The news last week was that the U.S. House Energy & Commerce Committee has asked the Government Accountability Office to investigate the security of the software that runs medical devices. But a prominent researcher says that security flaws in such devices are common, and that more federal oversight is necessary to change what he describes as a culture of lax security among medical device makers.
The hack of a commercially available insulin pump earlier this month at the DEFCON hacker conference has attracted the attention of members of the House Energy & Commerce Committee, which is now calling for a formal review of wireless medical devices like the pump.
We all know that the fake news shows like The Daily Show and Colbert Report are a lot smarter and more informative than the nightly “GlobalCarWreckStrangerAbductionSportsHighlight” montage that passes for the local news. Last night’s interview of famed hacker and security consultant Kevin Mitnick on the Colbert report proved it again.
The state of California has approved new rules to protect the data stored on so-called “smart meters,” in an effort to protect customer consumption data as household utilities are wired and connected to an IP-enabled “smart grid.”
Suppose you’re a IT professional who has an axe to grind against your employer, and knowledge of the company’s network and access necessary to really do some damage. You might consider launching said attack from a free, public Wi-fi hotspot, like the ones offered at chains like McDonald’s. That would be a smart idea – from your standpoint – and make it harder for you to get caught. You might _not_ want to use a personal credit card to buy a meal at said establishment, thereby putting you at the location at the exact time of the attack. That would be a _dumb_ idea.
In their latest effort, the online-collective Anonymous breached the Website of the San Francisco Bay Area Rapid Transit (BART) System.
Editor’s note: Finding Aaron Barr at this year’s DEFCON hacker conference in Las Vegas was like a giant game of “Where’s Waldo.” Given the events of the past year, you can hardly blame him for keeping a low profile. First there was the attack on him and his then-employer, HBGary Federal, his decision to part ways with HBGary, his work to rehabilitate his image and turn his personal misfortunes into a ‘teaching moment’ for the industry, and then the legal wrangling in recent weeks that threw cold water on his plans to take part in a panel discussion about Anonymous at DEFCON. Barr was courted by numerous news outlets at the show, including the mainstream media. But he preferred, for the most part, to keep his counsel. So when Aaron offered to contribute his thoughts on this year’s DEFCON to Threatpost, we jumped at it. Here’s what he had to say.
Rep. Mary Bono Mack, chair of the influential House committee that oversees information security, is asking for more information about the Shady RAT attacks that McAfee publicized last week, saying that the “details of the report are alarming at the least,” and asking that researchers brief members of the committee.
Scareware and Rogue AV are back with a vengeance in 2011, after receding in 2010 according to Kaspersky Lab’s latest threat evolution report.
During the Reagan Administration, the ‘government waste’ meme was all about $600 toilet seats and $300 hammers. Those looking for a more contemporary example of how government procurement gets it wrong might point, instead, to Project 25 (P25), a decade old effort to provide first responders and federal officials with a reliable and secure emergency radio system.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
