Links for 2017-07-06

  • The Guardian view on patient data: we need a better approach | Editorial | Opinion | The Guardian

    The use of privacy law to curb the tech giants in this instance, or of competition law in the case of the EU’s dispute with Google, both feel slightly maladapted. They do not address the real worry. It is not enough to say that the algorithms DeepMind develops will benefit patients and save lives. What matters is that they will belong to a private monopoly which developed them using public resources. If software promises to save lives on the scale that drugs now can, big data may be expected to behave as big pharma has done. We are still at the beginning of this revolution and small choices now may turn out to have gigantic consequences later. A long struggle will be needed to avoid a future of digital feudalism. Dame Elizabeth’s report is a welcome start.
    Hear hear.

    (tags: privacy law uk nhs data google deepmind healthcare tech open-source)

  • Why People With Brain Implants Are Afraid to Go Through Automatic Doors

    In 2009, Gary Olhoeft walked into a Best Buy to buy some DVDs. He walked out with his whole body twitching and convulsing. Olhoeft has a brain implant, tiny bits of microelectronic circuitry that deliver electrical impulses to his motor cortex in order to control the debilitating tremors he suffers as a symptom of Parkinson’s disease. It had been working fine. So, what happened when he passed through those double wide doors into consumer electronics paradise? He thinks the theft-prevention system interfered with his implant and turned it off. Olhoeft’s experience isn’t unique. According to the Food and Drug Administration’s MAUDE database of medical device reports, over the past five years there have been at least 374 cases where electromagnetic interference was reportedly a factor in an injury involving medical devices including neural implants, pacemakers and insulin pumps. In those reports, people detailed experiencing problems with their devices when going through airport security, using massagers or simply being near electrical sources like microwaves, cordless drills or “church sound boards.”

    (tags: internet-of-things iot best-buy implants parkinsons-disease emi healthcare devices interference)

  • Undefined Behavior in 2017

    This is an extremely detailed post on the state of dynamic checkers in C/C++ (via the inimitable Marc Brooker):

    Recently we’ve heard a few people imply that problems stemming from undefined behaviors (UB) in C and C++ are largely solved due to ubiquitous availability of dynamic checking tools such as ASan, UBSan, MSan, and TSan. We are here to state the obvious — that, despite the many excellent advances in tooling over the last few years, UB-related problems are far from solved — and to look at the current situation in detail.

    (tags: via:marc-brooker c c++ coding testing debugging dynamic-analysis valgrind asan ubsan tsan)

  • Talos Intelligence review of Nyetya and the M.E.Doc compromise

    Our Threat Intelligence and Interdiction team is concerned that the actor in question burned a significant capability in this attack.  They have now compromised both their backdoor in the M.E.Doc software and their ability to manipulate the server configuration in the update server. In short, the actor has given up the ability to deliver arbitrary code to the 80% of UA businesses that use M.E.Doc as their accounting software, along with any multinational corporations that leveraged the software.  This is a significant loss in operational capability, and the Threat Intelligence and Interdiction team assesses with moderate confidence that it is unlikely that they would have expended this capability without confidence that they now have or can easily obtain similar capability in target networks of highest priority to the threat actor.

    (tags: security malware nyetya notpetya medoc talos ransomware)

  • Use AWS WAF to Mitigate OWASP’s Top 10 Web Application Vulnerabilities

    ‘describes how you can use AWS WAF, a web application firewall, to address the top application security flaws as named by the Open Web Application Security Project (OWASP). Using AWS WAF, you can write rules to match patterns of exploitation attempts in HTTP requests and block requests from reaching your web servers. This whitepaper discusses manifestations of these security vulnerabilities, AWS WAF–based mitigation strategies, and other AWS services or solutions that can help address these threats.’

    (tags: security waf aws http owasp filtering)

  • welcome datacomp

    Some Mac third party keyboards used to (or maybe still do for all I know) have a little feature where if you didn’t type anything for a while they would themselves type ‘welcome datacomp’.
    (via RobS)

    (tags: via:rsynnott funny welcome-datacomp keyboards hardware fail ghost-typing haunted)

  • La història del gran tauró blanc de Tossa de Mar

    Amazing pic and newspaper report regarding a great white shark which washed up on the beach at Tossa de Mar in the Costa Brava in the 1980s

    (tags: tossa-de-mar costa-brava spain sharks nature great-white-shark 1980s history photos wildlife)

This entry was posted in Uncategorized. Bookmark the permalink. Both comments and trackbacks are currently closed.