Metacurity

Share this post

Ethical Hackers Find Many Unsecured Entry Points at U.S. Particle Physics and Accelerator Lab

metacurity.substack.com

Ethical Hackers Find Many Unsecured Entry Points at U.S. Particle Physics and Accelerator Lab

Intrusion Truth surfaces to offer details on two indicted Chinese men, Google will require two-factor authentication, One of Europe's top insurers won't insure against ransomware attacks, more

Cynthia Brumfield
May 7, 2021
∙ Paid
1
Share
Share this post

Ethical Hackers Find Many Unsecured Entry Points at U.S. Particle Physics and Accelerator Lab

metacurity.substack.com

Please show your support for Metacurity by signing up for a paid subscription today. You’ll gain access to our archives and upcoming special content.

Security researchers Robert Willis, John Jackson, and Jackson Henry of the Sakura Samurai ethical hacking group shared details on how multiple unsecured entry points allowed them to access data belonging to Fermilab, a national particle physics and accelerator lab supported by the Department of Energy.

Among the exposed projects was Fermilab’s experiments called “NoVa,” which concerns studying the purpose of neutrinos in the evolution of the cosmos. The researchers also found over 4,500 tickets used for tracking Fermilab’s internal projects. Many of these contained sensitive attachments and private communications. Yet another exposed server ran a web application that listed the full names of users registered under different workgroups, along with their email addresses, user IDs, and other department-specific information. (Ax Sharma / …

Keep reading with a 7-day free trial

Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
Previous
Next
© 2023 DCT Associates
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing