Hackable pacemaker

I can’t tell if this is actually a problem or just technology fearmongering. The first sentence doesn’t make me think it is all that worrisome.

The threat seems largely theoretical. But a team of computer security researchers plans to report Wednesday that it had been able to gain wireless access to a combination heart defibrillator and pacemaker.

They were able to reprogram it to shut down and to deliver jolts of electricity that would potentially be fatal—if the device had been in a person. In this case, the researcher were hacking into a device in a laboratory.

Other than pure malice, I don’t see why a hacker would be interested in doing this. However, apparently teens have been turning off San Francisco’s electric buses and throwing rocks at the disabled vehicles, which sounds pretty malicious. I guess as long as the pacemakers don’t have external on/off switches, people’s hearts will be fine.

Web 2.0 sites “safe harbors” for hackers

In an article on new data-theft techniques, Yuval Ben-Itzhak argues that by setting up accounts in trusted Web 2.0 sites, hackers can avoid current security features that prevent spyware from uploading stolen personal information.

In Web 2.0 and beyond, a stealthy Trojan on your PC will no longer need to send its stolen data to a malicious host server in the Third World. Rather, the Trojan will upload data to a MySpace page or another “trusted” Web 2.0 site that will not be blacklisted by URL filtering or reputation-based solutions. Once the data is downloaded from these sites, it is deleted. In essence, hackers could turn these sites into “safe harbors” for storing their stolen data.

This is an interesting downside to the read/write web that I hadn’t heard anyone articulate before.