Ethical Hackers Find Many Unsecured Entry Points at U.S. Particle Physics and Accelerator Lab

Intrusion Truth surfaces to offer details on two indicted Chinese men, Google will require two-factor authentication, One of Europe's top insurers won't insure against ransomware attacks, more

Please show your support for Metacurity by signing up for a paid subscription today. You’ll gain access to our archives and upcoming special content.

Security researchers Robert Willis, John Jackson, and Jackson Henry of the Sakura Samurai ethical hacking group shared details on how multiple unsecured entry points allowed them to access data belonging to Fermilab, a national particle physics and accelerator lab supported by the Department of Energy.

Among the exposed projects was Fermilab’s experiments called “NoVa,” which concerns studying the purpose of neutrinos in the evolution of the cosmos. The researchers also found over 4,500 tickets used for tracking Fermilab’s internal projects. Many of these contained sensitive attachments and private communications. Yet another exposed server ran a web application that listed the full names of users registered under different workgroups, along with their email addresses, user IDs, and other department-specific information. (Ax Sharma / …