, it’s free advise. And to make sure I have only good intentions: CERN drop me a line and I’ll pentest your systems for free.
I hope you all sleep well tonight. And please be gentle with that Higgs-Boson when you find it eh?
[1] http://blog.wired.com/wiredscience/2008/09/hackers-infiltr.html
source: OWASP News