* Posts by DaDoc

6 publicly visible posts • joined 9 Apr 2014

Password re-use is dangerous, right? So what about stopping it with password-sharing?

DaDoc

Re: Holy crap

It's you! They're coming for you!

Dropbox thinks outside the … we can't go there, not when a box becomes a 'collection of surfaces'

DaDoc

Wot?

Volkswagen used software to CHEAT on AIR POLLUTION tests, alleges US gov

DaDoc
Boffin

That's actually wrong. High levels of carbon dioxide in the blood render you unconscious, irrespective of the oxygen level in your blood. Carbon dioxide is in itself toxic to human beings at high levels. This toxicity shows itself in people with most severe chronic obstructive pulmonary disease who retain carbon dioxide when breathing.

What do you MEAN, 'Click on the thing which looks like a Mondrian?'

DaDoc

Re: You Think You've Got It Bad?

Ok, so you probably need to update your AOL CD to CompuServe, but you'll need a new TV with that.

Infusion pump is hackable … but rumours of death are exaggerated

DaDoc
Black Helicopters

Intensive Care

The article is a tad one-sided when it comes to describing usage-scenarios for infusion pumps, although I admit the descriptions do apply aptly to the specific type of pump mentioned, namely a PCA-pump. Whilst the author points out that hospitals will generally avoid making ethernet ports available left, right and center - and that may be true - the trend on intensive care units is very much toward networking all devices. If you imagine a busy ICU with 15 beds, each equipped with a ventilator and something like 12 infusion devices (and, in some case, additional equipment, such as dialysis devices, ECMO etc.) you can immediately see the advantage of networking those devices: automated documentation. In addition, alarms (patient inadequately ventilated, norepinephrine running low, potassium pump to be changed in 5 minutes etc...) can be displayed in a central nursing bay (already we can see the patients vitals on monitors throughout the ICU), streamlining some of the work on ICU. Networked pumps can also be updated remotely - a godsend when you need to add new drugs and standards to the internal list of available medications.

My personal experience is that the team in charge of implementing such changes on an ICU does not include an IT-security expert - and companies will happily tell you that there is no way a device can be controlled remotely. Less IT-savvy physicians (and that description will include many senior physicians, who did not grow up in an IT-environment) will be happy to believe such claims. Knowing that one pump on the market proves those claims wrong - and suspecting that many other pumps will too - should be worrying to anybody who uses networked pumps on an ICU - where pumps and drugs really are part of a life and death situation.

Of course we don't live in a world full of people who would like to kill indiscriminately - but some of those who are mad will find it rather easier to do so remotely than in person. I do very much agree with your third conclusion - IT-security needs to be a part of the stringent certification procedure for medical devices.

Anatomy of OpenSSL's Heartbleed: Just four bytes trigger horror bug

DaDoc
Black Helicopters

Client-side implications?

I'm a medical doctor, so trying to get my head around SSL is a bit o.t. to me...

What's the client-side implication of all this? Is changing passwords after the server-side certs have been renewed enough? Or are the libraries found in BYOD environments - what I'm saying is, is a leak inherently possible at either end, and equally dangerous?