Please create an account to participate in the Slashdot moderation system


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:"there is NO EXCUSE to knowingly kill the kerne (Score 2) 294

Yeah, that's the quote everyone highlights, but he's a bit more nuanced about it when he's maybe a bit less pissed. Two e-mails in, you have

Killing machines because somebody made an assumption that was wrong is not ok.

Killing the machine is ok if we have a situation where there literally
is no other choice.

Comment Re:"there is NO EXCUSE to knowingly kill the kerne (Score 5, Informative) 294

If you actually read the thread, that's basically where he says it's appropriate, and only then.

The problem appears to be that people are using that feature in situations where recovery is feasible and desirable, or they're using it under the assumption that it only impacts people running special development kernels.

Comment Re:yes, no and kinda (Score 1) 79

My wife's Medtronic Insulin pump requires actually pushing an acknowledgment button before it will deliver insulin.

My wife just switched to an OmniPod, which doesn't have a UI of any sort on the pump unit itself. The controller commnunicates with the pump using what I believe is 433MHz FSK coding, and quite frankly I'm a terrified to start playing with a 433MHz capture board within range of her because I have a bad feeling about what I'll find...

That main thing that prevents a bolus overdose attack is that pumps make enough noise when they dispense a bolus that the wearer would notice it. However, if you increased the basal (especially overnight) it's quite possible they wouldn't catch that...

Comment Re:The gauntlet has been thrown (Score 1) 79

Actually, the effort required to do this hack is quite high...

Not it isn't.

Actually, I don't know for sure either way, but you have to be a fool to bet that it is. History has shown very consistently that security holes in any given product are always easier to exploit than the vendor will admit to, and they become less and less difficult as time passes without a proper fix.

Off hand, from the attack demo video the guy is running it off a Pi with a USB RF dongle... probably an obvious application of RTL-SDR. I suspect the biggest hurdle is that you'd need access to one of these pumps to build your attach tool.

An overdoes of insulin is indeed dangerous and can cause death if left untreated for an extended time...

You meant "underdose".

An overdose of insulin lowers blood glucose and results in hypoglycemia, which is extremely dangerous and can cause death very quickly if the diabetic happens to be doing something like, say, driving and doesn't catch the symptoms or blood sugar drops far too quickly. Being asleep would be another bad time to have glucose levels bottom out

Comment Re:The gauntlet has been thrown (Score 1) 79

Funny that type of thing never seems to happen in the real world.

That we know of.

But no, I don't think it's happening much yet. Their wireless tech is still quite primitive. I don't think it's going to be a real problem until manufacturers start putting these things on the Internet and open them up to the same people turning IP cameras into botnets. They'll be adding smartphone integration first, of course (most of these devices upload data via USB currently), but inevitably they'll add wifi integration. If they don't learn something about security before then it's going to be bad.

Comment Re:The gauntlet has been thrown (Score 1) 79

Considering the proximty and time required for a successful hack

"Time required" is dependent on how often the devices generate the packets you'd need to hack. Odds are if you park yourself in the middle of a food court or restaurant you'll find a few victims quite easily since pump users need to tweak settings when they sit down to eat.

As far as proximity or someone being smart enough to do it... it doesn't sound like rocket science and I wouldn't bet against it. A laptop with a $10 RTL2832U/R820T2 dongle is enough to mess with 900MHz signals, so if someone comes up with a script then it's a good bet that a bored dipshit would find it funny to fire it up somewhere.

Comment Re:Not a nice way to die (Score 1) 429

... the ordinary mousetrap is humane, effective, reusable, and available in multiple sizes. They kill instantly; you'll never find a mousetrap with a live rodent wiggling around in it.

Just don't try to use mouse traps on rats. In my last house I discovered we had rats when the mouse traps started to disappear. I had to anchor the things and then add some rat traps.

It would've saved a lot of grief if I could have allowed my cats into the basement of that place.

Comment Re: Arrest warrent is being drawn up now (Score 1) 337

That's an extraordinary claim, I await your extraordinary evidence with intrigue.

It's a stretch, but with the kind of sentence that hackers tend to face (10x longer than the average rapist is typical, I believe), it's plausible enough to be worth following. Assuming he mounted a defense instead of pleading to something lesser.

Slashdot Top Deals

"'Tis true, 'tis pity, and pity 'tis 'tis true." -- Poloniouius, in Willie the Shake's _Hamlet, Prince of Darkness_