lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4C4D6709.3000408@linuxbox.org>
Date: Mon, 26 Jul 2010 13:44:25 +0300
From: Gadi Evron <ge@...uxbox.org>
To: FunSec <funsec@...uxbox.org>, full-disclosure@...ts.grok.org.uk
Subject: Paper on the law and Implantable Devices security

A new research paper from the Freedom And Law Center deals with issues 
that some of us keep raising these past few years, and does a good job 
at it - bionic hacking (or cybernetic hacking if you prefer).

"Killed by Code: Software Transparency in Implantable Medical Devices" 
outlines some of the history of these devices and even shows some cases 
where devices have been recalled (likely due to software issues).

Some of the paper's recommendations are especially interesting, such as 
to create a database of implantable devices code, so that if the vendor 
disappears it can still be patched (I rephrased).

While unintentional, I am considered the father of this field (not that 
I'm complaining) and I can't even begin to tell you how excited I am 
that a field I have been evangelizing for some years now if finally 
getting more attention -- even if from the legal standpoint with the 
main concern of liability.

Still, I can't help but maintain some skepticism that before some 
disaster happens (to us or others) this won't be taken too seriously.

The paper can be found here:
http://www.softwarefreedom.org/resources/2010/transparent-medical-devices.html

Here's a 2007 Wired article covering the subject from a talk I gave, 
covering the subject from a different perspective:
http://www.wired.com/threatlevel/2007/08/will-the-bionic/

	Gadi.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ