Let’s play hide and seek!

This week, we would like you to play a small online game called “Virtual Hide & Seek”. The rules are simple: some of our colleagues have published some sensitive or confidential documents on CERN’s central services like Indico, CDS, EDMS or TWiki, as well as on our many websites. Your mission, should you choose to accept it: find them!

 

If you provide us with documents marked “confidential”, “classified”, “sensitive”, or containing plain text operational passwords, you can win a book on computer security. There are only few conditions: these documents must be visible from outside CERN, must not require a CERN account in order to access them, and must not belong to you or have a direct link with your work. Have fun!

But seriously, are you sure that your documents are really properly protected? We regularly find confidential documents stored on one of the CERN central  services and which have accidentally been made public. Only our oath of discretion forbids us from giving details. However, you may remember the article on “CERN est une véritable passoire” from the “Le Matin” of November 2009, which will give you an idea about the negative consequences leaking documents can have.

CERN central services like CDS, INDICO, EDMS or TWIKI, as well as the web service, provide means to classify your documents and protect access to them accordingly. While these services are inherently secure, it is up to you to check that you are using their protection correctly! Thus, if you own or manage confidential documents, are these properly classified and have access protections been properly applied (e.g. using e-groups)? Can only the people who need them access them? Have you tried to find them with Google searching for “[YOUR SENSITIVE DOCUMENT TITLE HERE] site:cern.ch”?  Should you find out that one of your documents ended up publicly available by accident, do not hesitate to contact the corresponding support team directly, as they can give you help and advice.

Still, our challenge remains. Maybe someone else will find your confidential documents publicly available on a CERN site. Whoever sends link(s)/URL(s) for confidential document(s) to Computer.Security@cern.ch by 14 December 2012  can win one of three books on computer security.*

For further information, please check our web site or contact us at Computer.Security@cern.ch.


*In the event of more than three credible, correct replies, we will draw from the pool of replies.

Access the entire collection of Computer Security articles here.

by Computer Security Team