Become a fan of Slashdot on Facebook


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Is it really a war? (Score 1) 101

But it's a pretty minor league attack against the "internet". Twitter is down? The NYT?

I was just reading a Facebook comment from a friend about a hospital basically shutting down... presumably they had a dependency on something "in the cloud".

Now, I'll certainly grant that said hospital fucked up beyond belief by having that dependency, and I'd hope that heads will roll over it, but the impact seems to go beyond mere entertainment.

Comment Re:"there is NO EXCUSE to knowingly kill the kerne (Score 2) 294

Yeah, that's the quote everyone highlights, but he's a bit more nuanced about it when he's maybe a bit less pissed. Two e-mails in, you have

Killing machines because somebody made an assumption that was wrong is not ok.

Killing the machine is ok if we have a situation where there literally
is no other choice.

Comment Re:"there is NO EXCUSE to knowingly kill the kerne (Score 5, Informative) 294

If you actually read the thread, that's basically where he says it's appropriate, and only then.

The problem appears to be that people are using that feature in situations where recovery is feasible and desirable, or they're using it under the assumption that it only impacts people running special development kernels.

Comment Re:yes, no and kinda (Score 1) 79

My wife's Medtronic Insulin pump requires actually pushing an acknowledgment button before it will deliver insulin.

My wife just switched to an OmniPod, which doesn't have a UI of any sort on the pump unit itself. The controller commnunicates with the pump using what I believe is 433MHz FSK coding, and quite frankly I'm a terrified to start playing with a 433MHz capture board within range of her because I have a bad feeling about what I'll find...

That main thing that prevents a bolus overdose attack is that pumps make enough noise when they dispense a bolus that the wearer would notice it. However, if you increased the basal (especially overnight) it's quite possible they wouldn't catch that...

Comment Re:The gauntlet has been thrown (Score 1) 79

Actually, the effort required to do this hack is quite high...

Not it isn't.

Actually, I don't know for sure either way, but you have to be a fool to bet that it is. History has shown very consistently that security holes in any given product are always easier to exploit than the vendor will admit to, and they become less and less difficult as time passes without a proper fix.

Off hand, from the attack demo video the guy is running it off a Pi with a USB RF dongle... probably an obvious application of RTL-SDR. I suspect the biggest hurdle is that you'd need access to one of these pumps to build your attach tool.

An overdoes of insulin is indeed dangerous and can cause death if left untreated for an extended time...

You meant "underdose".

An overdose of insulin lowers blood glucose and results in hypoglycemia, which is extremely dangerous and can cause death very quickly if the diabetic happens to be doing something like, say, driving and doesn't catch the symptoms or blood sugar drops far too quickly. Being asleep would be another bad time to have glucose levels bottom out

Comment Re:The gauntlet has been thrown (Score 1) 79

Funny that type of thing never seems to happen in the real world.

That we know of.

But no, I don't think it's happening much yet. Their wireless tech is still quite primitive. I don't think it's going to be a real problem until manufacturers start putting these things on the Internet and open them up to the same people turning IP cameras into botnets. They'll be adding smartphone integration first, of course (most of these devices upload data via USB currently), but inevitably they'll add wifi integration. If they don't learn something about security before then it's going to be bad.

Comment Re:The gauntlet has been thrown (Score 1) 79

Considering the proximty and time required for a successful hack

"Time required" is dependent on how often the devices generate the packets you'd need to hack. Odds are if you park yourself in the middle of a food court or restaurant you'll find a few victims quite easily since pump users need to tweak settings when they sit down to eat.

As far as proximity or someone being smart enough to do it... it doesn't sound like rocket science and I wouldn't bet against it. A laptop with a $10 RTL2832U/R820T2 dongle is enough to mess with 900MHz signals, so if someone comes up with a script then it's a good bet that a bored dipshit would find it funny to fire it up somewhere.

Slashdot Top Deals

All constants are variables.