Domain: synopsys.com
Stories and comments across the archive that link to synopsys.com.
Stories · 2
-
Two Different Studies Find Thousands of Bugs In Pacemakers, Insulin Pumps and Other Medical Devices
Two studies are warning of thousands of vulnerabilities found in pacemakers, insulin pumps and other medical devices. "One study solely on pacemakers found more than 8,000 known vulnerabilities in code inside the cardiac devices," reports BBC. "The other study of the broader device market found only 17% of manufacturers had taken steps to secure gadgets." From the report: The report on pacemakers looked at a range of implantable devices from four manufacturers as well as the "ecosystem" of other equipment used to monitor and manage them. Researcher Billy Rios and Dr Jonathan Butts from security company Whitescope said their study showed the "serious challenges" pacemaker manufacturers faced in trying to keep devices patched and free from bugs that attackers could exploit. They found that few of the manufacturers encrypted or otherwise protected data on a device or when it was being transferred to monitoring systems. Also, none was protected with the most basic login name and password systems or checked that devices they were connecting to were authentic. Often, wrote Mr Rios, the small size and low computing power of internal devices made it hard to apply security standards that helped keep other devices safe. In a longer paper, the pair said device makers had work to do more to "protect against potential system compromises that may have implications to patient care." The separate study that quizzed manufacturers, hospitals and health organizations about the equipment they used when treating patients found that 80% said devices were hard to secure. Bugs in code, lack of knowledge about how to write secure code and time pressures made many devices vulnerable to attack, suggested the study. -
Rumours
Anonymous Coward writes "I must remain anonymous for fear of job security, however... Sprint is a client of ours and we have been given a contract to sign that includes (among other things) a bit that goes like this: Supplier warrants that no GNU, FSF, or copylefted software shall be used in the production of services for Sprint. I'm still trying to figure out if this means that I have to uninstall gawk, apache, sendmail, BIND, etc., from my (non-linux) UNIX systems.... Afraid I can't include a link to the exact contract verbage, but it's 100% factual, I just read the contract myself. "I also received an email from an EE claiming that Synopsys had informed him that they would be porting their tools to Linux. This would be an important step since Linux is ideal for large simulation/synthesis farms: cheap hardware and stable OS that can be left in a computer room. In related news, Green Mountain Computing Systems has released their VHDL compiler for Linux, with a demo available for download. It is slightly faster than the NT version, with better memory performance.