Security Leftovers
-
Tuesday's security updates
-
Why Aren't There Better Cybersecurity Regulations for Medical Devices?
This summer, the Food and Drug Administration warned hospitals to stop using a line of drug pumps because of a cybersecurity risk: a vulnerability that could allow an attacker to remotely deliver a fatal dose to a patient. SAINT Corporation engineer Jeremy Richards, one of the researchers who discovered the vulnerability, called the drug pump the “the least secure IP enabled device I’ve ever touched in my life.”
There is a growing body of research that shows just how defenseless many critical medical devices are to cyberattack. Research over the last couple of years has revealed that hundreds of medical devices use hard-coded passwords. Other devices use default admin passwords, then warn hospitals in the documentation not to change them.
-
Congress Introduces Provision That Could Make Vehicle Security Research Illegal
Far too often Congress proposes tech legislation that is either poorly researched or poorly drafted (or both). Fortunately, most of the bills don't advance. Unfortunately, this doesn’t seem to dissuade Congress from constantly writing these types of bills. The House Energy and Commerce Committee released such a bill last week. It's only a discussion draft and hasn't been introduced as a formal bill yet, but its provisions would not only effectively put the brakes on car security research, but also immunize auto manufactures from FTC privacy enforcement when (not if) they fail to secure our cars. It's a classic one-two punch from Congress: not understanding something and then deciding to draft a bill about it anyway.
-
Crypto researchers: Time to use something better than 1024-bit encryption
It’s possible for entities with vast computing resources – such as the NSA and major national governments - to compromise commonly used Diffie-Hellman keys, and over time more groups will be able to afford cracking them as computing costs go down.
-
The first rule of zero-days is no one talks about zero-days (so we’ll explain)
How do you defend yourself against the unknown? That is crux of the zero-day vulnerability: a software vulnerability that, by definition, is unknown by the user of the software and often its developer as well.
Everything about the zero-day market, from research and discovery through disclosure and active exploitation, is predicated upon this fear of the unknown—a fear that has been amplified and distorted by the media. Is the world really at threat of destabilisation due to lone-wolf hackers digging up vulnerabilities in popular software packages and selling them to whichever repressive government offers the most money? Or is it just a classic case of the media and megacorp lobbyists focusing on the sexy, scary, offensive side of things, and glossing over the less alluring aspects?
- Login or register to post comments
- Printer-friendly version
- 1247 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago