Craig Burton

Logs, Links, Life and Lexicon

Scary Stuff

Today I stumbled an extremely disturbing article that hit the mainstream. At least the “Wired” mainstream.

In early August, the enterprise security firm Armis got a confusing call from a hospital that uses the company’s security monitoring platform. One of its infusion pumps contained a type of networking vulnerability that the researchers had discovered in a few weeks prior. But that vulnerability had been found in an operating system called VxWorks—which the infusion pump didn’t run.

Today Armis, the Department of Homeland Security, the Food and Drug Administration, and a broad swath of so-called real-time operating system and device companies disclosed that Urgent/11, a suite of network protocol bugs, exist in far more platforms than originally believed. The RTO systems are used in the always-on devices common to the industrial control or health care industries. And while they’re distinct platforms, many of them incorporate the same decades-old networking code that leaves them vulnerable to denial of service attacks or even full takeovers. There are at least seven affected operating systems that run in countless IoT devices across the industry.

“It’s a mess and it illustrates the problem of unmanaged embedded devices,” says Ben Seri, vice president of research at Armis. “The amount of code changes that have happened in these 15 years are enormous, but the vulnerabilities are the only thing that has remained the same. That’s the challenge.”

Translation. This means that most systems that are used for your medical care are being hacked as I write this. If not now, soon.

Further, this is not a manageable problem. It gets scarier. If hospitals and ICR units were to throw out their existing hackable systems and replace the with BRAND NEW product. They would still be hackable. While there has been enormous change in the usability and the functionality of these devices in short periods of time, security is ALWAYS and after-thought. Nobody wants to pay for security. It should be included.

It’s not. It will never be.

It’s called Biohacking. Adding security to BioTech to prevent Biohacking ( and everything else) is an Identity Problem. We need and Identity Metasystem (as Phil Windley so articulately outlines.)

Here is the disconnect. Identity is complicated and highly political. All the big boys (Google, Microsoft, Apple, Facebook [I would add IBM but the don’t matter anymore]) want to “own” your identity. Silliness. It will never happen.

In the meantime, we are all at high risk.

You think Biotech is the only problem? Think again.

It goes on forever.

Try cell phone systems. Not cell phones. But cell phonetech. The towers. The system that your phone uses for seamless connectivity. It will be hacked. Not if. But when.

Seoul Smog

There is a serious smog problem in Seoul Korea. Sensitive to this issue since we live here in Seoul. ( I love it here, but the pollution scares me.)

I’ve been dismissing the masks being worn as useless. I decided I need to speak from real information not assumption.

NPR published a study in 2016 to show just how serious things are.

2016 Particulate Index

Koreans worry much more about environmental issues (air pollution is #1 concern) that danger from North Korea. In fact, North Korean threats rank #5 in importance. Seoul has 10.1m people in an area that covers 12% of South Korea. One of the most densely populated and homogeneous cities in the world. There are some 22.8m cars in Seoul. Korean car emissions and manufacturing produce the most harmful emissions in Seoul.

To contrast, there are barely 3m people total in the state of Utah. There 8.6m people living in New York City.

The bottom line is to be protected from air pollution in Seoul, you must wear a mask capable of filtering out what is referred in international standards as PM 2.5. (particles 2.5 microns or larger) The cheap face masks most people wear do not even meet the requirements for PM 10 (particles of 10 microns or larger and according to Reuters–only 32% of the particulates are being filtered. That’s whopping 68% leakage.

Hardly being protective. In general, my assumptions were correct. Most masks are not effective and are merely a weak fashion statement. But after doing this quick study, I learned there are affordable solutions. There are usable masks (more expensive but effective) that can meet the PM 2.5 specs.

Know Your Mask Effectiveness Index–N95 or better.

Make sure you have masks that have a rating of N95 or better.

1 2 3 13


July 2020