Category Archives: Security

by

Patient monitors altered, drug dispensary popped in colossal hospital hack • The Register

“The findings show an industry in turmoil: lack of executive support; insufficient talent; improper implementations of technology; outdated understanding of adversaries; lack of leadership, and a misguided reliance upon compliance,” the team said.

“[It] illustrates our greatest fear: patient health remains extremely vulnerable. One overarching finding of our research is that the industry focuses almost exclusively on the protection of patient health records, and rarely addresses threats to or the protection of patient health from a cyber threat perspective.”

Hospital information security is “drastically” underfunded, training flawed at all levels, networks are insecure, and policy and audits largely absent and at best flawed when they do exist.

Source: Patient monitors altered, drug dispensary popped in colossal hospital hack • The Register

by

Is zero-effort computer security a dream? – Help Net Security

In the ZEBRA system, every user is required to wear a Bluetooth-enabled bracelet, similar to a Fitbit, and the system knows who is wearing which bracelet. When the user logs into a device the first time, the system establishes a secure connection to the bracelet. While the user interacts with the device, the bracelet will send the measurements generated by the interactions over to the device. The device then uses a machine learning classifier to map those actions into a sequence of predicted interactions.

Source: Is zero-effort computer security a dream? – Help Net Security

by

Errata Security: Hackers aren’t smart — people are stupid

The top three hacking problems for the last 10 years are “phishing”, “password reuse”, and “SQL injection”. These problems are extremely simple, as measured by the fact that teenagers are able to exploit them. Yet they persist because, unless someone is interested in hacking, they are unable to learn them. They ignore important details. They fail at grasping the core concept.

Source: Errata Security: Hackers aren’t smart — people are stupid

by

Penn professor’s computer algorithm could fight terrorism while protecting privacy

Professor Michael Kearns, national center chair in the Department of Computer and Information Science, just published a paper on a computer algorithm that can use the structure of social networks to target certain individuals or groups — without compromising the privacy of people who are not involved. The algorithm would come with many applications, but Kearns is currently most interested in potential for counterterrorism.

“It’s an algorithm to use the social network to guide the search for some targeted subpopulation, which in the case of the NSA you can think of as some group of terrorists or other bad actors,” Kearns said.

If created, this algorithm could have major implications for the political scene, particularly after former CIA member Edward Snowden’s revelations of the information that the government has kept secret from the public. The algorithm is possibly the only solution developed so far to find a middle ground between national security and personal security.

Source: The Daily Pennsylvanian – | Penn professor’s computer algorithm could fight terrorism while protecting privacy