Podcasts about medsec

Phil Englert is the Director of Medical Device Security at Health ISAC. Phil is an experienced professional well versed in building and sustaining Medical Device Cybersecurity programs in healthcare. He has held key positions at MedSec, Deloitte, and Catholic Health Initiatives. We sat down with him to discuss the challenges, trends, and outlooks in today's medical device cybersecurity world.

Robert Bryan, FounderRobert Bryan co-founded Karate Combat, the world's premier striking league in combat sports. Prior to founding Karate Combat, Robert founded and served as CEO of global medical device cybersecurity leader MedSec. Previously, Robert worked at a number of investment funds where he managed everything from investment stakes in large technology companies to investments in smaller companies including Virgin America where he was instrumental in the airline's initial funding. He began his career in Investment Banking at Goldman Sachs.Links:https://www.karate.com/ https://www.youtube.com/KarateCombat https://twitter.com/karatecombat https://www.facebook.com/KarateCombatOfficial https://www.instagram.com/karatecombat/ https://discord.gg/EuKrxxbQfX *Disclaimer. Richard Carthon is the Founder of Crypto Current. All opinions expressed by members of the Crypto Current Team, Richard or his guest on this podcast are solely their opinions and do not reflect the opinions of Crypto Current. You should not treat any opinion expressed by Richard as a specific inducement to make a particular investment or follow a particular strategy but only as an expression of his opinion. This podcast is for informational purposes only.~Put your Bitcoin and Ethereum to work. Earn up to 12% interest back with Tantra Labs~New to crypto? Check out our Crypto for Beginners Step-by-Step Guide to Crypto Investing~Follow us on Youtube, Twitter, Instagram, Facebook, LinkedIn, & Tik Tok~Want to make ~$25+ a month for FREE? Sign up to get a FREE emrit.io Coolspot today! ~Want to learn more about cryptocurrency? Check out our educational videos today!~Swan is the easiest and most affordable way to accumulate Bitcoin with automatic recurring purchases. Start your plan today and get $10 of free Bitcoin dropped into your account.~Want access to cool crypto/blockchain projects that you can use immediately? Check out our partnerships page! ~Looking to attend a cryptocurrency or blockchain event? Check out our events...

International hackers are increasingly turning their attention to hospitals and manufacturers of medical devices, attacks that not only cost them ransom money, but also jeopardise patient privacy and even surgical procedures. While technological breakthroughs in medicine has revolutionised the way patients are diagnosed and treated, the proliferation of medical devivces connected to hospital networks offer cyberattackers new opportunities to access healthcare organisations IT systems. While deeply concerning for patients and staff, the consequences of malware and ransomware attacks on hospitals can also be fatal. Justine Bone, a New Zealander based in the US, is at the forefront of medical cybersecurity. She's the CEO of a private company called MedSec based in Florida. It offers hospitals a way to manage the security of every medical device they own.

On this episode of the IoT: The Internet of Threats podcast, Health-ISAC's Errol Weiss (Chief Security Officer) and Phil Englert (Director of Medical Device Security) join podcast host Eric Greenwald to discuss the rising stakes of medical device cybersecurity, the growing role of government in regulating cybersecurity controls in healthcare, and how Health-ISAC fits into the picture.    Interview with Errol Weiss and Phil Englert:    Prior to his role as Chief Security Officer of Health-ISAC, Errol served in several SVP-level positions at Bank of America, focusing on cybercrime, fraud prevention, business process cyber assessments, and threat analytics and information sharing. Earlier in his career, he held key positions at Citigroup and SAIC. Errol also served on the Board of the Financial Services ISAC during the 2010s.    Before joining Health-ISAC as Director of Medical Device Security, Phil served as Chief Product Officer at MedSec and was responsible for product management, new business development, and process improvement. Prior to MedSec, Phil served in a variety of roles at Deloitte, Novasano, MDISS (Medical Device Innovation Security and Safety), and Catholic Health Initiatives.    Health-ISAC (also referred to as H-ISAC) is a global, non-profit organization that offers healthcare security stakeholders actionable data in a trusted community.    In this interview, Eric, Errol, and Phil discuss: What is an ISAC and what does the H-ISAC do?  The government's increased appetite for cybersecurity regulation (with a focus on medical device security)  How to protect against attacks with tens of thousands of different medical devices made by a wide array of different manufacturers and that do different things The importance of having visibility into the components that make up those thousands of medical devices Whether the SBOM (Software Bill of Materials) is ready to be a key control in the healthcare cybersecurity ecosystem    Find Errol and Phil on LinkedIn   Errol Weiss: https://linkedin.com/in/errolweiss/   Phil Englert: https://www.linkedin.com/in/phil-englert-2642724   Learn more about Health-ISAC by visiting https://h-isac.org/.   Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.   If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.   To learn more about building a robust product security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/.

In this episode of the podcast (#238) we speak with Daniel Brodie, the CTO at the firm Cynerio. about his firm's discovery of a string of critical security flaws in an autonomous medical robot, TUG, that is already deployed in hundreds of clinical settings and the growing issue of medical device insecurity and cyber risks to healthcare providers. The post Episode 238: Robots Are The Next Frontier In Healthcare Cyber Risk appeared first on The Security Ledger with Paul F. Roberts. Click the icon below to listen. Related StoriesFeel Good Ukraine Tractor Story Highlights Ag Cyber RiskEpisode 235: Justine Bone of MedSec on Healthcare InsecurityEpisode 241: If Its Smart, Its Vulnerable a Conversation with Mikko Hyppönen

Topping this week's Source Code podcast, Lenovo released security updates addressing vulnerabilities related to Unified Extensible Firmware Interface (UEFI) firmware drivers in its products. Also, the U.S. government warned of recent Lazarus APT campaigns  and the BlackCat ransomware-as-a-service. Finally, Decipher this week talked to Justine Bone, CEO of MedSec, about the challenges of securing medical devices.

Justine Bone, CEO of MedSec, discusses the security threats that hospitals and healthcare providers face, and the challenges of securing medical devices. 

In this episode of the podcast (#235) Justine Bone, the CEO of Medsec, joins Paul to talk about cyber threats to healthcare organizations in the age of COVID. Justine's firm works with hospitals and healthcare organizations to understand their cyber risk and defend against attacks, including ransomware. The post Episode 235: Justine Bone of MedSec on Healthcare Insecurity appeared first on The Security Ledger with Paul F. Roberts. Click the icon below to listen. Related StoriesEpisode 238: Robots Are The Next Frontier In Healthcare Cyber RiskFeel Good Ukraine Tractor Story Highlights Ag Cyber RiskEpisode 241: If Its Smart, Its Vulnerable a Conversation with Mikko Hyppönen

Justine Bone, CEO of MedSec, is today's guest on the Cyber Security Matters podcast, hosted by Dominic Vogel.  Justine Bone is CEO of cyber-security company MedSec, a vulnerability research and security solutions company focused on medical devices and healthcare systems. Justine is a seasoned information technology and security executive with a background in software security research, risk management, information security governance, and identity management. Established in 2016, MedSec is the first and only cyber security organization formed exclusively to serve the healthcare industry. MedSec brings cutting edge security services, solutions, and products to healthcare manufacturers and providers.  During this conversation we will talk about: -Why legacy technology is an issue in the healthcare industry -What challenges patients with smart devices are facing  -How the pandemic has impacted Telehealth and what is to come -Where due diligence is lacking within the healthcare industry  Want to connect with Justine? Here are a couple of ways that you can do exactly that: -Website: www.medsec.com -LinkedIn:@JustinBone

Caston Thomas has a new role at a healthcare cybersecurity company called MedSec. He joins Bob and Randy to discuss the Colonial Pipeline ransomware and other tech news stories.

Caston Thomas has a new role at a healthcare cybersecurity company called MedSec. He joins Bob and Randy to discuss the Colonial Pipeline ransomware and other tech news stories.

Mixtape: The Year that Was: 2019 Volume One     We had quite a year here on the InSecurity podcast. From the opening bell of the year through RSA and SXSW then onto Hacker Summer Camp before closing out the year in DC with ICIT surrounded by the movers and shakers of cybersecurity in the Federal Government, we have had the enormous good fortune to speak with some of the most interesting people in our industry…   What did we learn? Take a listen and find out for yourself   Kip Boyle: Cybersecurity is a Business Problem, not a Technical Problem… How can companies reconcile the two? Marcus Carey: A young veteran with top security clearance… who faced a job market that knew exactly how much he had been paid… what now? Stephanie Domas: What are the unique issues we face securing medical devices? Greg Silberman: Are Privacy, Secrecy and Security the same thing? John Strand: What Security buzzwords need to be retired? Rob Capps: From Napster to Gnutella to Bit Torrent… How has the revolution started by Napster changed not just music, but the world at large? Kim Crawley: Autism… truths, misconceptions and the need for a diversity of brains in this world Richard Stiennon: Documenting the entirety of the Cybersecurity Industry for the first time   (yes, that is a MiniDisc)   About Matt Stephenson       Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Security Technology team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of InSecurity podcast and video series at events all over the world.   Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come   Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line.   Can’t get enough of Insecurity? You can find us at ThreatVector InSecurity Podcasts, Apple Podcasts and GooglePlay as well as Spotify, Stitcher, SoundCloud, I Heart Radio and wherever you get your podcasts!   Make sure you Subscribe, Rate and Review

Stephanie Domas is Vice President of research and development at MedSec where she lead Cyber security products and services to support hospitals as well as medical device manufacturers on the design verification, security risk management and penetration testing in the development of medical devices.   CONNECT with Stephanie HERE LISTEN to Stephanie's TEDx talk HERE   BeTheTalk is a 7 day a week podcast where Nathan Eckel chats with talkers from TEDx & branded events. Tips tools and techniques that can help you give the talk to change the world at BeTheTalk.com !

Stephanie Domas is Vice President of research and development at MedSec where she lead Cyber security products and services to support hospitals as well as medical device manufacturers on the design verification, security risk management and penetration testing in the development of medical devices.   CONNECT with Stephanie HERE LISTEN to Stephanie's TEDx talk HERE   BeTheTalk is a 7 day a week podcast where Nathan Eckel chats with talkers from TEDx & branded events. Tips tools and techniques that can help you give the talk to change the world at BeTheTalk.com !

Stephanie Domas: Maybe Your Pacemaker Can’t Kill You  Being a CISO for a large healthcare organization has a degree of difficulty that will give you a headache. For a second… forget about the fact that hospitals are here to heal, cure and research. Take a cold, clinical look just at the medical technology involved in a hospital Let’s look at one Healthcare org as an example: The Mayo Clinic has 25,000 networkd medical devices More than 6,000 unique makes and models Industry Best Practices states that each device should have A unique 20 character password For every employee On every device A system that locks users out after 10 minutes of inactivity A new passwords every 30 days Mayo Clinic has 63,000 doctors, and allied health staff Do the math... That’s around 19,000,000,000 passwords to be entered. And that’s assuming no one is automatically logged out after 10 minutes of inactivity. In the healthcare industry, inefficiency can cost lives. But so can a lack of security. In this week’s episode of InSecurity, Matt Stephenson talks with Stephanie Domas. Stephanie is the Vice President of Research & Development at MedSec. Her job is to oversee the design and manufacture of connected medical device solutions that save lives, but are also secure. File this one under “be careful what you wish for.” About Stephanie Domas Stephanie Domas is a driven leader and respected industry authority in healthcare, and device cybersecurity. Her passion for cybersecurity, secure product design, and healthcare has earned her industry recognition and presentations at dozens of cybersecurity and healthcare conferences.  In her current role as Vice President of Research & Development at MedSec she leads business strategy, engineering and research teams to deliver service and product offerings that help the Healthcare community meet the unique challenges of cybersecurity in medical devices. Her current focus is leading product cyber security teams, software development teams, and business strategy for a wide range of services and product offerings, along with implementing security governance programs into quality systems and design process Stephanie has presented security talks at some of the most important events in the world, including Black Hat, DEFCON, DerbyCon and a myriad of notable Healthcare conferences. Make sure to check out Stephanies Ted Talk: Protecting Medical Devices from Cyberharm  About Matt Stephenson Insecurity Podcast host Matt Stephenson (@packmatt73) leads the Security Technology team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcast and host of CylanceTV  Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line.  Can’t get enough of Insecurity? You can find us wherever you get your podcasts including Spotify, Stitcher, SoundCloud, I Heart Radio as well as ThreatVector InSecurity Podcasts: https://threatvector.cylance.com/en_us/category/podcasts.html iTunes/Apple Podcasts link: https://itunes.apple.com/us/podcast/insecurity/id1260714697?mt=2 GooglePlay Music link: https://play.google.com/music/listen#/ps/Ipudd6ommmgdsboen7rjd2lvste Make sure you Subscribe, Rate and Review!

Summary: Stephanie Domas is a driven leader and respected industry authority in healthcare and device cybersecurity. Her passion for cybersecurity, secure product design, and healthcare has earned her industry recognition and presentations at dozens of cybersecurity and healthcare conferences. In her current role, as Vice President of Research & Development at MedSec she leads business …

Stephanie Domas is Vice President of research and development at MedSec where she lead Cyber security products and services to support hospitals as well as medical device manufacturers on the design verification, security risk management and penetration testing in the development of medical devices.   CONNECT with Stephanie HERE LISTEN to Stephanie's TEDx talk HERE   BeTheTalk is a 7 day a week podcast where Nathan Eckel chats with talkers from TEDx & branded events. Tips tools and techniques that can help you give the talk to change the world at BeTheTalk.com !

Stephanie Domas is Vice President of research and development at MedSec where she lead Cyber security products and services to support hospitals as well as medical device manufacturers on the design verification, security risk management and penetration testing in the development of medical devices.   CONNECT with Stephanie HERE LISTEN to Stephanie's TEDx talk HERE   BeTheTalk is a 7 day a week podcast where Nathan Eckel chats with talkers from TEDx & branded events. Tips tools and techniques that can help you give the talk to change the world at BeTheTalk.com !

In our 164th episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Paul Rosenzweig, and Brian Egan discuss: the cyber EO is finally out – and just in time for wCry; WCry causes ransomware meltdown ; given a choice of blaming Microsoft, who wrote the bad code and the limited security update, the hackers who wrote the ransomware, or the GRU, who revealed the vulnerability, US reporters blame … NSA; Brad Smith of Microsoft thinks it shows we need a digital Geneva accord; NSA’s latest problems with compliance and the FISA court; Abbott Labs proposes a settlement with MedSec that would prevent it from talking to government in the absence of a preexisting inquiry and notice to Abbott; if Trump taped Comey, does it matter where he did it? Two-party consent rules. Our guest interview is with Tim Maurer, Fellow and co-director of the Cyber Policy Initiative at the Carnegie Endowment for International Peace. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

This week the Embedded Insiders welcome David Kleidermacher, Chief Security Officer at BlackBerry and one of the leading security evangelists in the embedded and IoT technology markets. Of particular interest to Mr. Kleidermacher is medical device security, and in this episode the Insiders probe him with questions regarding the state of the medical device security arms race; looking beyond the FDA for security evaluation; and the upcoming MEDSec security conference taking place May 23 and 24th at the DoubleTree Hilton in San Jose, CA.

Host Kevin Greene and guest Justine Boone, CEO at MedSec, discuss recent vulnerabilities discovered in St. Jude medical devices (pacemakers and defibrillators) during their cybersecurity research on medical devices. Boone discusses the recent lawsuit filed by St. Jude over the joint vulnerability report by MedSec and Muddy Waters discussing the attack scenarios possible for the existing vulnerabilities.

In our 157th episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Stephen Heifetz, and Philip Khinda discuss: Two White House Officials Helped Give Nunes Intelligence Reports; Buzzfeed motion; how Cisco responded to the Wikileaks Vault7 leak; Donald Trump has a new iPhone — so it looks like he isn’t boycotting Apple anymore; James Comey’s Twitter Account. Our guest interview is with Joshua Corman, Director of the Cyber Statecraft Initiative for the Atlantic Council, also serving on the HHS CyberSecurity Task Force required by CISA, and founder of "I am The Cavalry" a volunteer group focused on public safety/human life in connected technologies and Justine Bone, CEO and Director of MedSec, a company that analyzes the quality and security of technology solutions in the medical device and healthcare industries. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

2017-01-31 Special EnglishThis is Special English. I&`&m Ryan Price in Beijing. Here is the news.China will quadruple its new energy vehicle annual output to 2 million by 2020. A government plan released by the Industry and Information Technology noted that by 2025, at least one in every five cars sold in China will be a new energy model.Last year, China produced 517,000 new energy vehicles. The country has been the world&`&s top seller of such environment-friendly cars since 2015. The cumulative sale has exceeded 1 million.New energy vehicles include battery electric cars, plug-in hybrids, and fuel-cell cars.Last year, three top Chinese electric carmakers sold their models in more than 30 countries and regions around the world.The government will continue to improve policies, boost research and development, invest in charging infrastructure construction, and promote international cooperation to help the sector grow.In terms of charging infrastructure, China built 100,000 public charging poles in 2016, ten times the figure in 2015. A comprehensive charging grid has taken shape in big cities including Beijing, Shanghai, and Shenzhen.China witnessed a boom of electric vehicle investment in the past few years, largely thanks to government&`&s incentives.This is Special English.An oil-electricity hybrid locomotive, the most powerful of its kind, has started in an experiment in extreme cold weather in northeast China.The experiment was conducted in the northern part of the Inner Mongolia Autonomous Region, when the local temperature was minus 40 degrees Celsius.Despite the cold, the temperature in the cab was 25 degrees Celsius. The batteries were 12 degrees Celsius, suitable for operation.The manufacturer says the experiment marked the end of a series of experiments for the hybrid locomotive.In earlier experiments, the locomotive was run under a temperature of minus 30 degrees Celsius in northeast China.Last year, it operated in high temperatures in northwest China&`&s Xinjiang Uygur Autonomous Region.Hybrid locomotives are environment friendly, energy-saving and less noisy. The successful experiments mean that the world&`&s largest-power hybrid locomotive can run in all weather conditions.You&`&re listening to Special English. I&`&m Ryan Price in Beijing. Facebook is launching a journalism project aimed at strengthening its ties with media organizations. The move aims to expand their audiences, come up with new products and generally promote trusted news in today&`&s "post-truth" era.The project is in its early stages and as such, is light on its specifics. But the company envisions Facebook engineers working with news organizations to create new ways of telling stories and novel advertising or subscription models, right from the early stages of development. The company also wants to help promote "news literacy" and support local news.Dave Merrell, lead product manager at The Washington Post, which is among the news organizations working with Facebook, said it is very early in the process but certainly something they are really excited about. He said he worked with Facebook on numerous products over the years, but often were not involved in the product development stage.With "Instant Articles" launched in 2015, Facebook hosts and displays news items directly instead of pointing users to news websites. Such instant stories load faster on Facebook than those on outside links, and Facebook gives participating publishers a cut of the advertising revenue from Instant Articles.This is Special English.The U.S. Homeland Security Department has warned about an unusual cybersecurity flaw for one manufacturer&`&s implantable heart device where it is said it could allow hackers to remotely take control of a person&`&s defibrillator or pacemaker.Information on the security flaw was identified by researchers at MedSec Holdings in reports months ago. It was only formally made public after the manufacturer, St. Jude Medical, made a software repair available earlier this month. MedSec is a cybersecurity research company that focuses on the health-care industry.The government advisory said security patches will be rolled out automatically over months to patients with a device transmitter at home, as long as it is plugged in and connected to the company&`&s network. These transmitters will send heart device data back to medical professionals.You&`&re listening to Special English. I&`&m Ryan Price in Beijing. The first self-sufficient boat powered by only emission-free energy will start a six-year trip around the world in the spring.Energy Observer is a former multi-hull race boat converted into a green vessel equipped with solar panels, wind turbines and a hydrogen fuel cell system. This means that it will be powered by the wind, the sun and self-generated hydrogen.The 5 million euro boat is currently in a shipyard. It will set sail in Paris and make its first of 101 stops across 50 countries as part of a six-year circumnavigation.French environmentalists say the boat will demonstrate that there are many solutions for energetic transition, and all solutions are within nature.Designed in 1983, the boat enjoyed a successful career in open-sea sailing races. The Energy Observer project was conceived in 2015 by skippers, scuba divers and filmmakers.The technology fitted to the 30-meter boat will enable the production of hydrogen through the process of electrolysis. The boat is also equipped with a kite sail. It relies on the diversity of renewable energies. If there is no sun or wind, or at night, it has the option to draw in its hydrogen reservoirs. It will produce this hydrogen in a decarbonized manner through electrolysis of the sea water.This is Special English.Children with a genetic risk for obesity respond more strongly to fast food television advertising in a brain region associated with the reward processing. That&`&s according to a new study that may help understand why some children are more likely to over-eat unhealthy foods.The study is the first-of-its kind to examine how a key obesity gene influences brain response to food advertisements and other cues to eat. The gene is known as the fat-mass and obesity-associated, FTO, gene.The research was carried out by a team at the Dartmouth College, and the findings were published in the U.S. journal Proceeding of the National Academy of Sciences.In the study, 78 children, aged 9 to 12, watched a children&`&s television show in an magnetic resonance imaging scanner.To simulate the experience of watching television from home, the show included 12 minutes of commercial breaks, half were advertisements for fast food and the other half for non-food items.Children were also evaluated on their genetic risk for obesity based on the FTO gene, which strongly predicts obesity across the lifespan.The study found that the part of the brain which is commonly associated with reward craving is physically larger in children with the obesity-risk FTO genotype, compared to genetically low-risk children. In addition, this part of the brain also showed a stronger craving response to the food commercials in these children.You&`&re listening to Special English. I&`&m Ryan Price in Beijing. You can access the program by logging on to newsplusradio.cn. You can also find us on our Apple Podcast. If you have any comments or suggestions, please let us know by e-mailing us at mansuyingyu@cri.com.cn. That&`&s mansuyingyu@cri.com.cn. Now the news continues.Lethal overdoses on prescription painkillers in Australia have almost doubled in ten years. A new study published by Melbourne&`&s Penington Institute revealed that opioid-based painkillers were responsible for 71 per cent of all drug-related deaths in Australia in 2014.It also found that the use of opioid-based painkillers in Australia quadrupled between 2004 and 2014.The study shows that Australians aged 30-59 represented 78 per cent of all painkiller overdose deaths in the country.These figures have challenged the conventional wisdom that it is young urban people who are most at risk of dying of overdose in Australia.The study says it is now time for significant investments to be made to reduce the human toll from accidental overdose.Researchers said comprehensive investments have been made to reduce the road toll, and there should be similar level of investment being made into overdose prevention and awareness.Painkiller-related deaths were particularly prominent in rural areas, with 5 deaths per 100,000 people being attributed to painkiller overdoses in 2014. The figure marked an 83 per cent increase from the 3 deaths per 100,000 people recorded in 2004. This is Special English.A new study has found that urban sprawl is kicking one group of songbirds, called "avoiders", out of their territory, forcing divorce and stunting their ability to find new mates.The findings were the results of a 10 year research by John Marzluff, a professor of wildlife science in the University of Washington.Marzluff and his team monitored hundreds of individually marked songbirds from six common species found in suburbs of Seattle. The researchers tracked bird activity in different types of landscapes. Bands were placed around the birds&`& legs, and sightings of mated pairs and nest locations were mapped. The researchers were able to tell when a bird relocated, broke up from its mate or stayed put year to year.Avoider birds are species that are known to decline in response to urbanization, when forested areas are removed for developments. Monogamous birds will "divorce" their mate and move to a new territory if they have a reason to. When forced to move, the avoiders largely failed to reproduce again for at least one year after relocating. The whole transition to a new home and often a new partner might cause a bird to lose half of its breeding years.You&`&re listening to Special English. I&`&m Ryan Price in Beijing.Northwest China&`&s tourist city Xi&`&an is to appoint "toilet chiefs" this year, in an effort to improve services.The tourism bureau said the move aims to make all public toilets and those in restaurants and entertainment venues meet national standards, in terms of space and sanitation. All public toilets will also be free of charge.Xi&`&an is one the most popular tourist destinations in China. The city is planning to have private enterprises and individuals to run the toilets, which are currently under municipal administration.Toilet management will become part of the assessment for any tourist attractions and restaurants.China is in the middle of a three-year "toilet revolution", which includes building 35,000 new toilets across the country and renovating another 25,000 by the end of the year. This is Special English.China has a total of 700 million 4G mobile users, and the Ministry of Science and Technology says 5G commercial operations will be launched in 2020.The Ministry of Science and Technology said the 4G industrial chain has taken shape in China, with strengthened research and development capabilities.Wen said the ministry will promote the formation of a global unified 5G standard and push forward the use and innovation of 5G-based mobile Internet and the Internet of Things to lay a foundation for 5G commercial operations in 2020. This is Special English.More than 72,000 companies were offering language and translation services across China at the end of 2015.Among them, around 7,400 specialized in the field.According to a report on the development of China&`&s language service industry, the sector generated an output worth 280 billion yuan, roughly 41 billion U.S. dollars, in 2015.Experts say the development of information technology has presented brand new and huge opportunities for growth of language services.（全文见周日微信。）

St. Jude, MedSec and the FDA FDA, St. Jude go through disclosure/fix cycle No mention of MedSec - interesting for discussion; did they have an impact? St. Jude does a fairly great job of notification, updating “Benefits outweigh the risks”... that’s a big statement http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm535843.htm http://www.businesswire.com/news/home/20170109005921/en/St.-Jude-Medical-Announces-Cybersecurity-Updates http://www.medsec.com/entries/stj-lawsuit-response.html http://podcast.developsec.com/ep-56-security-contacts   New York financial regulator to delay cyber security rules Originally supposed to go into effect Jan 1.. New Date is March 1 We discussed in passing in a previous episode There are final adjustments being made, of course http://www.reuters.com/article/us-cyber-new-york-idUSKBN14A224   Massachusetts makes data breach reports available online http://turnto10.com/news/local/massachusetts-makes-data-breach-reports-available-online-01-04-2017 Seems less like a report and more of just the quick details of the notification http://www.mass.gov/ocabr/data-privacy-and-security/data/data-breach-notification-archive.html How much value does this provide?    Finding a company on the list doesn’t indicate its current security posture.   Identifying that you did business with a company on the list.. Not much you can do anyway. Still no indications of what happened, or who was actually affected Wouldn’t you get an email or snail mail during the original notification procedures? New Hampshire has done this for a while, except they provide the submitted letters, not just statistics (http://doj.nh.gov/consumer/security-breaches/) Another article talking about a few other states that do this as well https://www.wired.com/2017/01/states-now-actually-help-figure-youve-hacked/ Washington, Indiana, California   California passes law making ransomware illegal Wasn’t it already illegal under the CFAA? The purpose is to make it easier to prosecute rather than being forced to prosecute under other extortion or laundering laws How does this affect the enterprise?  More apt to follow up or file with FBI or other law enforcement? Will we see more laws like this, where they target specific acts? http://www.computerweekly.com/news/450410402/California-legislates-against-ransomware   Online databases dropping like flies, with >10K falling to ransomware groups This was reported earlier in the week (last monday or Tuesday) and has grown to more than 10K infected in less than a week. Mongo Blog post outlining steps to protect your installation - https://www.mongodb.com/blog/post/how-to-avoid-a-malicious-attack-that-ransoms-your-data The security checklist for mongoDB - https://docs.mongodb.com/manual/administration/security-checklist/ http://arstechnica.com/security/2017/01/more-than-10000-online-databases-taken-hostage-by-ransomware-attackers/   TV anchor says live on-air ‘Alexa, order me a dollhouse’ - guess what happens next Secure Defaults?  Apparently Voice ordering is on by default..  https://www.amazon.com/gp/help/customer/display.html?nodeId=201952610 You can turn voice ordering on or off You can optionally set a confirmation code The issue here is it is vocal.  Couldn’t your kids or someone else close by hear the code? Manage your 1-click settings Are people bringing these sorts of technologies into your enterprise? How are you handling it? How does this impact your security? How are you handling it? http://www.theregister.co.uk/2017/01/07/tv_anchor_says_alexa_buy_me_a_dollhouse_and_she_does/   Others http://ww2.cfo.com/risk-management/2016/12/quantifying-cyber-risks/ http://healthitsecurity.com/news/health-it-overconfident-in-data-breach-detection-remediation https://hbr.org/2016/12/the-darknet-a-quick-introduction-for-business-leaders Appropriate for coverage or do you think just providing a quick mention and the link in the show notes?

MedSec CEO Justine Bone talks medical device security by FedScoop

The O’Reilly Security Podcast: Where bits and bytes meet flesh, misaligned incentives, and hacking the security industry itself.In this episode, I talk with Josh Corman, co-founder of I Am the Cavalry and director of the Cyber Statecraft Initiative for the non-profit organization Atlantic Council. We discuss his recent work advising the White House and Congress on the many issues lurking in safety-critical systems in the health care industry, the misaligned incentives across health care, regulatory bodies and the software industry, and the recent incident between MedSec and St. Jude regarding their medical devices.Here are some highlights: Where bits and bytes meet flesh I asked Josh to comment on his advisory role with the White House for the Presidential Commission on Enhancing Cybersecurity: Previous testimony from JPMorgan Chase said that they had over 2,000 full-time security people and they spend over $600 million a year securing things and they still get breached pretty routinely. About 100 of the Fortune 100 companies had had a material loss of intellectual property or trade secrets in the last couple years. If you take a step back strategically, one could argue that on a long enough time line our failure rate is 100%. If we can't secure big banks with $600 million and 2,000 people, how do you secure a hospital with zero security staff and almost no security budget? In many cases, we know what to secure, or even how to secure it, but we lack the incentives to do so—some of the commissioners are surprised by this, but it's encouraging. They're looking at really controversial ideas like software liability. One of the reasons we have such terrible software is there's really no penalty for building and shipping terrible software. It's controversial because if you introduce something like software liability in a casual or cavalier way, you could destroy the entire software industry. Down the rabbit hole of legacy health care systems When asked about his work on the HHS Cybersecurity Task Force for Congress, Josh laid bare the stark realities of health care security in a world of interconnected devices and legacy technology and systems: There's this thing called “meaningful use” in hospital environments. Reimbursement for medical investment was tied to meaningful use. [The health care industry] was encouraged to move rapidly from paper records to electronic records, and so they essentially took a whole bunch of medical devices that were never threat modeled, designed, architected, and implemented to be connected to anything and then forced them to be connected to everything. What that means is that even if a hospital has that 2,000 person security staff that is used to securing a bank or JPMorgan Chase, they can't achieve the same level of network security possible in a banking environment because of the unintended consequences of meaningful use. We're chasing rabbits down the rabbit hole and it goes a lot further than I think anybody has realized. There are some seemingly intractable problems in this long tail of Windows XP and legacy, outdated, unsupported operating systems being the overwhelming majority of the equipment in these hospitals, and they have scant security talent and budget and resources to even operate the old stuff. It's pretty ugly. Misaligned incentives In my testimony to the White House, I said that for some of these things, we know what the fix is. We actually know how to completely eliminate SQL injection. We know how, but we don't do it. I think in many cases we have technical solutions; we lack the incentives and the political will. And when you think about someone who has the means, motive, and opportunity to hurt the public through this irrational dependence on connected technology and safety critical spaces like hospitals, I don't think we have to make perfect things. I think what we have to do is drain the low hanging fruit and the hygiene issues, because if you can raise the bar high enough, we get rid of the high intent, low capability adversaries. You're never going to stop Russia or China from being good enough, but at least they're rational and we have norms and treaties and mutually assured destruction and economic sanctions and whatnot. I'm more concerned about the people that lay outside the control or the reach of deterrence. What we want to do is get to that 80/20 rule or the balance point where the really reasonable stuff, like no known vulnerabilities and make your goods patchable, at least equip us to shield ourselves against the whims and will of these more extreme adversaries. We don't have to boil the ocean, just raise the tide line enough. MedSec/St. Jude refocusing on the impact on patients Building on our conversation about health care security, I asked Josh about the recent debacle with MedSec, Muddy Waters, and St. Jude: Regardless of the veracity of the findings (because the veracity of the findings is in dispute), or whether you think it's moral to make money off of these things, or whether you think it's legal or should be legal to short safety-critical industries, if we can separate those three aspects we’ll see that there's been discussion about who's to blame here but stunningly little discussion about the effect on patients and on safety. I think it's hard to argue that the safest thing for the customers is to tell every adversary on the planet [about the vulnerability] before the patients or the doctors who care for those patients or the regulator who regulates the care for those patients has had a chance to get ground triage, form a plan, communicate the plan, and manage expectations so that a thoughtful, unemotional response can be done when the information comes to light. My belief is that the safest outcome will factor all relevant stakeholders, and I have seen almost no press that even factors for the impact on patients. Hacking the health care security industry We had a 20-year stalemate with the industries that we bring these disclosure issues to. Let's try not to be a pointing finger at past failures but a helping hand at future success. I have no interest in finding and fixing one device, one bug in one device for one manufacturer. We need to hack the industry and hack the incentives. We need to fix the whole problem. We're seeing the tide turn from a very real risk that white hats would be completely criminalized, to a massive embrace that it's not just a pointing finger at past failure and a researcher of the threat but rather that the researcher is a vitally necessary teammate. In fact the FDA, in their post-market guidance, is strongly advocating for high trust, high collaboration with white hats. In the context of all this sea change, from seeing us as enemies to vitally necessary teammates that help make their customers safer, our stories and advice scare the legal teams and the shareholders and might make researchers once again look like a threat. Related resources: Background on the MedSec/Muddy Waters/St Jude situation The Presidential Commission on Enhancing Cyber Security (NIST) The Health Care Industry Cybersecurity Task Force

The O’Reilly Security Podcast: Where bits and bytes meet flesh, misaligned incentives, and hacking the security industry itself.In this episode, I talk with Josh Corman, co-founder of I Am the Cavalry and director of the Cyber Statecraft Initiative for the non-profit organization Atlantic Council. We discuss his recent work advising the White House and Congress on the many issues lurking in safety-critical systems in the health care industry, the misaligned incentives across health care, regulatory bodies and the software industry, and the recent incident between MedSec and St. Jude regarding their medical devices.Here are some highlights: Where bits and bytes meet flesh I asked Josh to comment on his advisory role with the White House for the Presidential Commission on Enhancing Cybersecurity: Previous testimony from JPMorgan Chase said that they had over 2,000 full-time security people and they spend over $600 million a year securing things and they still get breached pretty routinely. About 100 of the Fortune 100 companies had had a material loss of intellectual property or trade secrets in the last couple years. If you take a step back strategically, one could argue that on a long enough time line our failure rate is 100%. If we can't secure big banks with $600 million and 2,000 people, how do you secure a hospital with zero security staff and almost no security budget? In many cases, we know what to secure, or even how to secure it, but we lack the incentives to do so—some of the commissioners are surprised by this, but it's encouraging. They're looking at really controversial ideas like software liability. One of the reasons we have such terrible software is there's really no penalty for building and shipping terrible software. It's controversial because if you introduce something like software liability in a casual or cavalier way, you could destroy the entire software industry. Down the rabbit hole of legacy health care systems When asked about his work on the HHS Cybersecurity Task Force for Congress, Josh laid bare the stark realities of health care security in a world of interconnected devices and legacy technology and systems: There's this thing called “meaningful use” in hospital environments. Reimbursement for medical investment was tied to meaningful use. [The health care industry] was encouraged to move rapidly from paper records to electronic records, and so they essentially took a whole bunch of medical devices that were never threat modeled, designed, architected, and implemented to be connected to anything and then forced them to be connected to everything. What that means is that even if a hospital has that 2,000 person security staff that is used to securing a bank or JPMorgan Chase, they can't achieve the same level of network security possible in a banking environment because of the unintended consequences of meaningful use. We're chasing rabbits down the rabbit hole and it goes a lot further than I think anybody has realized. There are some seemingly intractable problems in this long tail of Windows XP and legacy, outdated, unsupported operating systems being the overwhelming majority of the equipment in these hospitals, and they have scant security talent and budget and resources to even operate the old stuff. It's pretty ugly. Misaligned incentives In my testimony to the White House, I said that for some of these things, we know what the fix is. We actually know how to completely eliminate SQL injection. We know how, but we don't do it. I think in many cases we have technical solutions; we lack the incentives and the political will. And when you think about someone who has the means, motive, and opportunity to hurt the public through this irrational dependence on connected technology and safety critical spaces like hospitals, I don't think we have to make perfect things. I think what we have to do is drain the low hanging fruit and the hygiene issues, because if you can raise the bar high enough, we get rid of the high intent, low capability adversaries. You're never going to stop Russia or China from being good enough, but at least they're rational and we have norms and treaties and mutually assured destruction and economic sanctions and whatnot. I'm more concerned about the people that lay outside the control or the reach of deterrence. What we want to do is get to that 80/20 rule or the balance point where the really reasonable stuff, like no known vulnerabilities and make your goods patchable, at least equip us to shield ourselves against the whims and will of these more extreme adversaries. We don't have to boil the ocean, just raise the tide line enough. MedSec/St. Jude refocusing on the impact on patients Building on our conversation about health care security, I asked Josh about the recent debacle with MedSec, Muddy Waters, and St. Jude: Regardless of the veracity of the findings (because the veracity of the findings is in dispute), or whether you think it's moral to make money off of these things, or whether you think it's legal or should be legal to short safety-critical industries, if we can separate those three aspects we’ll see that there's been discussion about who's to blame here but stunningly little discussion about the effect on patients and on safety. I think it's hard to argue that the safest thing for the customers is to tell every adversary on the planet [about the vulnerability] before the patients or the doctors who care for those patients or the regulator who regulates the care for those patients has had a chance to get ground triage, form a plan, communicate the plan, and manage expectations so that a thoughtful, unemotional response can be done when the information comes to light. My belief is that the safest outcome will factor all relevant stakeholders, and I have seen almost no press that even factors for the impact on patients. Hacking the health care security industry We had a 20-year stalemate with the industries that we bring these disclosure issues to. Let's try not to be a pointing finger at past failures but a helping hand at future success. I have no interest in finding and fixing one device, one bug in one device for one manufacturer. We need to hack the industry and hack the incentives. We need to fix the whole problem. We're seeing the tide turn from a very real risk that white hats would be completely criminalized, to a massive embrace that it's not just a pointing finger at past failure and a researcher of the threat but rather that the researcher is a vitally necessary teammate. In fact the FDA, in their post-market guidance, is strongly advocating for high trust, high collaboration with white hats. In the context of all this sea change, from seeing us as enemies to vitally necessary teammates that help make their customers safer, our stories and advice scare the legal teams and the shareholders and might make researchers once again look like a threat. Related resources: Background on the MedSec/Muddy Waters/St Jude situation The Presidential Commission on Enhancing Cyber Security (NIST) The Health Care Industry Cybersecurity Task Force

In today's podcast we explore ongoing concerns about Russian attempts to influence US elections. The US Congress has harsh words for OPM in their data breach report. Google has a plan for countering ISIS messaging online. Ransomware may prove self-limiting for criminals, and St. Jude Medical sues Muddy Waters Capital and MedSec. We hear about next-generation SOCs from Siemplify's Amos Stern, and University of Maryland's Jonathan Katz explains a vulnerability in homomorphic encryption.

Hacking pacemakers to plummet a stock price not save a life. Rob Graham, CEO of Errata Security, shares insights and predictions on device security research in the wake of Muddy Waters and MedSec public vulnerability disclosures of St Jude's medical devices. Stephen Fleming, Atlanta native, long-time observer of the local startup scene, and early investor in the privatization of space flight joins the show to discuss the rocketing private space race.

New details emerge about Americans held hostage by Islamic militants. Security researchers use an unorthodox approach to protect medical devices. And the US kills ISIS’ number 2. Does it matter? 

In today's podcast, we update the story on SCADA malware in Iran—Iran now thinks it didn't cause petrochemical industry fires. France, India, and Australia investigate theft of submarine design data. Citizen Labs' investigation of iOS spyware renews debate over cyber arms control. The Shadow Brokers haven't yet got their half-billion dollars, but their leaks chill US-Russian relations and prompt both election fears and concerns over zero-day disclosure. The US prepares to revise its anti-ISIS social media operations. Security firm MedSec discloses alleged St. Jude medical device vulnerabilities to a hedge fund, seeking to profit from short-selling. Markus Rauschecker from the University of Maryland Center for Health and Homeland Security gives us the details on PPD 41 from the White House. Fishing and hunting license databases exposed.

Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Erven-Merdinger/DEFCON-22-Scott-Erven-and-Shawn-Merdinger-Just-What-The-DR-Ordered-UPDATED.pdf Just What The Doctor Ordered? Scott Erven FOUNDER & PRESIDENT SECMEDIC, INC Shawn Merdinger HEALTHCARE SECURITY RESEARCHER You have already heard the stories of security researchers delivering lethal doses of insulin to a pump, or delivering a lethal shock to a vulnerable defibrillator. But what is the reality of medical device security across the enterprise? Join us for an in-depth presentation about a three-year independent research project, encompassing medical devices across all modalities inside today’s healthcare landscape. Think they are firewalled off? Well think again. Scarier yet, many remain Internet facing and are vulnerable to strategic attack with the potential loss for human life. And yes you will be amazed at what we found in just 1 hour! We will prove that an attacker can access medical devices at thousands of healthcare facilities from anywhere in the world with the potential loss of human life. This discussion will also highlight the fallout from security standards not being a requirement for medical device manufacturers, and our experience in identifying and reporting vulnerabilities. We will provide our insight into what needs to be done for healthcare organizations to respond to the new threat of cyber-attack against medical devices. We are working towards a future where cyber security issues in medical devices are a thing of the past. We will discuss the recent success and traction we have gained with healthcare organizations, federal agencies and device manufacturers in addressing these security issues. The train is now moving, so please join us to find out how you can get involved and make a difference by ensuring patient safety. Scott Erven is a healthcare security visionary and thought leader; with over 15 years’ experience in Information Technology & Security. He is also the Founder and President of SecMedic, Inc. His research on medical device security has been featured in Wired and numerous media outlets worldwide. Mr. Erven has presented his research and expertise in the field internationally. He has been involved in numerous IT certification development efforts as a subject matter expert in Information Security. His current focus is research affecting human life and public safety issues inside today’s healthcare landscape. Shawn Merdinger is a security researcher with 15 years' information security and IT experience. He is founder of MedSec, a LinkedIn group focused on medical device security risks with over 500 members and has worked with Cisco Systems, TippingPoint, an academic medical center, and as a independent security researcher and consultant. He's served as technical editor for 12 security books from Cisco Press, Pearson, Syngress and Wiley. Shawn has presented original security research at DEFCON, DerbyCon, Educause, ShmooCon, CONfidence, NoConName, O’Reilly, IT Underground, InfraGard, ISSA, CarolinaCon and SecurityOpus. He holds a master's from the University of Texas at Austin and two bachelor's from the University of Connecticut.