Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

+ - Researcher: drug Infusion Pump is the 'least secure IP device' he's ever seen->

Submitted by chicksdaddy
chicksdaddy writes: This is a bad month for the medical equipment maker Hospira. First, security researcher Billy Rios finds a raft of serious and remotely exploitable holes in the company's MedNet software, prompting a vulnerability alert from ICS CERT. Now, one month later, ICS CERT is again warning of a "10 out of 10" critical vulnerability, this time in Hospira's LifeCare PCA drug infusion pump.(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3459)

The problem? According to this report by Security Ledger (https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/) the main problem was an almost total lack of security controls on the device. According to independent researcher Jeremy Williams, the PCA pump listens on Telnet port 23. Connecting to the device via Telnet, he was brought immediately to a root shell account that gave him total, administrator level access to the pump without authentication. “The only thing I needed to get in was an interest in the pump,” he said.

Richards found other examples of loose security on the PCA 3: a FTP server that could be accessed without authentication and an embedded web server that runs Common Gateway Interface (CGI). That could allow an attacker to tamper with the pump’s operation using fairly simple scripts.

Also: The PCA pump stores wireless keys used to connect to the local (medical device) wireless network in plain text on the device. That means anyone with physical access to the Pump (which has an ethernet port) could gain access to the local medical device network and other devices on it.
The problems prompted Richards to call the PCA 3 pump “the least secure IP enabled device” he has ever worked with. (http://hextechsecurity.com/?p=123)

Hospira did not responded to requests for comment prior to publication.

Link to Original Source
Biotech

Apple's Plans For Your DNA 93

Posted by Soulskill
from the download-a-parkinson's-cure-from-itunes dept.
An anonymous reader writes: MIT's Technology Review breaks news that Apple is working with scientists to create apps that collect and evaluate users' DNA. "The apps are based on ResearchKit, a software platform Apple introduced in March that helps hospitals or scientists run medical studies on iPhones by collecting data from the devices' sensors or through surveys." A source says Apple's plan is to enable users to easily share their DNA information with medical workers and researchers performing studies. "To join one of the studies, a person would agree to have a gene test carried out—for instance, by returning a "spit kit" to a laboratory approved by Apple. The first such labs are said to be the advanced gene-sequencing centers operated by UCSF and Mount Sinai."
EU

Europe Vows To Get Rid of Geo-Blocking 101

Posted by Soulskill
from the this-article-only-available-at-select-latitudes dept.
AmiMoJo writes: The European Commission has adopted a new set of initiatives for digital technologies that aims to improve access to online services for everyday users. Among other things, Europe vows to end geo-blocking, which it describes as "a discriminatory practice used for commercial reasons," and lift other unwarranted copyright restrictions. Consumers will have the right to access content they purchased at home in other European countries. "I want to see every consumer getting the best deals and every business accessing the widest market – wherever they are in Europe," Commission President Jean-Claude Juncker says.
News

Two Programmers Expose Dysfunction and Abuse In the Seattle Police Department 230

Posted by Soulskill
from the now-keep-your-heads-down dept.
reifman writes: Programmers Eric Rachner and Phil Mocek are now the closest thing Seattle has to a civilian police-oversight board. Through shrewd use of Washington's Public Records Act, the two have acquired hundreds of reports, videos, and 911 calls related to the Seattle Police Department's internal investigations of officer misconduct. Among some of Rachner and Mocek's findings: a total of 1,028 SPD employees (including civilian employees) were investigated between 2010 and 2013. (The current number of total SPD staff is 1,820.) Of the 11 most-investigated employees—one was investigated 18 times during the three-year period—every single one of them is still on the force, according to SPD.

In 569 allegations of excessive or inappropriate use of force (arising from 363 incidents), only seven were sustained—meaning 99 percent of cases were dismissed. Exoneration rates were only slightly smaller when looking at all the cases — of the total 2,232 allegations, 284 were sustained. This is partly why the Seattle PD is under a federal consent decree for retraining and oversight. You can check out some of the typically excellent Twitter coverage by Mocek from his #MayDaySea coverage.

+ - Apple's Plans For Your DNA->

Submitted by Anonymous Coward
An anonymous reader writes: MIT's Technology Review breaks news that Apple is working with scientists to create apps that test and evaluate users' DNA. "The apps are based on ResearchKit, a software platform Apple introduced in March that helps hospitals or scientists run medical studies on iPhones by collecting data from the devices’ sensors or through surveys." A source says Apple's plan is to enable users to easily share their DNA information with medical workers and researchers performing studies. "To join one of the studies, a person would agree to have a gene test carried out—for instance, by returning a “spit kit” to a laboratory approved by Apple. The first such labs are said to be the advanced gene-sequencing centers operated by UCSF and Mount Sinai."
Link to Original Source
Displays

Oculus Rift Launching In Q1 2016 71

Posted by Soulskill
from the virtually-immediately dept.
An anonymous reader writes: Oculus has announced that their Rift virtual reality headset will be coming out sometime in the first quarter of 2016. They've also posted a couple images of the final consumer headset design. The device was Kickstarted in August, 2012. Consumer-level release dates have slowly slipped further and further out since then, though they've shipped two different development kits. Ars points out that a 2016 launch date will bring the Oculus Rift to market after the Valve/HTC VR headset, and possibly after Sony's Project Morpheus.
Businesses

Apple Gets Antitrust Scrutiny Over Music Deals 42

Posted by Soulskill
from the apple-a-day-keeps-the-competition-at-bay dept.
An anonymous reader writes: Bloomberg reports that the U.S. Federal Trade Commission is probing Apple after its acquisition of Beats Electronics, and its various deals with record labels to sell music through the iTunes store. As part of the acquisition, Apple now owns the music streaming service created by Beats, and they're planning to release a new version sometime soon. This makes their ties to the record labels, already deep because of iTunes, even stronger — and could affect the labels' relationships with other streaming services, like Spotify. Investigators want to know if Apple is using these business deals as leverage for "curtailing ad-supported music and pushing more songs into paid tiers of service at higher rates."
Medicine

The Medical Bill Mystery 466

Posted by Soulskill
from the $70-convenience-charge-to-process-the-convenience-charge dept.
HughPickens.com writes: Elisabeth Rosenthal writes in the NY Times that she has spent the past six months trying to figure out a medical bill for $225 that includes "Test codes: 105, 127, 164, to name a few. CPT codes: 87481, 87491, 87798 and others" and she really doesn't want to pay it until she understands what it's for. "At first, I left messages on the lab's billing office voice mail asking for an explanation. A few months ago, when someone finally called back, she said she could not tell me what the codes were for because that would violate patient privacy. After I pointed out that I was the patient in question, she said, politely: 'I'm sorry, this is what I'm told, and I don't want to lose my job.'" Bills variously use CPT, HCPCS or ICD-9 codes. Some have abbreviations and scientific terms that you need a medical dictionary or a graduate degree to comprehend. Some have no information at all. A Seattle resident received a $45,000 hospital bill with the explanation "miscellaneous."

So what's the problem? "Medical bills and explanation of benefits are undecipherable and incomprehensible even for experts to understand, and the law is very forgiving about that," says Mark Hall. "We've not seen a lot of pressure to standardize medical billing, but there's certainly a need." Hospitals and medical clinics say that detailed bills are simply too complicated for patients and that they provide the information required by insurers. But with rising copays and deductibles, patients are shouldering an increasing burden. One recent study found that up to 90 percent of hospital bills contain errors. An audit by Equifax found that hospital bills totaling more than $10,000 contained an average error of $1,300. "There are no industry standards with regards to what information a patient should receive regarding their bill," says Cyndee Weston, executive director of the American Medical Billing Association. "The software industry has pretty much decided what information patients should receive, and to my knowledge, they have not had any stakeholder input. That would certainly be a worthwhile project for our industry."

+ - SpaceX Lauch Abort Test Successful->

Submitted by Anonymous Coward
An anonymous reader writes: As we discussed yesterday, SpaceX launched a prototype this morning to test its Dragon passenger capsule in an aborted launch. The test was a success — the capsule separated cleanly, propelled itself to a safe distance, deployed its parachutes, and floaty gently down to a water landing, where it remained floating. You can watch video of the test on SpaceX's website — skip to 15:40 to get right to it. Externally, everything seems to have gone fine. I'm sure we'll hear in the coming weeks whether the downrange distance was ideal, and whether they hit their splashdown target — and how the crash test dummy inside the capsule weathered the abort!
Link to Original Source

+ - Apple Gets Antitrust Scrutiny Over Music Deals->

Submitted by Anonymous Coward
An anonymous reader writes: Bloomberg reports that the U.S. Federal Trade Commission is probing Apple after its acquisition of Beats Electronics, and its various deals with record labels to sell music through the iTunes store. As part of the acquisition, Apple now owns the music streaming service created by Beats, and they're planning to release a new version. This makes their ties to the record labels, already deep because of iTunes, even stronger — and could affect the labels' relationships with other streaming services, like Spotify. Investigators want to know if Apple is using these business deals as leverage for "curtailing ad-supported music and pushing more songs into paid tiers of service at higher rates."
Link to Original Source
Transportation

Self-Driving Big Rigs Become a Reality 208

Posted by Soulskill
from the life-imitates-maximum-overdrive dept.
drinkypoo writes: We've been discussing the importance of automating over-the-road trucking here on Slashdot whenever self-driving vehicles come up in conversation. Jalopnik reports that the Freightliner "Inspiration Truck" will be the first autonomous commercial truck to drive on American roads. It's been given the green light to start testing its self-driving technology on the roads of Nevada. A human will be present at the wheel at all times, and will take control whenever the truck is in more populated areas. "Given a big trucks' long stopping distances and limited maneuverability, driving one requires the ability to correctly predict what's going to happen far out ahead. That requires foresight and intuition that are difficult to program into computers."

+ - Oculus Rift Launching In Q1 2016->

Submitted by Anonymous Coward
An anonymous reader writes: Oculus has announced that their Rift virtual reality headset will be coming out sometime in the first quarter of 2016. They've also posted a couple images of the final consumer headset design. The device was Kickstarted in August, 2012. Consumer-level release dates have slowly slipped further and further out since then, though they've shipped two different development kits. Ars points out that a 2015 launch date will bring the Oculus Rift to market after the Valve/HTC headset, and possibly after Sony's Project Morpheus.
Link to Original Source
Government

Extreme Secrecy Eroding Support For Trans-Pacific Partnership 160

Posted by Soulskill
from the gee-that's-a-shame dept.
schwit1 writes with news that political support for the Trans-Pacific Partnership is drying up because of the secrecy involved in developing it. Members of Congress can read the bill if they want, but they need to be located in a single room within the basement of the Capitol Visitor Center, and they can't have their staff with them. They can't have a copy, they can't take notes, and they can only view one section at a time. And they're monitored while they read it. Unsurprisingly, this is souring many members of Congress on the controversial trade agreement.

"Administration aides say they can’t make the details public because the negotiations are still going on with multiple countries at once; if for example, Vietnam knew what the American bottom line was with Japan, that might drive them to change their own terms. Trade might not seem like a national security issue, they say, but it is (and foreign governments regularly try to hack their way in to American trade deliberations)."

Weekend, where are you?

Working...