Hacking Heart Attacks

So, Here
is an article talking about a hacking attack that can turn off a certain
type of heart-monitor/pacemaker. The heartmonitor in question is used to
regulate the heartbeat, speeding it up it it gets to slow and shocking it if
it gets to fast. It also incorporates a radio which is used for
reprogramming by medical techs, so that the programming can be maintained
without open surgery. Now, that right there is a big security concern; it's
a necessary function of such a device, sure, but it should be clear that
such an interface needs to be protected. Apparently, there's no
authentication or encryption on the communication, which says to me that
nothing at all was done to secure the device. The attack, researchers
found, could be used to turn off the monitor or to deliver unnecessary
shocks to the heart, podssibly causing a heart-attack ("potentially fatal
arrythmia," they call it).

Now, the researchers didn't share their methodology, so a malicious attacker
would have to find it out on their own. And the manufacturer said that
newer modles will incorporate encryption and authentication. And they say
the chance of an attack is low, and requires expensive ($30,000+) equipment
and physical proximity (within whatever radio range they use). In today's
world, though, I can't help but fear that it's only a stone's throw away
from yet another sort of terror attack by a suitably-funded and motivated
adversary. It doesn't have the ahck and shaw value of crashing planes into
buildings or suicide bombings, so maybe it will be disfavored as not
striking enough, but it still makre me (as a security professional)
uncomfortable that such a sensitive piece of equipment was made without any
concern for security.

Who Watches the Watchers?

So, I generally have a pretty high regard for responsible authority. What I
can stand, though, is when that authority is abused. I respect, for
example, Police officers in general for putting their lives on the line and
protecting average citizens from violent criminals. I'm less sympathetic
when they're enforcing what I consider to be generally arbitrary laws, such
as speed limits, but I'm still respecful of the officers. The fact of the
matter, though, is that they are in a position of power, and when that power
is abused to harrass rather than protect the citizens it needs to be called
out. I'm infuriated whenever I see a patrol car tailgating, or speeding
without it's siren on, or any other small infraction -- let alone the big
ones. I've commented on those sorts of things before, but I don't have
access right now to provide links. Police officers MUST be held to a higher
standard that regular citizens because they have higher authority and
executive powers than regular citizens.

Anyways, I bring this up because there's news
regarding a site called RateMyCop.com which, like other RateMy- sites,
allows people to lodge complaints against police officers when they feel
they were mistreated by them. (Arguably you could give officers a pat on
the back when they do a good job, too, but let's be cynical and assume that
will never happen.) Certain Police Officers have complained about the site,
saying it's a violation of pravacy or something, and there's been pressure
to shut the site down. (As a point of fact the original domain, GoDaddy,
did shut it down without notice, but the owner has found a new provider.)
Some people have commented championing the case of the police officers,
saying a lot of things from claiming the site could be used maliciously to
defame a good cop with sock-puppeteering enemies, to the fact that exposing
Police abuses undermines confidence in the police force and the laws they
uphold.

Now, there may be some truth to concerns regarding malicious use of the site
to defame this or that officer, but I think it's unlikely and, with an
amount of rationality, it can be accounted for. The site itself has no
bite, and I would expect that any repercussions based on the sight ought to
be properly investigated: you shouldn't be able to oust a guy because 100
anonymous people give him low marks, but if you can get twenty actual
citizens with real complaints then that says something. Some have noted
that there IS a way to file complaints against police officers, but it's
kind of a conflict of interests: you file complaints on the police WITH the
police, and call me cynical, but I imagine they have motivation to keep
their proverbial noses clean. Complaints aren't made public, and there's
definitely an Old Boys Club attitude in a lot, if not all, police
departments.

And yes, Police abuses undermine confidence in the police force, but
*ignoring* the problem doesn't make it go away. In fact, I might point out
that simply by resisting this sort of a checking system they are already
undermining confidence in themselves. As the enforcers are often quoted as
saying, "if you have nothing to hide, then you have nothing to fear."

(no subject)

I'm sad.

No real reason, I guess. Just a lot of little things. Projects at works dragging, my brother not being at home this weekend when I visit, no groceries, bills posting unexpectedly.

I'm not achingly sad, just... an unhappy feeling beneath everything.