funsec mailing list archives
Re: 'I told you so...'
From: David Kennedy CISSP <dkennedy () computer org>
Date: Thu, 13 Mar 2008 01:05:19 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 04:57 AM 3/12/2008 GMT, Paul Ferguson wrote:
"A Heart Device Is Found Vulnerable to Hacker Attacks" http://www.nytimes.com/2008/03/12/business/12heart-web.html
The risks to patients now are very low, but I worry that they could increase in the future, said Tadayoshi Kohno, a lead researcher on the project at the University of Washington, who has studied vulnerability to hacking of networked computers and voting machines. <<<< Give the man a tinfoil hat. Good for asteroids too. Odds at the moment seem comparable. Please excuse me a moment while I go get a Powerball ticket. At least I know Powerball will definitely payoff for somebody, some day.
The experiment required more than $30,000 worth of lab equipment and a sustained effort by a team of specialists from the University of Washington and the University of Massachusetts to interpret the data gathered from the implants signals. And the device the researchers tested, a combination defibrillator and pacemaker called the Maximo, was placed within two inches of the test gear. <<<< <Bill_the_Cat> pfffftttt.... </Bill_the_Cat>
Another participant in the project, Dr. William H. Maisel, a cardiologist who is director of the Medical Device Safety Institute at the Beth Israel Deaconess Medical Center in Boston, said that the results had been shared last month with the F.D.A., but not with Medtronic. <<<< Twits
We feel this is an industry-wide issue best handled by the F.D.A., Dr. Maisel said. <<<< Well why not?
Boston Scientific, whose Guidant division ranks second behind Medtronic, said its implants incorporate encryption and security technologies designed to mitigate these risks. <<<< Wayduminut! We have a bunch of doctors, from Boston, bitching about a product made by the #1 manufacturer, and the #2 manufacturer is "Boston Scientific" Who paid for this research? "industry-wide issue" but Boston Scientific's gear doesn't behave this way? Aaaagggghhhhh! Would someone please explain the difference between a vulnerability, a threat, a risk and a conflict of interest to the good doctors. OB something useful, here's Beth Isreal's press release: http://www.bidmc.harvard.edu/?node_id=1000&mainFrameSrc=/tools/n ewsnow/pr_out.asp?pr_id=1794 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) - GPGshell v3.61 Comment: Hacker=Cybercriminal The definition changed get over it Comment: Protect what you connect|Look both ways B4 Xing the Net iQCVAwUBR9i1qPGfiIQsciJtAQI9IAQAm6RN06aVa8w9kH3t6spMYAF/007gv8pV vKTMVPQQeUG80aGQ92rjMSugLvKV/0bhnVWtEHTOp8kWi6VhiTDpoVU6bve6p6Ec qc6y/6rs2T6ywvfUzDJam81StGK7uRSQ0gKbuRnT5icQBuUb3r9uwEK9rJnV8i72 qFjXV+DYuXQ= =XEEM -----END PGP SIGNATURE----- -- Regards, /"\ David Kennedy CISSP \ / ASCII Ribbon Campaign Protect what you connect; X Against HTML Mail Look both ways before crossing the Net. / \
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- 'I told you so...' Paul Ferguson (Mar 11)
- Re: 'I told you so...' Gadi Evron (Mar 12)
- Re: 'I told you so...' Gadi Evron (Mar 12)
- Re: 'I told you so...' Gadi Evron (Mar 12)
- Re: 'I told you so...' William Lefkovics (Mar 12)
- Re: 'I told you so...' Gadi Evron (Mar 12)
- Re: 'I told you so...' Gadi Evron (Mar 12)
- Re: 'I told you so...' Gadi Evron (Mar 12)
- Re: 'I told you so...' Valdis . Kletnieks (Mar 14)
- <Possible follow-ups>
- Re: 'I told you so...' Paul Ferguson (Mar 12)
- Re: 'I told you so...' Robert Slade (Mar 15)