Pratum Blog

First let me say this: I am not trying to create mass panic. We are not having a crisis, epidemic, pandemic or any other world ending situation. You should not refuse medical treatment because of anything I point out in this short blog entry.

Recently a security researcher found a way to take control of an insulin pump and dole out a potentially lethal dose of insulin. The device is made by a large corporation and is widely used today. It uses wireless technology with no encryption. Yes...you read that right. Wireless...no encryption. I know, I know...it should be a no-brainer these days to encrypt all wireless communications but evidently it's not. The researcher had to customize the communication device and write a customized program to connect to the insulin pump. But if he can do it, so can the next guy. This isn't the first of such discoveries. A couple of years ago, certain types of pacemakers were discovered to have a similar flaw.

This is why it is so important for all projects your company works on, not just IT projects, to go through a formalized information security and privacy review before getting the green light for production. If you are buying products, especially those you sell, configure or install for others, you should do a thorough information security and privacy review during your procurement process. Ask the vendors if they've done security testing. Ask them for independent verification. If they can't or won't provide the information you must assume it wasn't done and you'll need to do your own validation. Information and communications are everywhere. Even inside our own bodies. Welcome to the Matrix.

While setting up a new laptop our resident security engineering guru, Steve Healey made a funny discovery.  Cell phone videos can be used to bypass facial recognition software.  The laptop he was configuring offers biometric authentication via facial recognition using the built in webcam.  Steve recorded a video of himself on his smartphone and then used it as the subject for authentication.  By simply changing the viewing angle of the phone to the camera he was granted access.  As a disclaimer, he didn't have the sensitivity turned all the way up.  It also wasn't turned all the way down either though.  Those of you using biometric devices, fingerprint readers, facial recognition, etc. on your mobile devices, take note.  It's really not all that secure.  You probably still want to use a password in combination with the biometrics.  Low end biometric capture devices in cell phones, laptops, etc. are not the same ones you see protecting a Level-3 Bio Hazard lab!  Kudos to Steve on this "shocking" discovery.

I'm happy to announce the launch of Pratum's new online security awareness training portal.  If you are looking for a quick and cost effective way to provide security awareness training to your employees, our new security awareness training portal is for you.  We call it InTraining. The training course meets the needs to provide employee security awareness training for HIPAA, SOX, PCI and other compliance requirements.  Our fully integrated training portal provides a company administrator with the ability to enroll employees on the fly, create compliance reports for auditors and send reminders to those who haven't completed their annual training.

The multi-media content is designed to provide a high level overview of common information security topics in a format that is easily understood by the average employee.  No fancy techno-jargon, just practical information employees need to know in order to protect the confidentiality, integrity and availability of company data.

If you're looking for OWASP training for your application developers to satisfy your PCI compliance, our OWASP course will be launching next month as well.

Get our blog posts delivered to your inbox:

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.