IT Security Blog

The July 2008 edition of PC Magazine has a short story on page 92 titled "Hacked Through the Heart" which references a paper published at secure-medicine.org discussing the possibility of hacking the human body through wireless reprogrammable Implantable Medical Devices (IMDs) such as pacemakers.  These attacks could lead to effects such as changing the settings on the pacemaker or even disabling it entirely!  The paper also goes into detail as to how some of these attacks would take place.

Although the paper mentions that as of right now these are theoretical scenarios, the more important point to remember is that these IMDs are driven by software and "where there is software, there are vulnerabilities" and "where there are vulnerabilities, there will be exploits."  I could easily envision a scenario where this creates a Cyber Hitman of the Future where hits are carried out in such a way that they would be virtually untraceable and if executed correctly could have an elapsed time effect where the full damage of the attack may not materialize for days, weeks, or even months after it initially occurred.

On a lighter note, this certainly gives new meaning to the term "Insider Threat" (I'm funny on a Friday :) )

Last week I had the privilege of attending the 13th General MAAWG Meeting in Heidelberg, Germany (I serve as the co-chair of the Zombie/Botnet Subcommittee with my friend Ken Simpson from Mailchannels). 

The MAAWG conferences are a great opportunity to meet and talk with some of the best minds in the anti-spam industry, discuss anti-spam tactics, operational best practices (what works and what doesn't), how to be a responsible ESP, and many other topics.   Although MAAWG is largely run by ISPs, its mission is to also bring together both email senders as well as email receivers in a collaborative environment where both sides can attempt to work out best practice solutions so that senders can achieve better deliverability rates at the large mailbox providers, a constant struggle for ESPs.

If you are a messaging vendor or provider (and this includes both email filtering vendors as well as email senders) or an ISP, you are doing yourself a disservice by not becoming a member of an organization like MAAWG where ideas, practices and upcoming threats are shared that it is very likely you will not hear anywhere else. 

This has been an unpaid advertisement :)

Before I close, I'd be remiss if I didn't bring up something security related in this post.  So, I am standing in the security line at Denver International Airport about to go through the metal detector when the guy who was working behind the conveyor belt asks me and the woman behind me the standard "Any liquids, gels, or aerosols in your bag?" before our bags went into the X-Ray machine.  I just look at him and say "No", but the woman behind me responds with "Not that I know of."  Apparently this set off the ire of the TSA worker who immediately responded with "Not that you know of?!  Don't you know what is packed in your bags, ma'am?"  I'd never seen a TSA worker move so fast, but her bags were immediately yanked off of the conveyor, she was pulled out of line, and then was escorted by 2 TSA workers to wherever they take you likely to inspect every minute crevice of her bag. 

For all of the flack that the TSA gets for either bad procedures or lack of attention to detail, you would think that as a traveler it is also our responsibility to know the basic responses to the simple questions security officers may ask you.  The questions are neither tricky nor confusing.  I guess this woman had to learn the hard way...