Posts Tagged ‘Software’
Software Update Site For Hospital Respirators Found Riddled With Malware
Last Updated on Saturday, 14 July 2012 05:47 Written by Celframe Security Team Thursday, 8 November 2012 08:05
UPDATE: A Web site used to distribute software updates for a wide range medical equipment, including ventilators has been blocked by Google after it was found to be riddled with malware and serving up attacks. The U.S. Department of Homeland Security is looking into the compromise, Threatpost has learned.
The site belongs to San Diego-based CareFusion Inc., a hospital equipment supplier. The infected Web sites, which use a number of different domains, distribute firmware updates for a range of ventilators and respiratory products. Scans by Google’s Safe Browsing program in May and June found the sites were rife with malware. For example, about six percent of the 347 Web pages hosted at Viasyshealthcare.com, a CareFusion Web site that is used to distribute software updates for the company’s AVEA brand ventilators, were found to be infected and pushing malicious software to visitors’ systems.
CareFusion Support SiteThe software downloaded from Viasyshealthcare.com included 48 separate Trojan horse programs and two scripting exploits, according to a review of the Google Safe Browsing report by Threatpost. Another domain, sensormedics.com, which supports CareFusion’s VELA brand ventilators, was also found to be serving “content that resulted in malicious software being downloaded and installed without user consent,” according to a June 13 scan by Google’s Safe Browsing crawler.
A CareFusion did not respond to a request for comment spokeswoman said the company is “looking into the matter” and has removed the software updates from its website in the meantime.
The company makes a range of hospital equipment including the Alaris-brand infusion pumps and AVEA, AirLife and LTV series ventilation and respiratory products. CareFusion employs 14,000 people worldwide reported revenue of $2.63 billion for the first nine months of its fiscal year.
After being contacted by Threatpost on Thursday, CareFusion removed links to the infected Web sites hosting software updates for the respirators from its Product Support page. However, the company still offered links for parts and supplies for CareFusion’s 3100A High Frequency Oscillatory Ventilator (HFOV) and LTV series ventilators that were likewise infected, according to Google.
Google Safe Browsing Warning
The infections first caught the attention of Kevin Fu, a professor and security researcher at the University of Massachusetts, Amherst who is a recognized expert in the security of medical devices. Fu discovered the infections when trying to download an update for the AVEA ventilators. Fu said the infections pose a major risk for hospitals that use CareFusion products.
“Vendors routinely install software updates for medical devices from the Internet or USB keys. I’ve seen medical sales engineers download pacemaker-related software from the Internet,” he wrote on his blog, Medical Device Security Center.
Fu notes that CareFusion advises customers to simply “click run” when the “file download security warning” dialog box appears – potentially tragic advice on a Web site that is serving up malicious programs such as Trojan horse programs.
Fu said an e-mail sent to an e-mail address “security@carefusion.com” bounced back. He reported the incident to the U.S. Federal Food and Drug Administration (FDA) but that the agency lacks a way to track and respond to cyber security reports for medical devices. “The reports get mixed in with general adverse event reports, and incidents with known injuries or deaths usually receive more swift attention,” Fu wrote.
Little is known about the source of the infections at CareFusion. However, an analysis by the Department of Homeland Security found that some of CareFusion’s Web sites were relying on six year old versions of ASP.NET and Microsoft Internet Information Services (IIS) version 6.0, which was released with Windows Server 2003. Both platforms are highly susceptible to compromise. DHS is continuing to investigate the incident and may refer it to its ICS-CERT division, which focuses on threats to critical infrastructure.
It is also unclear whether the attackers knew that the compromised sites hosted software for running life-saving medical devices. Attacks that leverage legitimate Web sites are common online. Recent months have brought reports of prominent Web sites and hosting firms that were hacked and reconfigured to serve up malicious programs. In April, Google warned 20,000 Webmasters about sites that may be compromised and redirecting visitors to malicious Web sites.
Fu said the warnings from Google should give CareFusion’s many customers pause before downloading updates from the company’s Web sites.
“I find it difficult to establish trust in the safety of software affiliated with reports of “malicious software being downloaded and installed without user consent.”
View the original article here
Tags: Found, Hospital, Malware, Respirators, Riddled, Software, Update | Posted under Celframe Security | No Comments
ThreadWatch: Tracking and Visualizing the Use of Software Applications
Last Updated on Friday, 25 May 2012 04:23 Written by Celframe Web Team Thursday, 7 June 2012 10:54
ThreadWatch [finekost.com] by interactive developer Alex Milde visualizes the usage of software programs on the Mac platform over the timeframe of one day.
First, one needs to download a small program that tracks all active applications on your desktop, as well as their impact in terms of memory and CPU usage. This tracked data is stored in a text file, which can be uploaded and then visualized. The data is not stored nor kept by the visualization tool. Individual software programs are represented by different colors.
See also:
. logTool: Revealing the Hidden Patterns of Online Surfing Behavior
. Nebul.us: Visualizing (and Sharing) your Online Activity
. IOGraph: Tracking Computer Mouse Movements as Art Work
. EyeBrowse: Record, Visualize and Share your Browser History
Tags: Applications, Software, ThreadWatch, Tracking, Visualizing | Posted under Web | No Comments
OpenFlow & SDN – Looking forward to SDNS: Software Defined Network Security
Last Updated on Monday, 12 March 2012 01:18 Written by Celframe Security Team Friday, 1 June 2012 02:29
As facetious as the introductory premise of my Commode Computing presentation is, the main message — the automation of security capabilities up and down the stack — really is something I’m passionate about.
Ultimately, I made the point that “security” needs to be as programmatic/programmable, agile, scaleable and flexible as the workloads (and stacks) it is designed to protect. “Security” in this contexts extends well beyond the network, but the network provides such a convenient way of defining templated containers against which we can construct and enforce policies across a wide variety of deployment and delivery models.
So as I watch OpenFlow (and Software Defined Networking) mature, I’m really, really excited to recognize the potential for a slew of innovative ways we can leverage and extend this approach to networking [monitoring and enforcement] in order to achieve greater visibility, scale, agility, performance, efficacy and reduced costs associated with security. The more programmatic and instrumented the network becomes, the more capable our security options will become also.
I’m busy reading many of the research activities associated with OpenFlow security and digesting where vendors are in terms of their approach to leveraging this technology in terms of security. It may be just my perspective, but it’s a little sparse today — not disappointingly so — with a huge greenfield opportunity for really innovative stuff when paired with advancements we’re seeing in virtualization and cloud computing.
I’ll relate more of my thoughts and discoveries as time goes on. If you’ve got some cool ideas/concepts/products in this area (I don’t care who you work for,) post ‘em here in the comments, please!
In the meantime, check out: www.openflow.org to get your feet wet.
/Hoff
Reminders to self to perform more research on (I think I’m going to do my next presentation series on this):
AAA for messages between OpenFlow Switch and ControllersFlood protection for controllersSpoofing/MITM between switch/controllers (specifically SSL/TLS)Flow-through (ha!)/support of OpenFlow in virtual switches (see 1000v and Open vSwitch)(per above) Integration with VN-Tag (like) flow-VM (workload) taggingIntegration of Netflow data from OpenFlow flow tablesState/flow-table convergence for security decisions with/without cut-through given traffic steeringService insertion overlays for security control planesIntegration with 802.1x (and protocol extensions such as TrustSec)Telemetry integration with NAC and vNACAnti-DDoS implications
View the original article here