My understanding of the Large Hadron Collider could be written in longhand on the back of a postage stamp and there would still be a sizable space for you to lick it without getting your tongue covered in ink.
However, I’m pretty certain that it doesn’t operate over the internet.
There’s a black hole of non-connectedness between the LHC and a website that reports on it. Although you might not immediately assume this to be the case, if you are a journalist. Someone has hacked a Cern discussion website. This was presented almost as if it was a near miss hack of the LHC.
Hackers claim there’s a black hole in the atom smashers’ computer network
Hackers have broken into one of the computer networks of the Large Hadron Collider (LHC). …..
The work of the scientists was not derailed and insiders scoffed at claims that the hackers were “one step away” from the systems controlling the experiment itself.
Of course, it is always possible that CERN are running a public webserver off the same computer that it uses to control the LHC. Just almost off the scale of “unlikely”…..
It truly would be “one giant step for mankind” if you could make elementary particles collide by writing really elegant php code.
We at WhyDontYou would never consider suggesting people had insecure computers when it comes to dealing with their work, or personal data, but there comes a point at which madness takes over.
For example, today I was give access to an IT system by my employer. Being very zealous at the thought of evil people from the internet getting access, they have instituted quite strong policies when it comes to people being able to access data. Amazingly, some IT guru has convinced them of the need for all users to have very strong passwords. This has translated into a policy which requires all passwords to be 14 characters long, have a mix of upper/lower case letters and numbers, not include your user name or common words (whatever that means) and not be the same (or a variation of) any of the last 36 passwords. Passwords must also be changed every 30 days.
At first I thought it was just me, but upon asking around my workplace there is no one who claims to be able to remember their random string of gibberish password. Almost every one eventually admits to writing the password down and either carrying it with them or leaving it by the terminal.
Now, it strikes me that this pretty much undermines the point of having the password in the first place… In the quest for Fort Knox style security, my employer (or at least the BOFH IT team) have largely undermined everything. Isn’t technology great?
[tags]Computers, Technology, Security, IT, Hacking, Corporate Culture, Culture, Logic[/tags]
This is from the WordPress development blog and worth noting if you run WordPress as your blog software:
Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.
Longer explanation: This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.
It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.
This is the kind of thing you pray never happens, but it did and now weâ€™re dealing with it as best we can. Although not all downloads of 2.1.1 were affected, weâ€™re declaring the entire version dangerous and have released a new version 2.1.2 that includes minor updates and entirely verified files. We are also taking lots of measures to ensure something like this canâ€™t happen again, not the least of which is minutely external verification of the download package so weâ€™ll know immediately if something goes wrong for any reason.
Finally, we reset passwords for a number of users with SVN and other access, so you may need to reset your password on the forums before you can login again.