An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Page 2 of 4 1 2 3 4
Re: Internet of Things security: Don't drive that jeep
grelber #35539 08/16/15 11:24 AM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
Originally Posted By: grelber
Still no idea how to foil fridge trackers/hackers.

Cool your beer in a bucket of ice.


ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: Internet of Things security: Don't drive that jeep
ryck #35541 08/16/15 04:26 PM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
Originally Posted By: ryck
Cool your beer in a bucket of ice.

No beer. Only wine (at basement temp) ... so no need there.

But I'd still like to know if there's any way to foil the fridge trackers/hackers.
In places like mid-Florida where nasty weather events present major problems for sensitive components and heavy-duty surge suppressors and the like are necessary to protect the investment, the capability of the product to be hacked just adds insult to injury.

Re: Internet of Things security: Don't drive that jeep
grelber #35542 08/16/15 07:31 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
It's the perverbial ghost in the machine.
Don't they make cheap, 'analog' refrigerators anymore?

http://www.rt.com/usa/hack-refrigerator-home-appliances-747/

Re: Internet of Things security: Don't drive that jeep
grelber #35543 08/16/15 07:34 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: grelber
So on a practical level ...
• Pull the GPS fuse in the car. Any others to foil the trackers/hackers?
• Unplug the toaster after each use. (A good idea anyway, especially if you have a pet that likes to counter graze.)
• Refuse Internet-enabled drug pumps.

Because there are devices that can effect any computer device in a car whether or not the device is internet enabled, and some communications/tracking devices such as OnStar are carefully designed so that they cannot be disconnected you would have to disconnect the battery instead. Of course that would make the motor vehicle inoperative, but it would be safe from tracking and computer exploits.

Instead of a toaster you could use a long fork and a charcoal grill.

I just spent a few days in the hospital and I guarantee everything there was directly or indirectly — mostly directly — computer controlled. When the computer system crashed, for several hours they were unable to dispense or administer any medication, monitor heart and other critical care patients, take vital signs, admit or discharge patients, feed patients, accept or access Doctor's orders for patient care, perform laboratory work, read radiology studies, etc. The Emergency Department began running out of ready supplies and began taking steps to divert ER patients to other hospitals when the computers finally got back up. It took another several hours to clear the backlog that built up during the computer outage. The lesson here would be if you want to avoid the possibility of someone hacking into your medical system, move to a third world nation.

As for the fridge trackers/hackers buy your next computer from the junkyard and be sure it was built in the previous century.

Oh yes, be sure and turn off your HVAC, telephones, cable or satellite TV, burglar alarm system, lawn sprinkler system, home automation systems, etc., etc., etc.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Internet of Things security: Don't drive that jeep
joemikeb #35544 08/16/15 07:47 PM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
Originally Posted By: joemikeb
... Oh yes, be sure and turn off your HVAC, telephones, cable or satellite TV, burglar alarm system, lawn sprinkler system, home automation systems, etc., etc., etc.

And they said life would be easier. They forgot to mention scarier.
Going off the grid is looking better and better.

Re: Internet of Things security: Don't drive that jeep
grelber #35545 08/16/15 08:28 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Security updates for refrigerators?

Joemikeb, how was your hospital stay any different than one in a third world country?

Last edited by slolerner; 08/16/15 08:31 PM. Reason: More
Re: Internet of Things security: Don't drive that jeep
slolerner #35550 08/16/15 10:19 PM
Joined: Aug 2009
Likes: 1
tacit Offline OP
OP Offline

Joined: Aug 2009
Likes: 1
The 800-pound gorilla is the strongest, or largest, person or group or company or whatever in a particular niche. Amazin is the 800-pound gorilla of online retailing.

An elephant in the room is a large thing that nobody is acknowledging or talking about.

A white elephant is a gift (or, in more general use, a project) whose upkeep is ruinously expensive; being given a white elephant means being given a gift that will destroy you in the maintenance. (There is a tale that the Kings of Siam would give a white elephant as a gift to people he did not like, in order to ruin them--it was expensive to maintain them, but would show disrespect to the king if they tried to pass it on to someone else.)


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: Internet of Things security: Don't drive that jeep
slolerner #35554 08/16/15 10:55 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: slolerner
Joemikeb, how was your hospital stay any different than one in a third world country?

For one thing my hospital stay here was probably many times more expensive than it would have been in most third world hospitals. All the rooms in the hospital here are private rooms each with its own bathroom and cable television while in third world countries the norm is a ward.

I was continuously monitored through a wireless connection to the central monitoring station no matter where I was on the campus, while third world monitoring norm is more likely limited to a stethoscope around the neck of the attending nurse or physician. Very few third world hospitals could afford the CT scanner, Nuclear scanner, cardiac sonography, and gadgetry, I was tested with nor would they likely have been equipped to do the nuclear stress test of the heart. (I have never been fond of treadmill stress testing but chemical stress testing is a bit scary.) That is not to say that such equipment is unknown in the third world, but it is not the standard of practice as it is here. (Truth be known it may not be the "standard of practice" in some small town hospitals less than 100 miles from here.)

As far as the qualifications of the physicians in attendance of the approximately two dozen hospitalists on staff all but four or five of them are of East Asian, Pakistani, and Sikh background and I presume training. My personal physician is from India, and the attending cardiologist from Eastern Europe. The ER doctor is from Austin, Texas (and Austin is sometimes weird enough to be like another country grin) . So they would be equally qualified whether they were practicing here, in India, Thailand, or wherever. The nurses I came in contact with were all trained either at Tarrant County Community College or Texas Women's University (one of the finest nursing schools in the country). They were uniformly great but I have no standard of comparison between them and nurses in third world situations although in some countries nursing care would have been the duty of my family and not a professional nurse.

Whether the treatment was better or worse than a third world country would provide is arguable. It was definitely more comfortable and probably resulted in a more definitive diagnosis. In my case it turns out the heart was definitely not the cause of the shortness of breath and chest pains. As it is my condition is currently classified as a "mystery" so my odds for full recovery would have been the same in either realm - unless a doctor going solely on the presenting symptoms had decided to perform a needless surgery.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Internet of Things security: Don't drive that jeep
joemikeb #35557 08/16/15 11:32 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted By: slolerner
Joemikeb, how was your hospital stay any different than one in a third world country?

Originally Posted By: joemikeb
I was continuously monitored through a wireless connection to the central monitoring station....

Originally Posted By: joemikeb
When the computer system crashed, for several hours they were unable to dispense or administer any medication, monitor heart and other critical care patients, take vital signs, admit or discharge patients, feed patients, accept or access Doctor's orders for patient care, perform laboratory work, read radiology studies, etc. The Emergency Department began running out of ready supplies and began taking steps to divert ER patients to other hospitals when the computers finally got back up. It took another several hours to clear the backlog that built up during the computer outage.

Did they revert to blood-letting?

Last edited by artie505; 08/17/15 12:13 AM. Reason: Add quote

The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Internet of Things security: Don't drive that jeep
artie505 #35560 08/17/15 01:16 AM
Joined: Aug 2009
Offline

Joined: Aug 2009
Glad you're ok. Was just stunned that the system at the hospital was so fragile that there was no delivery of medical care possible when it failed.

Re: Internet of Things security: Don't drive that jeep
slolerner #35561 08/17/15 01:29 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
I'm having trouble believing that there was a 100% lack of redundancy! confused

They could have had a building full of flat-liners and not known for hours. crazy


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Internet of Things security: Don't drive that jeep
joemikeb #35562 08/17/15 07:33 AM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
Originally Posted By: joemikeb
Whether the treatment was better or worse than a third world country would provide is arguable. It was definitely more comfortable and probably resulted in a more definitive diagnosis. In my case it turns out the heart was definitely not the cause of the shortness of breath and chest pains. As it is my condition is currently classified as a "mystery" so my odds for full recovery would have been the same in either realm - unless a doctor going solely on the presenting symptoms had decided to perform a needless surgery.

This sounds eerily similar to my own situation. For over a decade I've been experiencing exertional/exercise dyspnea (shortness of breath) with concomitant retrosternal chest pain. All manner of stress testing and other diagnostic modalities effectively ruled out cardiovascular and pulmonary causes. So I carried on without definitive diagnosis.
Whatever is going on remains a "mystery". It'd be nice to know how many are in a similar diagnostic limbo. At least it might provide perspective to resolve the issue(s).

Re: Internet of Things security: Don't drive that jeep
slolerner #35567 08/17/15 12:26 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: slolerner
Glad you're ok. Was just stunned that the system at the hospital was so fragile that there was no delivery of medical care possible when it failed.

Originally Posted By: artie505
I'm having trouble believing that there was a 100% lack of redundancy! confused

They could have had a building full of flat-liners and not known for hours. crazy

I have reason to believe they did have physical redundancy. The problem resulted from the hospital's use of a very sophisticated integrated patient management system that ties everything together. As with any properly designed database system any given piece of information occurs once and only once in the entire system. So if, for example, the patient database subsystem crashes the patients cease to exist in the system so medication cannot be ordered or approved for non-existent patients, heart monitors would know someone somewhere in the hospital was in trouble, but who and where would be a mystery so the staff would have had to sprint from room to room to locate the patient in trouble. The biggest problem in this case was the inability to provide or administer the proper medications. The efforts to prevent incorrect patient medication (an all too frequent problem in hospitals) created a huge problem in this case.

I suspect the failure in this case was the result of a failed upgrade and it was deemed moore expedient to back out the change rather than bring a parallel system on line. It would probably be possible to mitigate the risk through system design changes, but the cost would be enormous and not justifiable on a cost/benefit analysis.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Internet of Things security: Don't drive that jeep
grelber #35568 08/17/15 12:33 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: grelber
This sounds eerily similar to my own situation. For over a decade I've been experiencing exertional/exercise dyspnea (shortness of breath) with concomitant retrosternal chest pain. All manner of stress testing and other diagnostic modalities effectively ruled out cardiovascular and pulmonary causes. So I carried on without definitive diagnosis.
Whatever is going on remains a "mystery". It'd be nice to know how many are in a similar diagnostic limbo. At least it might provide perspective to resolve the issue(s).

Well at least we know we are not alone in this.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Internet of Things security: Don't drive that jeep
joemikeb #35571 08/17/15 01:03 PM
Joined: Aug 2009
Likes: 2
Offline

Joined: Aug 2009
Likes: 2
My wife has shortness of breath. One specialist diagnosed asthma and another one CPOD. This was determined by x-ray. I'm surprised no-one mentioned these quite common ailments. The treatment consists of advair, atrovent and ventrolin at various times of the day. Theses are puffers as you know. jaybass


OS 13.6.4 iMac (Retina 5K, 27", 2017, 3.4 GHz Intel Core i5, 24 GB RAM, 2400 MHz DDR4. SuperDuper. 1 TB Lacie HD
Re: Internet of Things security: Don't drive that jeep
jaybass #35574 08/17/15 02:45 PM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
Originally Posted By: jaybass
My wife has shortness of breath. One specialist diagnosed asthma and another one [COPD]. This was determined by x-ray. I'm surprised no-one mentioned these quite common ailments. The treatment consists of advair, atrovent and ventrolin at various times of the day. Theses are puffers as you know. jaybass

Not mentioned because ruled out.

Re: Internet of Things security: Don't drive that jeep
jaybass #35576 08/17/15 02:54 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: jaybass
My wife has shortness of breath. One specialist diagnosed asthma and another one CPOD. This was determined by x-ray. I'm surprised no-one mentioned these quite common ailments. The treatment consists of advair, atrovent and ventrolin at various times of the day. Theses are puffers as you know. jay bass

thanks for the thought, but my recent episode was more typical of a pulmonary embolism and I have a history of DVTs and the resulting PEs.

All my life I have been treated for allergies with little success but recently, on an impulse, I started seeing a classically trained acupuncturist who specializes in allergies. His diagnostic methods seem like voodoo to my western sensibilities and I cannot explain why needles stuck in my ankles, arm, and occasionally scalp relieve allergic symptoms — but they seem to be working and I have been able to throw away my puffers. I do not claim to be cured, but my wife assures me I am remarkably improved. smile

Of course this is not covered by insurance but your wife might want to consider it as an alternative. My acupuncturist says you should know within one or two treatments if acupuncture is going to help you.

Note: MDs, DOs, and Chiropractors can be licensed to perform acupuncture with only 100 hours of training. When I say a "classically trained" acupuncturist that involves 9 years or more of acupuncture school and residency (about the same as required for an MD or DO).


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Internet of Things security: Don't drive that jeep
tacit #35577 08/17/15 02:59 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Originally Posted By: tacit
I have no idea why someone thought it would be a good idea to connect the computer that runs the engine and brakes directly to the computer that runs the entertainment system. It must've seemed reasonable at the time.

Its like the PCI bus in a computer. Who compartmentalizes things there? It's just one piece of internal equipment communicating on a commom bus with another piece of equipment, in the same self-contained area.

Then some yutz decides to add a way to remotely get on that network for diagnostics, Onstar, or whatever. The consequences of this combination aren't taken into account.

It's no different than Windows for Workgroups meets "your office just got on the internet". Wait, what? Now the world can access all of our computers now?" yes, they can. Maybe you ought to think that through and add some security before you plumb that line in from the world?

The problem is the guy that designed the brakes didn't consider the possibility the communication channel he was going to use to talk with the car's computer would be on a wide area network, and the people that connected up the wide area network didn't consider that the brakes would be using it too. Too many people, too many departments, too much compartmentalization, insufficient communication, insufficient centralized planning.


I work for the Department of Redundancy Department
Re: Internet of Things security: Don't drive that jeep
Virtual1 #35579 08/17/15 04:25 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Originally Posted By: tacit
I have no idea why someone thought it would be a good idea to connect the computer that runs the engine and brakes directly to the computer that runs the entertainment system. It must've seemed reasonable at the time.

I think health care facilities get sold a package of integrated software and hardware, especially if it was 'state of the art' as joemikeb describes. The people buying it are impressed by the efficiency, don't understand programming, but see a lot of expensive hardware and feel they got value for their money. It seems to me the money was put in the wrong place because of a marketing decision. The programming was just to tie all the hardware together. Bean counters don't want to pay extra for things they can't see, but I bet they were angry when they spent all that money on all this expensive 'hardware' and then had a catastrophic failure.

Re: Internet of Things security: Don't drive that jeep
Virtual1 #35580 08/17/15 04:25 PM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
Originally Posted By: Virtual1
It's no different than Windows for Workgroups meets "your office just got on the internet". Wait, what? Now the world can access all of our computers now?" yes, they can. Maybe you ought to think that through and add some security before you plumb that line in from the world?
The problem is the guy that designed the brakes didn't consider the possibility the communication channel he was going to use to talk with the car's computer would be on a wide area network, and the people that connected up the wide area network didn't consider that the brakes would be using it too. Too many people, too many departments, too much compartmentalization, insufficient communication, insufficient centralized planning.

It all boils down to the adage: Stupid is as stupid does.
While behaving stupidly doesn't necessarily imply constitutional stupidity, in such cases it sure seems to.

Re: Internet of Things security: Don't drive that jeep
slolerner #35585 08/17/15 06:13 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: slolerner
I think health care facilities get sold a package of integrated software and hardware, especially if it was 'state of the art' as joemikeb describes. The people buying it are impressed by the efficiency, don't understand programming, but see a lot of expensive hardware and feel they got value for their money. It seems to me the money was put in the wrong place because of a marketing decision. The programming was just to tie all the hardware together. Bean counters don't want to pay extra for things they can't see, but I bet they were angry when they spent all that money on all this expensive 'hardware' and then had a catastrophic failure.

In defense of the hospitals the integrated data systems are a highly effective defense against all too frequent medical mistakes that at best cost literally billions of dollars in insurance premiums and drive up medical costs and at worst result in unnecessary injury or death of patients. Hospitals are, by their very nature risky places to be, but these systems do help mitigate some of that risk. In my recent hospitalization I saw countless examples of that risk mitigation at work and I was impressed and happy to see it at work. Of course that very integration introduces other risks. As has been so often postulated, "There aint no free lunch.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Internet of Things security: Don't drive that jeep
joemikeb #35587 08/17/15 09:04 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Originally Posted By: Grelber
It all boils down to the adage: Stupid is as stupid does.
While behaving stupidly doesn't necessarily imply constitutional stupidity, in such cases it sure seems to.

One of the largest, most modern hospitals here is right on the East River. So is the power plant that supplies the East Side, about 20 blocks away from the hospital. The hospital's emergency generators were in the basement. Then Hurricane Sandy hit....

Re: Internet of Things security: Don't drive that jeep
slolerner #35588 08/17/15 10:18 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: slolerner
One of the largest, most modern hospitals here is right on the East River. So is the power plant that supplies the East Side, about 20 blocks away from the hospital. The hospital's emergency generators were in the basement. Then Hurricane Sandy hit….
If we listen to the presidential candidates and choose not to believe the climatologists when they talk about global warming and rising sea levels it won't happen — or will it? confused


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Internet of Things security: Don't drive that jeep
joemikeb #35589 08/17/15 10:58 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Another elephant in the room. And I thought they were vanishing. They're in rooms.

http://www.nycaviation.com/newspage/wp-c...630-620x413.jpg

Last edited by slolerner; 08/17/15 11:21 PM. Reason: More
Re: Internet of Things security: Don't drive that jeep
joemikeb #35592 08/17/15 11:42 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted By: joemikeb
It would probably be possible to mitigate the risk through system design changes, but the cost would be enormous and not justifiable on a cost/benefit analysis.

That sounds like a hospital administrator, NOT a patient, talking!

Are hospitals really run on a basis that puts money ahead of life on their "To Save" lists?

I prefer the military theory of procurement you described here, which, although it sounds extreme, at least makes some sense.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Page 2 of 4 1 2 3 4

Moderated by  alternaut, cyn 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.073s Queries: 65 (0.059s) Memory: 0.7254 MB (Peak: 0.9126 MB) Data Comp: Zlib Server Time: 2024-03-28 20:47:50 UTC
Valid HTML 5 and Valid CSS