Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Tuesday's security updates
  • Why Aren't There Better Cybersecurity Regulations for Medical Devices?

    This summer, the Food and Drug Administration warned hospitals to stop using a line of drug pumps because of a cybersecurity risk: a vulnerability that could allow an attacker to remotely deliver a fatal dose to a patient. SAINT Corporation engineer Jeremy Richards, one of the researchers who discovered the vulnerability, called the drug pump the “the least secure IP enabled device I’ve ever touched in my life.”

    There is a growing body of research that shows just how defenseless many critical medical devices are to cyberattack. Research over the last couple of years has revealed that hundreds of medical devices use hard-coded passwords. Other devices use default admin passwords, then warn hospitals in the documentation not to change them.

  • Congress Introduces Provision That Could Make Vehicle Security Research Illegal

    Far too often Congress proposes tech legislation that is either poorly researched or poorly drafted (or both). Fortunately, most of the bills don't advance. Unfortunately, this doesn’t seem to dissuade Congress from constantly writing these types of bills. The House Energy and Commerce Committee released such a bill last week. It's only a discussion draft and hasn't been introduced as a formal bill yet, but its provisions would not only effectively put the brakes on car security research, but also immunize auto manufactures from FTC privacy enforcement when (not if) they fail to secure our cars. It's a classic one-two punch from Congress: not understanding something and then deciding to draft a bill about it anyway.

  • Crypto researchers: Time to use something better than 1024-bit encryption

    It’s possible for entities with vast computing resources – such as the NSA and major national governments - to compromise commonly used Diffie-Hellman keys, and over time more groups will be able to afford cracking them as computing costs go down.

  • The first rule of zero-days is no one talks about zero-days (so we’ll explain)

    How do you defend yourself against the unknown? That is crux of the zero-day vulnerability: a software vulnerability that, by definition, is unknown by the user of the software and often its developer as well.

    Everything about the zero-day market, from research and discovery through disclosure and active exploitation, is predicated upon this fear of the unknown—a fear that has been amplified and distorted by the media. Is the world really at threat of destabilisation due to lone-wolf hackers digging up vulnerabilities in popular software packages and selling them to whichever repressive government offers the most money? Or is it just a classic case of the media and megacorp lobbyists focusing on the sexy, scary, offensive side of things, and glossing over the less alluring aspects?

More in Tux Machines

Type Title Author Replies Last Postsort icon
Page Tux Machines IRC Logs 2021 Archive Roy Schestowitz 26/12/2022 - 4:29am
Story Nate Graham: KDE 2021 roadmap mid-year update Roy Schestowitz 1 27/06/2022 - 5:08pm
Story digiKam 7.7.0 is released Roy Schestowitz 27/06/2022 - 5:02pm
Story Mozilla Firefox 102 Is Now Available for Download, Adds Geoclue Support on Linux Marius Nestor 1 27/06/2022 - 5:00pm
Story Dilution and Misuse of the "Linux" Brand Roy Schestowitz 27/06/2022 - 3:14pm
Story Samsung, Red Hat to Work on Linux Drivers for Future Tech Roy Schestowitz 27/06/2022 - 3:12pm
Story How the Eyüpsultan district of Turkey uses GNU/Linux Roy Schestowitz 1 27/06/2022 - 3:02pm
Story today's howtos Roy Schestowitz 27/06/2022 - 3:00pm
Story Red Hat Hires a Blind Software Engineer to Improve Accessibility on Linux Desktop Roy Schestowitz 27/06/2022 - 2:49pm
Story Today in Techrights Roy Schestowitz 27/06/2022 - 2:48pm