Prominent healthcare CIO: FDA medical device security warning “will be the first of many”

Dr. John Halamka has taken to his "Life as a Healthcare CIO" blog to sound the alarm on medical device threats in the wake of the FDA late last week issuing its first cybersecurity warning about a specific medical device.The Food and Drug Administration urged healthcare facilities to stop using Hospira's Symbiq Infusion System, a common device for dispensing fluids/drugs to patients that the manufacturer says is being removed from the market. The warning spells out that the devices could be accessed via a hospital network and rejiggered to mess up a patient's dosage. The FDA said it's not aware of any hacking incidents involving the pumps, whose vulnerability was initially warned of on the US-CERT site in June and then the Industrial Control Systems CERT site in mid-July.To read this article in full or to leave a comment, please click here

Consumers still don’t get two-factor authentication

LAS VEGAS – Telesign, a mobile identity solutions provider, continued to educate the public about its free “Turn It On” Campaign – a step-by-step instructional guide to two-factor authentication (2FA) on some of the most visited websites – at this year’s Black Hat security conference.  Co-founder Ryan Disraeli says that based on Telesign’s “Consumer Account Security Report,” it’s clear consumers want more security but don’t know much – if anything – about 2FA.The report, a study of the changing attitudes and behavior of consumers around their online security, found that “80 percent of consumers worry about online security and 45 percent are extremely or very concerned about their accounts being hacked.”To read this article in full or to leave a comment, please click here

Attackers could take over Android devices by exploiting built-in remote support apps

Many smart phone manufacturers preload remote support tools on their Android devices in an insecure way, providing a method for hackers to take control of the devices through rogue apps or even SMS messages.The vulnerability was discovered by researchers from security firm Check Point Software Technologies, who presented it Thursday at the Black Hat security conference in Las Vegas. According to them, it affects hundreds of millions of Android devices from many manufacturers including Samsung Electronics, LG Electronics, HTC, Huawei Technologies and ZTE.Most of the flagship phones from different vendors come preloaded with remote support tools, Check Point researchers Ohad Bobrov and Avi Bashan said. In some cases they are installed by the manufacturers themselves, while in other cases by mobile carriers, they said.To read this article in full or to leave a comment, please click here

Has Epson killed the printer ink cartridge?

The answer is yes, at least based on this headline the other day in The Wall Street Journal: Review: Epson Kills the Printer Ink Cartridge.However, reading the analysis underneath the headline reveals a much more complicated picture: Epson has a new printer line that can store so much ink that you can practically forget about the need to ever refill it again.From the review written by Wilson Rothman: Epson, the maker of my nightmare printer, has finally put an end to the horror of ink cartridges, at least for people willing to throw cash at the problem up front. The five new EcoTank series printers look like normal models, only they have containers on their sides that hold gobs and gobs of ink. How much? Years’ worth. Enough that your children—or at least mine—could go on a two-hour coloring-page-printing bender and you wouldn’t even notice.To read this article in full or to leave a comment, please click here

IBM’s new $1B acquisition will help Watson ‘see’

IBM plans to buy Merge Healthcare in a $1 billion deal that promises to bring new image-focused capabilities to its Watson Health platform.Under the terms of the acquisition, which was announced Thursday and is expected to close later this year, Merge shareholders will receive $7.13 per share in cash. The deal is IBM’s third and largest major health-related acquisition since it launched its Watson Health unit in April.Merge’s technology provides medical image handling and processing and is currently used at more than 7,500 U.S. health care sites. IBM plans to use its Watson Health Cloud to analyze and cross-reference Merge’s medical images against lab results, electronic health records, genomic tests, clinical studies and other health-related data sources amounting to 315 billion data points and 90 million unique records.To read this article in full or to leave a comment, please click here

Black Hat 2015: IoT devices can become transmitters to steal data

It’s possible to get a printer and other inexpensive network and Internet of Things devices to transmit radio signals that are detectable far enough away that they could be used to steal data from compromised networks, a researcher tells the Black Hat 2015 conference.By rapidly turning on and off the outputs from I/O pins on chips within the printer, it’s possible to generate a signal strong enough to pass through a concrete wall and beyond to a receiver, says Ang Cui, a researcher who works at Red Balloon Security and did the research at Columbia University.+ Follow all the stories out of Black Hat 2015 +To read this article in full or to leave a comment, please click here

Wireshark 1.12.6 on Yosemite (OS X 10.10.4)

To run Wireshark on OS X you have to install X11 for some reason, and Apple has apparently stopped developing this.  It is now a separate thing called XQuartz.

It seems that at some point, either some files moved or a symlink got deleted, so Wireshark won’t start.  When you click it, the top menu says “Wireshark” but the user interface never appears.

To get Wireshark running do the following:

Download Quartz 2.2.7 and install it on your OS X 10.10.4 system.

Open a terminal window and enter this command to re-make the symbolic link:

sudo ln -s /opt/X11 /usr/X11

(you will need to be an admin user of the system and put in your password at this point).

Now install Wireshark and you should be good to go.


Wireshark 1.12.6 on Yosemite (OS X 10.10.4)

To run Wireshark on OS X you have to install X11 for some reason, and Apple has apparently stopped developing this.  It is now a separate thing called XQuartz.

It seems that at some point, either some files moved or a symlink got deleted, so Wireshark won’t start.  When you click it, the top menu says “Wireshark” but the user interface never appears.

To get Wireshark running do the following:

Download Quartz 2.2.7 and install it on your OS X 10.10.4 system.

Open a terminal window and enter this command to re-make the symbolic link:

sudo ln -s /opt/X11 /usr/X11

(you will need to be an admin user of the system and put in your password at this point).

Now install Wireshark and you should be good to go.


Proxy ARP

How does Internet work - We know what is networking

I found differed kinds of explanations about what that Proxy ARP is all about. After going through all of them this explanation came out. It is fairly simple technique for nodes to get MAC address of a destination host that is on the same subnet but behind a router. It’s a technique that enables our R7 router on the image below to proxy ARP request from C1 computer which tries to find MAC address of computer C3. You need to note that C1 has address from /16 range and that is why it thinks that 192.168.50.50 is the same subnet as

Proxy ARP

Android Stagefright: The heart attack that never happened

Since Joshua Drake of Zimperium announced his talk at the Black Hat conference on Twitter, speculation in the blogosphere has been rampant.    BLACKHAT USA 2015 Stagefright: Scary Code in the Heart of Android: https://t.co/oBZpiBFx1x by @jduck— Mobile Security (@Mobile_Sec) July 23, 2015 If some of the claims were true, Android phones would be exploding into flames. Since the introduction of version 4.1 Jelly Bean, Android has been protected from buffer-overflow vulnerabilities such as Stagefright with Address Space Layout Randomization (ASLR). A glance at the chart below reveals that 90% of the Android devices are protected by ASLR. Drake's estimate of one billion Android devices affected by this vulnerability was inflated.To read this article in full or to leave a comment, please click here

FBI hopes low-tech video will spark answers to $500 million art heist mystery

It’s been 25 years since two thieves, dressed as Boston police officers made off with $500 million worth of art from the Isabella Stewart Gardner Museum in Boston.The FBI this week released new video it says was captured by Museum security cameras 24 hours before the Gardner heist which the agency hopes might trigger some new leads in the very cold case.+More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2015 (so far!)+To read this article in full or to leave a comment, please click here

Black Hat 2015: Hacker shows how to alter messages on satellite network

Globalstar satellite transmissions used for tracking truck fleets and wilderness hikers can be hacked to alter messages being sent with possibly dire consequences for pilots, shipping lines, war correspondents and businesses that use the system to keep an eye on their remote assets.The technique, described at Black Hat 2015, can’t affect control of the Globalstar satellites themselves, just the messages they relay, but that could mean altering the apparent location of assets the system tracks. So a cargo container with a satellite location device in it could be made to seemingly disappear, or an airplane could be made to seem to veer off course, according to a briefing by Colby Moore, a security staffer at Synack.To read this article in full or to leave a comment, please click here

DNS parser, meet Go fuzzer

Here at CloudFlare we are heavy users of the github.com/miekg/dns Go DNS library and we make sure to contribute to its development as much as possible. Therefore when Dmitry Vyukov published go-fuzz and started to uncover tens of bugs in the Go standard library, our task was clear.

Hot Fuzz

Fuzzing is the technique of testing software by continuously feeding it inputs that are automatically mutated. For C/C++, the wildly successful afl-fuzz tool by Michał Zalewski uses instrumented source coverage to judge which mutations pushed the program into new paths, eventually hitting many rarely-tested branches.

go-fuzz applies the same technique to Go programs, instrumenting the source by rewriting it (like godebug does). An interesting difference between afl-fuzz and go-fuzz is that the former normally operates on file inputs to unmodified programs, while the latter asks you to write a Go function and passes inputs to that. The former usually forks a new process for each input, the latter keeps calling the function without restarting often.

There is no strong technical reason for this difference (and indeed afl recently gained the ability to behave like go-fuzz), but it's likely due to the different ecosystems in which they Continue reading

IDG Contributor Network: How one startup hopes to solve server underutilization

Only 20% to 50% of in-house server capacity is actually used, even with virtualization gains, according to numbers from MIT-connected startup Jisto. The company says it has a solution, though, which will save enterprises money.The problem that Jisto is looking to solve is that, although companies usually provision plenty of cloud and in-house server space, artificial static walls, which are created with ownership profiles and resource groups, create waste. Servers are underutilized.Redundancy-prone It isn't just the in-house servers, either. Cloud capacity is also redundancy-prone.To read this article in full or to leave a comment, please click here

U.S. Internet connection speeds still lag behind other developed nations

The average U.S. Internet connection speed continues to lag behind that of many other developed nations, according to the latest State of the Internet report from CDN and cloud service provider Akamai. In the first quarter of 2015, Akamai said, the average U.S. Internet connection speed was 11.9Mbps - considerably below the 23.6Mbps mark posted by South Korea, which had the fastest average connection speed worldwide. The top 10 was dominated by countries from Europe and east Asia, including Ireland, Hong Kong, Sweden and the Netherlands. The U.S. placed 19th in the rankings.To read this article in full or to leave a comment, please click here

Qualcomm bets on superfast broadband over copper with latest acquisition

Qualcomm has entered into an agreement to acquire Ikanos Communications in order to speed up its efforts to build home gateways with integrated support for G.fast, which promises to offer hundreds of megabit per second over copper.If all goes according to plan, Ikanos will become part of the company’s Qualcomm Atheros subsidiary. Qualcomm seems keen on getting Ikanos, because it’s paying US$2.75 per share, compared to the $1.75 Ikanos’ shares were worth at the close of the market on Wednesday.Qualcomm’s plan is to combine its own Wi-Fi, powerline, small cell, and ethernet chipsets with Ikanos wired modem technology to create a more complete offering for home gateway products, it said.To read this article in full or to leave a comment, please click here

SDN, SD-WAN and FCoE on Gartner Networking Hype Cycle

Gartner has updated their networking hype cycle. Not surprisingly:

Gartner won’t give you free access to the graph, but you’ll find it in an article published on The Register.

1 3,370 3,371 3,372 3,373 3,374 3,844