I do hope that it does not give the Identity Card mob any ideas.
A Microsoft researcher has suggested tattooing passwords on patients with pacemakers and other implanted medical devices to ensure the remotely-controlled gadgets can be accessed during emergencies. The proposal, by Stuart Schechter of Microsoft Research, is the latest to grapple with the security of implanted medical devices …
Let me be the first to beat the wacko's about how this is the "mark of the beast" ("number of the beast") from the Book of Revelation 13:17-18.
Of course, I am still waiting for all that Microsoft software in medical devices to start making "General Protection Fault" as a leading cause of death.
> In 2008, researchers demonstrated that heart monitors were susceptible to wireless hacks that caused pacemakers to shut off or leak personal information.
Are there any documented instances of someone actually doing this?
Hacking someone's WiFi is one thing, but killing someone by disabling their pacemaker is another thing entirely.
Tattoo security, compatibility, interoperability and web standards on steve ballmer's ass... on second thought, his forehead, i wouldn't want to have to look at his ass to see the standards! and his forehead is a platform better suited for the job, god only knows he's got the real estate for it!
If there going to put the password on the person why not add a barcode/machine readable version of it as well? In addition to the UV light on the interface also have a camera to read the info, the doctor/nurse would then confirm it against the human readable info and be ready to go. Faster, more reliable.
Tux, well, why not?
By specifying the 'leftmost' foot, this ensures that people with any number of feet can be dealt with under standard procedures and leads to simpler development of procedures and processes.
Otherwise, people with one foot, or three, four, etc feet would have to be dealt with as an exception. In an emergency, you don't want physicians and para-medics having to make up new procedures on the fly because that would be prone to error.
However (as some of you will have noticed), this does not deal with the case where a patient has no feet. In order to deal with this case, the definition of the word 'foot/feet' must be clarified or replaced and agreed by all. I would suggest "The leftmost lower extremity of the body".
And if you need to have something like a pacemaker but dont want the tattoo or have issues about having tattoos??
What you dont get the life saving treatment?
Typical stupid ideas punted by stupid people who have no idea of thee real world & therefore should really keep their big damned mouths shut!
Why not make all the devices have the same password, but have the device have to have the password encrypted based on something like the patient's retina. Thus, the patient wouldn't have to have anything tattooed onto them, yet the information would be readily available to medical professionals, but not to casual observers.
... that biometrics can really only be used to verify authentication not to provide reliable salts etc for encryption due to the squishy nature of our various bits.
e.g. retinas can change quite markedly in cases of hypertension (or so I'm told anyway) and a small peice of damage to fingertips changes (albeit temporarily) the fingerprint. Neither of these would yeild a reliable source of encryption fodder.
But in theory, yes - that'd be a much more sensible way of doing it provided there were mutliple encryption forms.
Look, if that password is required it is required NOW, also the patient is highly likley to be unconscious.
If you are lucky enough to be unlucky enough to be taken that ill in your home town then maybe, just maybe the A & E department might have some info on you with which they could track down your doctor to get access to your medical notes and access the password.
What happens if you get taken ill in another part of the country? it could take a long time to get hold of your records, even worse if you were taken ill in another country all together!
I know everyone is knocking this because it's Micro$haft so it must be a Fail / joke / insecure / money making scheme etc and we know they will screw it up.
People have mentioned Medicalert bracelets and that's a good idea but not everyone (who should) wears them, they could also be lost / stolen.
The idea is sound, everyone here hates it because it's Micro$oft, and I’m guessing if it was a Google idea then people would be queuing up asking where they could get their tattoo!
I don't currently have a pacemaker, but it might be worth it to get a tattoo of my router's WEP key just for convenience. It would be cool thing, in a geeky way, to show off at the beach! If they increase the key length down the road, I can just add extra hex digits at the end.
"In 2008, researchers demonstrated that heart monitors were susceptible to wireless hacks that caused pacemakers to shut off or leak personal information"
I seriously doubt this would happen in Real Life - going on malware trends, it is no longer trendy to destroy anything with malware, it's much more likely they want money. So unless that "personal information" is going to lead to the user's wallets, it ain't gonna happen.
Instead of asking people to tattoo their password onto their body, why don't the spend their time developing a half decent OS?
The one they've foisted on us is frankly a load of guff. The only reason it's still going seems to be that brain-dead managers continue to buy it because "it's what we've always used". The masses then get it at home because "it's what I have at work".
Frankly, if I was continually rodgered at work by a man using a spiky stick, I wouldn't want to upgrade to "spiky stick 2.0". I'd want it to stop! I certainly wouldn't invite him home with me!
What is sad about all this is nobody posting has bothered to note WHY we need
such measures. Take note of the state of humanity that you have people out there
SO FUKIN sick as to mess with a person using a life giving device.
So sick as to get their pathetic jollies off by doing so.
I see lots of silly boy outrage directed at those trying to prevent said abuse but where
is the silly boy outrage directed at the total ass-wipes that DO SUCH ACTS?
Course this begs the question is there a documented case of such happening?
THAT would be interesting.
To all you silly boys, sorry but I find your outrage just a bunch of Nancy activity.
Go fark yourselves.
Yours truly, an enraged Texan.
I agree with you. As the vast majority of attacks are automated, the computer itself is not getting its jollies off of targeting a life saving device. All the scripts do is see a new address, attempt to break in, and then run through some pre-ordained movements that might get money information from a normal computer, but also might shut down an implant.
The victim just has the unfortunate luck to get too close to a wifi hotspot and boom... what happens anyway? Does this just make the device a carrier of the virus? Does the patient need to get their heart de-wormed?!
The sad issue here are people this apathetic, to create these fire and forget these systems, hoping that enough is stolen to get them the latest LCD TV or designer shoes for themselves.
Tattoo on the bottom of the foot, the password to control your heart pacemaker...
That means you can no longer go to the beach, trust anyone in bed, enjoy an afternoon in the sun by the pool...
And if people are really out to get you, they would know how, by just taking your socks off...
Then, if you didn't have Atrial Fibrillation before, you will until they get what they want
That is even more fun than having software written in Active X!!
And you thought Microsoft knew nothing about security...
If you did think they did... this proves you wrong.
Did you miss the bit about it being tattooed using UV ink? You need the UV light for it to be visible.
If someone is out to get you they can just kill you in a multitude of 'standard' ways. Also a lot of people with pacemakers are unlikely to die immediately if they are turned off so forcing someone to give up the password then turning the pacemaker off is a pretty rubbish way of targetting a specific individual.
This system is designed to stop someone using it to turn the pacemakers off of everyone they pass walking down the street.
Wind Farmer (see above) had it right. "Leftmost" is short-hand for "on the left foot by preference, but if the left foot is missing, then on the right foot."
Every job has its own jargon to allow for shortcuts in conversation (I remember a rather funny skit about two hi-fi repairman doing their job without using hi-fi-specific jargon like "woofer", "amp", etc). This is just one example of it.
That this even needs to be considered.
Having to encrypt someone's pacemaker in case it's hacked and shut down is a horrifying thought.
Though unlikely to happen in real life, we can't say for cetain that it won't so the need for encryption/passwords is certainly there.
Not so sure a tattoo is the best way to go about it though :S
Either a standard bracelet, or possibly even an RSA bracelet would be a better option? At least then the password is going to change every 60 seconds or so?
The tattoos are suggested to be done in invisible ink so going to the beach or having some intimate time in bed with a stranger is not a risk of theft of the password (unless you go to her bachelorette pad which has black lights in the bedroom).
But we are complicating a simple problem. "How do you get access to a secured computer when the regular users who know the passwords are otherwise unavailable?" I know that in our server rooms, we do not keep the password taped to the underside of the leftmost door.
Instead we have a sealed envelope in a safe in the COO's office that has a username and password with admin privilege. The regular users are informed via e-mail whenever this user logs on. At the next available opportunity, the username and password of this user is changed, placed in a sealed envelope and put in the safe in the COO's office.
Also, if the safe in the COO's office is broken into, the username and password is changed at the next available opportunity.
A medical bracelet, dog tags or SIM card in a wallet can do the same thing. If the medical bracelet/dog tags go missing or if the wallet is stolen, Go home, log on to your account and change the information and get a new bracelet, SIM card or dog tags.
"But what about the time period between the loss and the new tags/bracelets/cards coming?" The old info will still be good until the new info is activated through a 1-800 number and your spare cards/tags/bracelets are at home. That leaves a small window in which to die and we cannot prevent every intrusion. We all must die sometime. (It might be easier for someone bent on killing you to use a bullet than go through all that trouble).
why not encode it as little metal bits on a piece of plastic, then attach it to the ribs when putting the pacemaker in? Maybe like a barcode or 2-D code like UPS uses. That way a quick trip through the X-ray machine will reveal the glowing dots of metal that contain the password. Gone are worries about feet getting cut-off or skin being horribly burned. But I dunno if pacemakers are compatible with X-rays or not, so my thought may be moot...
I have been saying to friends of mine that the tattoo I'd probably get is one on the bottom of my (nondescript) foot that says:
FOR PROPER OPERATION THIS SIDE SHOULD FACE DOWN.
As for "Leftmost", yes, there are people without a left foot (my father is one). He lost it in a trolley accident many moons ago. Any more details would be leaking information. Thankfully he doesn't have a pacemaker (even at his advanced age).
What I know about ink is that it's susceptible to moisture. And what I know about the human body is that it produces a lot of moisture, in the form of sweat. Suddenly, that password can become unreadable quite fast. Especially if put on a foot (as in "under socks that retain moisture AND heat").
I also read the "been burned / in a fire" argument, which you need to take into consideration. How about a small connector under the skin, in the vicinity of the pacemaker (if the pacemaker is damaged, then the credentials are useless anyway, so that's the safest place to keep info: next to the pacemaker). Instead of surgery, it would require just a simple needle incision, Matrix style, but in the heart rather than the back of the head, and this needle would be used for talking to the device. When done, pop a plastic cap on the plug (this plastic cap should be penetrable with a needle) so when the skin regenerates it doesn't get in there, put a plaster on the incision point, and you're back to normal. That puncture will regenerate (or make good use of minor plastic surgery), cover the rubber plug and the pacemaker interface connector, and off you go.
As far as I can tell, Microsoft Research did anything but research in this matter.
Biting the hand that feeds IT © 1998–2019