[funsec] Paper on the law and Implantable Devices security
A new research paper from the Freedom And Law Center deals with issues that some of us keep raising these past few years, and does a good job at it - bionic hacking (or cybernetic hacking if you prefer). Killed by Code: Software Transparency in Implantable Medical Devices outlines some of the history of these devices and even shows some cases where devices have been recalled (likely due to software issues). Some of the paper's recommendations are especially interesting, such as to create a database of implantable devices code, so that if the vendor disappears it can still be patched (I rephrased). While unintentional, I am considered the father of this field (not that I'm complaining) and I can't even begin to tell you how excited I am that a field I have been evangelizing for some years now if finally getting more attention -- even if from the legal standpoint with the main concern of liability. Still, I can't help but maintain some skepticism that before some disaster happens (to us or others) this won't be taken too seriously. The paper can be found here: http://www.softwarefreedom.org/resources/2010/transparent-medical-devices.html Here's a 2007 Wired article covering the subject from a talk I gave, covering the subject from a different perspective: http://www.wired.com/threatlevel/2007/08/will-the-bionic/ Gadi. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] [Full-disclosure] Paper on the law and Implantable Devices security
...even if from the legal standpoint with the main concern of liability. Should that be lack of liability? (Its amazing what corporate America gets away with by bribing congress (err, 'PAC contributions')) On Mon, Jul 26, 2010 at 6:44 AM, Gadi Evron g...@linuxbox.org wrote: A new research paper from the Freedom And Law Center deals with issues that some of us keep raising these past few years, and does a good job at it - bionic hacking (or cybernetic hacking if you prefer). Killed by Code: Software Transparency in Implantable Medical Devices outlines some of the history of these devices and even shows some cases where devices have been recalled (likely due to software issues). Some of the paper's recommendations are especially interesting, such as to create a database of implantable devices code, so that if the vendor disappears it can still be patched (I rephrased). While unintentional, I am considered the father of this field (not that I'm complaining) and I can't even begin to tell you how excited I am that a field I have been evangelizing for some years now if finally getting more attention -- even if from the legal standpoint with the main concern of liability. Still, I can't help but maintain some skepticism that before some disaster happens (to us or others) this won't be taken too seriously. The paper can be found here: http://www.softwarefreedom.org/resources/2010/transparent-medical-devices.html Here's a 2007 Wired article covering the subject from a talk I gave, covering the subject from a different perspective: http://www.wired.com/threatlevel/2007/08/will-the-bionic/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] U.A.E. Declares BlackBerry a Security Risk
Why the BlackBerry in particular? LJS http://online.wsj.com/article/SB10001424052748704719104575389590496820952.html Reuters DUBAI—The United Arab Emirates on Sunday issued a statement saying that the BlackBerry smartphone, made by Research In Motionhttp://online.wsj.com/public/quotes/main.html?type=djnsymbol=RIMM Ltd., is open to misuse that poses security risks to the country and that it would seek to safeguard its consumers and laws. Gulf state Bahrain in April warned against the use of BlackBerry Messenger software to distribute local news, drawing criticism from media freedom watchdog Reporters Without Borders, which called it an act of censorship. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] U.A.E. Declares BlackBerry a Security Risk
On Mon, Jul 26, 2010 at 07:08:43AM -0400, Larry Seltzer wrote: Why the BlackBerry in particular? Perhaps because their entire operation is run as poorly as their email system? (It's so truly awful that it may become necessary at some point to invent new terms in order to adequately categorize some of the profoundly stupid things that they're doing.) ---Rsk ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] U.A.E. Declares BlackBerry a Security Risk
Seems odd that the UAE would be telling people that Blackberries are a problem. See the story from last July. http://www.spywared.com/news/fake-blackberry-update-injects-interceptor-spyware-483.html Larry Seltzer made the following keystrokes: Why the BlackBerry in particular? LJS http://online.wsj.com/article/SB10001424052748704719104575389590496820952.html ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] [Full-disclosure] Paper on the law and Implantable Devices security
Hi Gadi, On Mon, Jul 26, 2010 at 6:44 AM, Gadi Evron g...@linuxbox.org wrote: A new research paper from the Freedom And Law Center deals with issues Killed by Code: Software Transparency in Implantable Medical Devices One of the more useful aspects I found in that paper are the references to FDA databases. There's a great deal of information in the List of Recalls one the paper mentioned [1]. However, it's worth checking out the listing of several other FDA databases relating to medical devices are also useful, even if defunct/retired/no longer updated (go figure...) [2]. Fwiw, I'm starting to work on a research guide of sorts for medical device security, and if folks are interested, they might check out the LinkedIn MedSec group as that's where I'll likely start offering a draft for peer review RSN [3]. Cheers, --scm [1] http://www.fda.gov/MedicalDevices/Safety/RecallsCorrectionsRemovals/ListofRecalls/default.htm [2] http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/Databases/default.htm [3] http://www.linkedin.com/groups?mostPopular=gid=2206357 (requires signing in) ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] U.A.E. Declares BlackBerry a Security Risk
On Mon, 26 Jul 2010 09:44:23 EDT, Rich Kulawiec said: On Mon, Jul 26, 2010 at 07:08:43AM -0400, Larry Seltzer wrote: Why the BlackBerry in particular? Perhaps because their entire operation is run as poorly as their email system? (It's so truly awful that it may become necessary at some point to invent new terms in order to adequately categorize some of the profoundly stupid things that they're doing.) So Obama is allowed to carry one, why, exactly? pgptX73srHxsY.pgp Description: PGP signature ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] U.A.E. Declares BlackBerry a Security Risk
Why the BlackBerry in particular? Perhaps because their entire operation is run as poorly as their email system? So Obama is allowed to carry one, why, exactly? I'm reminded of a past workplace. They gave me a crackberry until I made it clear I had no intention of reading my email on it, at which point they reclaimed it and gave it to someone else. (Small loss; the user interface would have driven me nuts to try to use to any significant extent.) I would have expected giving one's login password to someone outside the company would be a firing offense, but apparently it's OK when the someone in question is RIM. I've never quite understood why. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTMLmo...@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] U.A.E. Declares BlackBerry a Security Risk
I'm reminded of a past workplace. [...crackberry...] I would have expected giving one's login password to someone outside the company would be a firing offense, but apparently it's OK when the someone in question is RIM. I've never quite understood why. Maybe the answer is something similar to or between the lines: Change company, now! Well yes, there is that. I did say a *past* workplace; if memory serves, that was the same company where they found a keylogger on the head accountant's machine - and just removed it and considered it done; in particular, they kept running Windows, they didn't do any how did this happen and how can we keep it from happening again investigation, they didn't do very much of anything in consequence. You can guess, maybe, why I'm not naming the company. :) /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTMLmo...@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] U.A.E. Declares BlackBerry a Security Risk
Rumor is, he's not anymore. It's a special other device. On Jul 26, 2010, at 11:24 AM, valdis.kletni...@vt.edu wrote: On Mon, 26 Jul 2010 09:44:23 EDT, Rich Kulawiec said: On Mon, Jul 26, 2010 at 07:08:43AM -0400, Larry Seltzer wrote: Why the BlackBerry in particular? Perhaps because their entire operation is run as poorly as their email system? (It's so truly awful that it may become necessary at some point to invent new terms in order to adequately categorize some of the profoundly stupid things that they're doing.) So Obama is allowed to carry one, why, exactly? -- Joel Esler http://www.joelesler.net ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] U.A.E. Declares BlackBerry a Security Risk
They said he was keeping it: http://news.cnet.com/8301-13739_3-10159055-46.html -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Joel Esler Sent: Monday, July 26, 2010 2:35 PM To: valdis.kletni...@vt.edu Cc: funsec@linuxbox.org; Rich Kulawiec Subject: Re: [funsec] U.A.E. Declares BlackBerry a Security Risk Rumor is, he's not anymore. It's a special other device. On Jul 26, 2010, at 11:24 AM, valdis.kletni...@vt.edu wrote: On Mon, 26 Jul 2010 09:44:23 EDT, Rich Kulawiec said: On Mon, Jul 26, 2010 at 07:08:43AM -0400, Larry Seltzer wrote: Why the BlackBerry in particular? Perhaps because their entire operation is run as poorly as their email system? (It's so truly awful that it may become necessary at some point to invent new terms in order to adequately categorize some of the profoundly stupid things that they're doing.) So Obama is allowed to carry one, why, exactly? -- Joel Esler http://www.joelesler.net ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Bad People Project by ISECOM
kind cool. http://www.isecom.org/bpp/bpp.html ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Differing takes on privacy
UAE says privacy is a security risk. http://www.bbc.co.uk/news/technology-10761210 US says openness is a security risk. http://www.bbc.co.uk/news/world-us-canada-10758578 == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org It is impossible for a man to begin to learn what he thinks he knows. - Epictetus victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://www.infosecbc.org/links http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] 'World's No. 1 hacker' tome rocks security world
Good details of sources. http://www.thebaskins.com/main/index.php?option=com_contentview=articleid=52 -- Lee Heath (mad...@gmail.com) The true man wants two things: danger and play. For that reason he wants woman, as the most dangerous plaything. - Friedrich Nietzsche ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Differing takes on privacy
Interesting to see that UAE is backed by facts evidence and the US position has almost universally failed. (w/r/t this type of security, not as a uniformly broad brush of course) On 7/26/2010 10:01 PM, Rob, grandpa of Ryan, Trevor, Devon Hannah wrote: UAE says privacy is a security risk. http://www.bbc.co.uk/news/technology-10761210 US says openness is a security risk. http://www.bbc.co.uk/news/world-us-canada-10758578 == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org It is impossible for a man to begin to learn what he thinks he knows. - Epictetus victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://www.infosecbc.org/links http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
