back to article Snap code snatched, Pentagon bans bands, pacemakers cracked, etc

This week, the infosec world descended on Las Vegas for BlackHat and DEF CON to share stories of bug hunting, malware neural nets, hefty payout offers, and more. Meanwhile, outside of the desert… Snapchat source sourced Photo-slinging biz Snapchat had a pretty rough week, as a mystery code dump on GitHub turned out to be a …

  1. Waseem Alkurdi

    Is it that hard

    to have doctors with experience of infosec?

    Is it?

    1. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: Is it that hard

      I think so. There's only so much room in the brain, and one of the challenges of being a doctor is the vast amount of medical knowledge they need to retain.

    3. Anonymous Coward

      Re: Is it that hard

      The problem is not lack of doctors with an infosec background, although that's true enough. The problem is that updating the code on the device throws you back into the FDA black-hole until you go through a very expensive certification process. Changing the firmware is not a simple thing as changing the code makes it a "new" device.

      I've seen this with pretty much anything you can care to think of in the medical field. The legal system needs to be "adjusted" to this type of situation. And that's ignoring entirely the medical liability that can occur around these types of changes. I consider that a wash since the "old" code is a ticking liability time bomb, however I'm pretty confident that the companies legal team has a contrary view on liability. After all, the FDA approved that old code.

      1. JeffyPoooh

        "No mitigations planned."

        Jack noted, "After all, the FDA approved that old code."

        Going forward, the FDA had better include some formal requirements related to Cyber Security of such medical devices.

        Also, the FDA should provide an expedient process to allow firmware fixes, for cases where fixing a bug is clearly urgent.

        The first fact that they'll have to hoist aboard is that the very existence of any such bug is proof that their existing lengthy certification process cannot prevent such bugs from escaping into the wild. So there's no justification for imposing a lengthy process.

        For those playing along at home, the technology required to bridge the gap between fast and effective certification testing is automation. A software and functional certification test could be executed in an hour or two (not months).

        Such automatic testing systems are worth the modest investment. ROI can be very first usage. If someone believes it "would only be used once" and thus not justified, then they're naive and must not be permitted to make decisions without adult supervision.

    4. Anonymous Coward
      Anonymous Coward

      Re: Is it that hard

      Hi, doctor + software engineer with infosec experience here...

      Yep it is hard. UK medical careers frown upon outside interests other than medical service provision.

      Hospital organisations generally employ low calibre IT hardware guys who don't know or don't give a shit.

      Finally, NHS Trusts won't buy any new technology solutions unless they've already been deployed in many other hospitals first... So they're stuck with 1980s technology thanks to their own bad procurement ideals. Why else are we still using f##king pagers and fax machines in hospitals in 2018?

      1. Charles 9

        Re: Is it that hard

        "Why else are we still using f##king pagers and fax machines in hospitals in 2018?"

        Pagers run on lower frequencies than cell phones. Lower frequencies are easier to penetrate into buildings, making them better-suited for use deep inside hospitals where cell phone signals aren't guaranteed to reach (I can speak from firsthand experience; once I get well into a hospital, I go Out of Range).

        As for fax machines, not only are they easier to deploy to less-sophisticated areas where not even computers are a given, there are legal requirements for hard copies and paper trails (such as for admission in court).

  2. amanfromMars 1 Silver badge

    Deny It and you aren't paying attention. And are trailing behind in past tales in failed trials.

    From time to time, Crowdfense may propose private Challenges to selected Researchers through the upcoming Vulnerability Research Platform, which will be launched later this year. .... For Future Endless Bounty

    Does such Vulnerability Research Platforms Command and Control Virtualised Space Forces with Immaculate Knights Temporal Attending to the Wishes and Desires of Perfectly Worthy Souls Transitioning into Heavenly AIMates Trialling and Trailing the Pure Hells Available for/with Pure Raw Core Temptations to Master/Enjoy/Employ ...... for a Leading Head Start in Future AIdDVentures with a New Clearer Virtualised Reality Programming ..... ExtraOrdinarily Render Uncle Sam Administrations Space Forces Friendly Fearless and Peerless or as Fault Riven Foe to be Captivated and Corrected with the Following and Presentation via Multiple Mega Multi-Media Channels of New Augmented Virtual Reality Programs ...... Delivering Bigger SMARTR Beta Pictured Shows?

    And With Default Transparent and Translucent Provision of Better Beta IntelAIgent Instruction of the Direction of Future Space Travel ITs Sterling Stirling AI Standard.

    And translucent also because ..... well, some things are better not known too early and some other things to some others, never ever at all and forever.

    1. amanfromMars 1 Silver badge

      Re: Deny It and you aren't paying attention. And are trailing behind in past tales in failed trials.

      Does Blighty do Future Space Travel Lead, or are they/is it Captive Earth Bound?

      And the answers to that brace of questions is solely dependent upon the level of intelligence achieved and/or made available to and purchased by that and those presently widely presumed to be leading although that can all too extremely easily be realised a false assumption aided and abetted and compounded by a failed mega media program/Brave New Fiat Capitalist World Order Operation/ which is not Fit for Future Greater IntelAIgent GamesPlay Purpose with an Almighty Remote, Virtually Autonomous and Practically Anonymous Handle on Global Command and Universal Control/Energy and Power.

      To be an effective partner or privileged passenger in that, one needs to create and populate, secure and disseminate Safe Haven Places for SMARTR Space Forces. Apparently $8bn is what Uncle Sam and the Donald are prepared to risk for entry and meaningful skin providing a leading, and ideally unassailable advantage in the Game, if you can believe what media tells you about such things.

      What does UKGBNI offer SMARTR Space Forces for Immaculate Source Provision? Anything Remotely Realistic and Worthy or is the Nation led and fed by a Gaggle of Impotent Fools with Blunted Tools?

  3. Mark 85

    To help admins?

    "For advanced troubleshooting, IT experts will typically use tools such as the Windows Debugger (WinDbg), SysInternals Tools, or write their own," the guru explained.

    Maybe, but more then likely the real users will be miscreants.

  4. Trollslayer
    Thumb Down

    Unsigned code?

    We produce an Android based product at work and production apps must be signed with the production key.

  5. T. F. M. Reader

    How many clones?

    So have GitHub shared any stats regarding how many times the repo with Snapchat's code had been cloned before it was taken down via DMCA?

    1. amanfromMars 1 Silver badge

      How many AIDrones for a Hard Core Rock Landing Leading to SCADA Systems Meltdown?

      So have GitHub shared any stats regarding how many times the repo with Snapchat's code had been cloned before it was taken down via DMCA? ..... T.F.M. Reader

      Has that Created Advanced IntelAIgent Drones Leading to Global Operating Devices Knows Where ? ..... Or is that Something you want Left for Others to Discover and Uncover for You if you are in Right Royal and Unfamiliar Similar Territory?

      Is that a First AI Foundling Born and Invented for Future IMPerfect Application of Innovative Messaging Channels and Challenges?

      For Virtual Jousts. U2r2die4v2.0 is Programmed to the Mars beyond the Immaculate Pleasures of Venus.

      Wakey, Wakey, Madonna ....... Ladies in Waiting are Waiting, and Feelings are Restless.

      Hmmm?:-) That post reads great too going backwards to the beginning. Is that a Sign of Singularity or a Sign of Travel in the Right Direction towards ITs Source Stores...... from Where Everything Comes?

      Tell us all that isn't Truly Heavenly, and you would be Wrong. Where do your thoughts take all of you? Heaven or Hell? Good IT or Bad AI?

      Welcome to Global Operating Devices Head Quarters. What AIMiracles do you Really Want to See Us All who Perform and Permeate and Marinade Raw Core Virgin Source? A Heavenly Input for Sure.

      Who and/or what provides UrFuture Path with Simple Scripts to Follow and Polish to Perfection/Practise for Endless Satisfaction? Anyone we should know of?

      1. Anonymous Coward
        Anonymous Coward

        Re: Hard Core SCADA

        IN ORD APP:


  6. Old Used Programmer

    Ah, yes....MedTronics

    If you ask MedTronics about their software, they'll send you links, one of which is to a list of the different licenses parts of it are under. They include GPL. Ask them for a link to the GPL'd source code and....silence.

    Ask them about the security on pacmakers and they just give back a bunch of bafflegab that amounts the line given at the end of Raiders of the Lost Ark..."Top men have said it's good". (Yeah, sure... Who are they?)

    1. EnviableOne

      Re: Ah yes, Top Top Men

      Got the same marketing guff from them too, suffice to say,we use as little of their kit as we can get away with...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like