Thank You for Cheating Volkswagen

Some people in Europe are seeing reason for optimism in the revelations of the cheating Volkswagen scandal, as mentioned on Green Comet a month ago.

VW emissions scandal could end up being a boon if it pushes governments and industry to reassess diesel’s impact honestly and move away from it altogether.

People living in London, Paris and Barcelona know firsthand how smelly and polluted their cities have become because of the number of diesel vehicles driving around.

Volkswagen is not the only culprit here. Most diesel cars from other manufacturers, such as Ford, Renault, Nissan, Citroen, Mercedes Benz, and Fiat also fail thorough emission tests.

Thank you for cheating, Volkswagen

Source: Thank you for cheating, Volkswagen

Some smart cars are diesel too, aren’t they?

rjb

Posted in Uncategorized | Leave a comment

Why Aren’t There Better Cybersecurity Regulations for Medical Devices

There are strict regulations for computing devices installed in our cars. Even stricter if they go into airplanes. Implantable devices that go in our bodies apparently don’t have the same level of protection. The manufacturers like to keep the details secret to protect their “intellectual property,” so in most cases we don’t even get to know exactly what is going in there. If there are any problems with security, they like to keep quiet about it to protect their reputation. If an outside researcher discovers a problem, they don’t want to hear about it.

More often than not, the response to the disclosure of a security vulnerability is not a gracious, “Thank you.” It is an impulse to punish. The ethical hackers who find and report flaws are often sued or arrested. It’s as if they’d rather hide the problem than fix it.

Fortunately, that seems to be changing.

This summer, the Food and Drug Administration warned hospitals to stop using a line of drug pumps because of a cybersecurity risk: a vulnerability that could allow an attacker to remotely deliver a fatal dose to a patient. SAINT Corporation engineer Jeremy Richards, one of the researchers who discovered the vulnerability, called the drug pump the “the least secure IP enabled device I’ve ever touched in my life.”

There is a growing body of research that shows just how defenseless many critical medical devices are to cyberattack. Research over the last couple of years has revealed that hundreds of medical devices use hard-coded passwords. Other devices use default admin passwords, then warn hospitals in the documentation not to change them.

A big part of the problem is there are no regulations requiring medical devices to meet minimum cybersecurity standards before going to market. The FDA has issued formal guidelines, but these guidelines “do not establish legally enforceable responsibilities.”

Source: Why Aren’t There Better Cybersecurity Regulations for Medical Devices? | Motherboard

Go to the Motherboard article for the full story.

rjb

Posted in Uncategorized | Tagged , | Leave a comment

The Lafayette Campaign

lafayette-campaign-book-cover

Review – The Lafayette Campaign – Andrew Updegrove

Available at Amazon in both digital and paper form. Link through the author’s site.

Author’s website.

AndrewUpdegrove

You might remember Andrew Updegrove from the post What is Open Source Pharma. His law firm works in that area, among others. Andrew also has a blog where he’s exploring “the evolving self-publishing labyrinth.” Part of his exploration is experimentation, where he tries various things and reports on the results. To give himself material to experiment with, he writes books. Today’s review is on one of those books.

The Lafayette Campaign is a thriller, the second in a series about Frank Adversego, a tech prodigy who uses his skills to stop nefarious plots. The first book is called The Alexandria Project. From the description of The Lafayette Campaign:

America is rushing headlong into another election year, but something is wrong – the polls don’t match reality. It’s up to cybersecurity super sleuth Frank Adversego to find the Black Hats who are trying to hack the presidential election, and stop them before they do.

Frank Adversego is a grumpy middle-aged man. When we meet him, he’s on the road looking for some isolated wilderness where he can get some writing done. His quest for freedom from people and their annoying demands is frustrated, first by an attractive French woman with a broken bicycle wheel, then by government agents in a helicopter. He wants to tell them to get lost. He’s done being a hero. But they know his weakness. He can never resist the urge to solve an interesting problem. In this case, someone is spoofing poll results, which is threatening to have the wrong person nominated to run for President. And there’s nothing to suggest that they won’t so the same for the election.

Updegrove has written a thriller, but that doesn’t stop him from presenting it with a cheeky sense of humor. His protagonist’s disdain for the antics of politicians and those who report on them is demonstrated with vivid clarity. In fact, Frank is an intellectual with an obvious contempt for fools. Even sports aren’t safe, as shown in his opinion of hockey.

The book is written from the omniscient point of view, so we learn all the characters’ motives first-hand. That can be tricky, but Updegrove manages to pull it off. I found some examples of dialog that felt forced, as if he wedged in too much to be sure he told it all. And I found some of the descriptive passages to be too wordy, as if he was indulging a love affair with words. The book would benefit from some ruthless trimming.

These cavils aside, I can still recommend Andrew Updegrove’s The Lafayette Campaign. As it says in the description:

The Lafayette Campaign provides a satirical take on American politics and our infatuation with technology that will make readers pause and wonder: could this really happen?

All this and some lessons in computer security too.

rjb

Posted in Uncategorized | Tagged | Leave a comment