Re: 'I told you so...'

[David Kennedy CISSP <dkennedy () computer org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 04:57 AM 3/12/2008 GMT, Paul Ferguson wrote:
> "A Heart Device Is Found Vulnerable to Hacker Attacks"
> http://www.nytimes.com/2008/03/12/business/12heart-web.html

> > > >
“The risks to patients now are very low, but I worry that they
could increase in the future,” said Tadayoshi Kohno, a lead
researcher on the project at the University of Washington, who
has studied vulnerability to hacking of networked computers and
voting machines. 
<<<<

Give the man a tinfoil hat.  Good for asteroids too.  Odds at
the moment seem comparable.  Please excuse me a moment while I
go get a Powerball ticket.  At least I know Powerball will
definitely payoff for somebody, some day.

> > > >
The experiment required more than $30,000 worth of lab equipment
and a sustained effort by a team of specialists from the
University of Washington and the University of Massachusetts to
interpret the data gathered from the implant’s signals. And the
device the researchers tested, a combination defibrillator and
pacemaker called the Maximo, was placed within two inches of the
test gear.

<<<<

<Bill_the_Cat>
pfffftttt....
</Bill_the_Cat>

> > > >
Another participant in the project, Dr. William H. Maisel, a
cardiologist who is director of the Medical Device Safety
Institute at the Beth Israel Deaconess Medical Center in Boston,
said that the results had been shared last month with the
F.D.A., but not with Medtronic. 
<<<<

Twits

> > > >
“We feel this is an industry-wide issue best handled by the
F.D.A.,” Dr. Maisel said.
<<<<

Well why not?

> > > >
Boston Scientific, whose Guidant division ranks second behind
Medtronic, said its implants “incorporate encryption and
security technologies designed to mitigate these risks.”
<<<<

Wayduminut!   We have a bunch of doctors, from Boston,  bitching
about a product made by the #1 manufacturer, and the #2
manufacturer is "Boston Scientific"  Who paid for this research?
 "industry-wide issue" but Boston Scientific's gear doesn't
behave this way?  Aaaagggghhhhh!  


Would someone please explain the difference between a
vulnerability, a threat, a risk and a conflict of interest to
the good doctors.

OB something useful, here's Beth Isreal's press release:
http://www.bidmc.harvard.edu/?node_id=1000&mainFrameSrc=/tools/n
ewsnow/pr_out.asp?pr_id=1794



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - GPGshell v3.61
Comment: Hacker=Cybercriminal The definition changed get over it
Comment: Protect what you connect|Look both ways B4 Xing the Net

iQCVAwUBR9i1qPGfiIQsciJtAQI9IAQAm6RN06aVa8w9kH3t6spMYAF/007gv8pV
vKTMVPQQeUG80aGQ92rjMSugLvKV/0bhnVWtEHTOp8kWi6VhiTDpoVU6bve6p6Ec
qc6y/6rs2T6ywvfUzDJam81StGK7uRSQ0gKbuRnT5icQBuUb3r9uwEK9rJnV8i72
qFjXV+DYuXQ=
=XEEM
-----END PGP SIGNATURE-----

-- 
Regards,
                                          /"\
David Kennedy CISSP                       \ / ASCII Ribbon Campaign
Protect what you connect;                  X  Against HTML Mail
Look both ways before crossing the Net.   / \

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.