Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Encryption

Submission + - Pakistan Bans Encryption (techdirt.com)

Submitted by Anonymous Coward
An anonymous reader writes: After some rumors of this last month, Pakistan has now officially told all of the country's ISPs that they need to block all encrypted VPNs since content running over such things cannot be monitored by the government.

Comment Re:Pump User Here: (Score 1) 81

by DramaGeek (#36998066) Attached to: Probing Insulin Pumps For Vulnerabilities

What else would a hack simulate but the signal source? In my first two instances, bad data is introduced, but there is no danger to the patient. In the third, bad instructions may be sent, but they are echoed by the pump before starting. In the fourth, you not only have to have a valid serial to simulate, but you have to address it directly to another serial.
Did you read the article? The would-be hacker HAS the serials of his own devices, and still hasn't figured out how to hack them.

Comment Pump User Here: (Score 1) 81

by DramaGeek (#36997734) Attached to: Probing Insulin Pumps For Vulnerabilities

I realize many of these points are pointed out in the article, and I will be repeating them here for those of you who didn't read it:

There are several types of wireless communication built into my pump (A Minimed 722 with a CGMS sensor):
1.) Sensor (inserted elsewhere into body) sends current glucose level to pump
- Requires the sensor serial to be entered into the pump
- If hacked, would report a false glucose level to the pump. The pump NEVER acts on it's own, it only informs you of what the level is, so no danger. Also, for any treatment you are supposed to double check the level with a finger-poke as below.
- Also, if a level is reported that is out-of-pattern with the rest of values that the pump has been receiving, the pump assumes that the sensor is out of calibration or failing, and has you re-calibrate the sensor with a finger-poke.

2.) Meter (regular old finger-pokes) sends current glucose to monitor
- Requires meter serial to be entered into the pump.
- If hacked, the meter and the pump would show different numbers, making the manipulation obvious. Also, if someone randomly started sending values to my pump, I would know due to the fact that I wasn't currently checking my glucose.

3.) Remote sends instructions to deliver insulin
- Requires remote serial to be entered into pump
- Pump still vibrates/beeps to confirm delivery and dosage. Not exactly discrete.
- I'm not sure what other safeguards this has. I don't use it. I do know that if you don't have any serial numbers entered, it turns this feature off.

4.) USB Device gathers reports/programs pump
- Requires pump serial to be entered into computer.
- The 'USB Device' mentioned in the article is almost certainly a Carelink USB Upload device, used to upload data from the pump to a computer for gathering reports on glucose trends, patterns, other ways to fine-tune your treatment.
- I do know that these CAN be used to upload new settings to the pump, as I've seen them do it at my doctor's office.
- User software doesn't feature upload capability, so hackers would need to steal a copy of the 'pro' software from a doctor's office (additional security through obscurity?)

Of the four, the last two are the only ones that could alter insulin delivery, and the last one is the only one that would do it without notifying the user. You would have to develop a profile that had a high basal rate (background, continuous insulin delivery). Again, you would still need to get the serial number off the pump to initiate the upload.

Comment Actually (Score 1) 270

by DramaGeek (#32226940) Attached to: Any Open Source Solutions For DIY Auto Diagnostics?
I've just been looking at this for the past week or so, too! I've been looking at doing something like this for a while, and finally decided to order one of the cheap ELM327 clones off ebay for ~$20. I've been having a terrible time finding anything as far as decent free software for it. Scantool does offer a free version, but I can't get it to compile. The only thing that I've heard consistently good comments about is GPSDrive, but I haven't had time to fight to get that to compile either.

In the 'Stuff to watch' category though, I've found this developer working on hacking his GM HSCAN bus to the point that he can remote start his car from his Android phone with a bluetooth OBDII dongle. He's working on releasing a couple of Android apps, but everything looks good so far. Website http://gtosoft.webs.com/ and Blog http://gtosoft.blogspot.com/
Media

The Perils of DRM — When Content Providers Die 275

Posted by Soulskill from the involuntary-renting dept.
An anonymous reader writes "If you purchase music or movies online, what happens if the vendor goes out of business? Will you have trouble accessing your content? The question came up recently after HDGiants — provider of high-quality audio and video downloads — filed for Chapter 11 bankruptcy protection. A consumer says his content became locked inside his PC. Walmart customers suffered a similar fate last year when the retailer shut down its DRM servers (a decision they reversed after many complaints). And if Vudu dies? Your content may be locked in a proprietary box forever. Time to start buying discs again?"

Comment Re:Welcome to 1995 (Score 1) 254

by DramaGeek (#28209103) Attached to: Music Streaming to Overtake Downloads

...what we can do for free without their hardware (yeah, Verizon, I'm looking at YOU).

In some cases, we can do it for free WITH their hardware, too. I had a Motorola E815 a few years ago. Motorola designed it with a bunch of features (Bluetooth OBEX, microSD usage, Dialup tethering, music player off internal memory, etc.) that Verizon disabled so that you would have to pay and use their Get It Now service.

Fortunately, it was fairly easy so seem-edit the phone, and with the USB tether for the phone and a few questionably-legal programs you could re-enable all of the features. If you were really dedicated to the task, you could mash some of the alltel firmware in, and run Java (though I never did).

I would have replaced it with another of the same model (it was falling apart from wear and tear), but of course it had been replaced by the 'newest and greatest.'

Oh, and the best part of the phone? It DIDN'T run Verizon's OS.
Television

Norwegian Broadcasting Sets Up Its Own Tracker 187

Posted by timothy from the some-things-are-neutral dept.
eirikso writes with an interesting story from Norway; the state broadcaster there has decided to put up some of its content on BitTorrent. "The tracker is based on the same OpenTracker software that the Pirate Bay has been using for the last couple of years. By using BitTorrent we can reach our audience with full quality, unencrypted media files. Experience from our early tests show that if we're the best provider of our own content we also gain control of it."
Image

Student Arrested For Classroom Texting Screenshot-sm 1246

Posted by samzenpus from the the-strong-arm-of-the-education-system dept.
A 14-year-old Wisconsin girl was arrested and charged with disorderly conduct after she refused to stop texting during a high school math class. The girl denied having a phone when confronted by a school safety officer, but a female cop found it after frisking her. The Samsung Cricket was recovered "from the buttocks area" of the teenager, according to the police report. The girl was banned from school property for a week, and is scheduled for an April 20 court appearance for a misdemeanor disorderly conduct charge. I applaud the adults involved for their discretion and temperance in this heinous case of texting without permission.

Slashdot Top Deals

We are each entitled to our own opinion, but no one is entitled to his own facts. -- Patrick Moynihan

Close