Pretty scary stuff.Just so you know there are 400,000 of these devices around the globe and they apparently all use the same wifi keys. He managed to extract the wi-fi keys and re-flash the device so that he could remotely administer a lethal dose of the drug and print a message on the screen of the device saying DEAD. Or put another way, it doesn't matter what something is designed to do, it's what it can do that counts.A few months ago I heard about an employee of Blackberry who managed to hack a device that administers morphine to a patient. In my opinion the best hacks take hardware and its purpose, completely undo the meaning of it to elegantly create something new. Actually today's WIFI isn't all that different, it just operates at a much higher frequency. Well that was until now…Audio has of course been used in the past for digital data, modems, tone and pulse dials on your phone, most consoles of the 80's stored programs on cassettes. Conventional wisdom goes that such computers are impossible to hack unless the hacker has direct, physical access to the machine. The most secure computers in the world are completely isolated from other machines, protected by "air gaps," with no Internet connection, no shared phone lines, nothing. The paper goes on to describes that they managed to implement such a system using commercially available business laptops, and a protocol originally designed for underwater communication that can cope with acoustic interference. An article that was written about the paper says this. But what if this hardware could be used by multiple computers within close proximity to form a covert computer network? Most sound hardware can produce frequencies out of human hearing, operating systems haven't really focused on securing these devices. Sound hardware is generally only thought of as communication with the direct user. They proposed a way to create covert communication channels by making use of sound hardware. I just wanted to start with a couple of my favourite security items I’ve heard about fairly recently.Two German researchers published a paper called "On Convert Acoustical Mesh Networks in Air“.This presentation is a collection of some interesting things I've learnt on the journey to being more secure. So why am I talking about security?At Citrix we have, in the last couple of years been going through some internal security "attitude re-adjustments".(CLICK) Helix handles for us about 250 thousand commands per hour which is just short of 6M commands a day. (CLICK) We are holding about 3.5TB of data growing at around 300GB per year. (CLICK) We look after some 20 odd servers and run nearly 40 Helix repositories worldwide. (CLICK) The team is quite small and includes my team mate Erin and our manager both in our Fort Lauderdale campus in Florida, and I work in our Cambridge office in the UK. (CLICK) I've been using and administrating Perforce now Helix, for 15 years ever since I started my first job at Adobe straight out of university. (CLICK) Hi I'm Jason Leonard and I work in the Source Control team at Citrix.The fingerprint of the server of your P4PORT setting Ensure each machine runs only one service and runs it well.Don’t let your anti-virus scan your metadata. Don’t neglect the firewall on your servers.– If its not in three places it doesn't exist Disks can be stolen, or end up in the wrong hands.Ensure your data can cope with some hardware failure. Jason Leonard 15 years dealing with Perforce.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |