The University of Michigan will be among the first to offer graduate students the opportunity to study the security of advanced medical devices. The course, EECS 598-008 “Medical Device Security” will teach graduate students in UMich’s Electrical Engineering and Computer Science program “the engineering concepts and skills for creating more trustworthy software-based medical devices ranging from pacemakers to radiation planning software to mobile medical apps.” It comes amid heightened scrutiny of the security of medical device hardware and software, as more devices connected to IP-based hospital networks and add wireless monitoring and management functionality. The new course comes amid rapid change in the market for sophisticated medical devices like insulin pumps, respirators and monitoring stations, which increasingly run on versions of the same operating systems that power desktops and servers. In 2011, the US Food and Drug Administration (FDA) reported that software failures were the root cause of a quarter […]
Search Results for "Apt"
Making It Official
For those of you who have been regular visitors to this site over the past few months, this post might seem a bit strange. I’m taking the opportunity today to officially launch The Security Ledger: a security news website dedicated to covering the rapidly expanding landscape of the IT security space. Yes – I know: Security Ledger has been publishing regularly since late August. But think of that kind of like one of Google’s interminable “beta” periods, in which you keep expectations low and shake out all the bugs before making it official. So what’s this all about? With help from our sponsors, Qualys Inc. and Veracode, The Security Ledger is dedicated to covering the vastly expanding cyber security landscape. As more and more elements of our daily lives join the “Internet of Things,” The Security Ledger offers original reporting and curated news from the front lines, including coverage of mobile devices, intelligent consumer […]
Rush Job: Oracle Releases Fix For Critical Java Bug
Oracle Corp. has rushed out an update for its Java Standard Edition software after malicious hackers jumped on a security hole in widespread, web-based attacks. Oracle released Java Standard Edition Update 11 on Sunday, less than a week after news first broke that cyber criminals had woven exploit code for the security hole into push button “exploit kits” that are for sale in the cyber underground. The update fixes CVE-20130-0422, and Oracle urged Java users to apply the update as soon as possible. Java technology powers billions of laptop and desktop computers, as well as smart phones and embedded devices. However, the platform has been the subject of repeated, critical security holes. Most recently, in August, Oracle was forced to rush out a similar update – Java Standard Edition Update 10 – in the face of similar attacks on another security hole. Attacks using the exploit were reported to be […]
Does Your LinkedIn Profile Hold The Key To Your Password?
Say what you want about social media. The bare fact is that folks use it – more of them every day. In fact, social media sites like Facebook, Twitter and YouTube are growing – quickly – and have come to define our modern online experience. That said: the sites represent a huge security risk. Sites like Facebook, Twitter and Instagram are increasingly used as platforms to circulate scams and malicious links. A larger and more nebulous threat is posed by all the information that organizations and their workers are spilling online. It’s already common knowledge that hackers and other “bad guys” comb through worker profiles or LinkedIn, Facebook and other sites to help craft targeted attacks. But could your social networking profile provide more useful information – like your password? Independent security researcher Itzik Kotler thinks so. Kotler is the creator of Pythonect, a new, experimental dataflow programming language based […]
Council of Foreign Relations Hackers Also Hit US-based Turbine Maker
The web site of the Council of Foreign Relations (CFR) may not have been the only target of sophisticated attackers who used a previously unknown (“zero day”) vulnerability in Microsoft’s Internet Explorer web browser to compromise the computers of those who visited the site, a new report claims. Eric Romang, a Luxembourg-based security expert at the firm Zataz.com said that he has discovered an almost identical compromise to the CFR hack on the web site of Capstone Turbine Corporation, a California-based manufacturer of small, energy-efficient power turbines. His investigation uncovered malicious files similar to those used on the CFR site that were used to launch a so-called “heap spray” attack against visitors using the Internet Explorer web browser, triggering the zero day vulnerability. Romang was among the first to isolate the script used to launch the drive by download attack used on the CFR web site. Writing on Wednesday, he said […]
