GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I wonder if anyone here mourns this deceased programmer named Barnaby Jack, as Black Hat conventioneers in Las Vegas hackers reportedly do, or whether LQ members who have an opinion are glad he's gone.
I had never heard of him, but I would not have wanted to know a man who was interested in whether one could kill people by hacking into their pacemakers or other medical devices. He was apparently about to announce his findings on the subject. In which case, his death may temporarily leave the world safer--until someone else like him takes up the question.
I didn't know what "Black Hat" was either, so I looked it up and found that it's the subtype of hacker who criminally hacks for fun. Probably nobody would admit to liking Jack or being his type of hacker.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
I'd rather somebody bring these things out into the open and force companies to hacker-proof things like ATMs and pacemakers.
You may want to live in ignorance in a world where only criminals intent on murder or money jack but I'd rather live in one where information is free.
I feel that my apprehension at the prospect of pacemakers being hacked doesn't warrant suggesting I want to live in ignorance. I definitely would not like to see this information disseminated because it would pressure the device designers to hack-proof them--that's a rationalization. Especially because if there even is such as thing as hacker-proofing, it's strictly temporary. Skilled hackers defeat the proofing in an endless cycle.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Somebody out there is hacking these things. Either you hear about it at Black Hat because somebody like Barnaby Jack tells you or you don't hear about it and people die because their pacemakers stop mysteriously and nobody is allowed to tell you why.
If Barnaby Jack wanted to kill people or steal from ATMs he would have been doing that and you wouldn't know about it. Would that really have made you feel safer?
I didn't know what "Black Hat" was either, so I looked it up and found that it's the subtype of hacker who criminally hacks for fun. Probably nobody would admit to liking Jack or being his type of hacker.
Sorry, that is in my opinion wrong. You'll get lots of different definitions of what a 'white hat', 'grey hat' and 'black hat' hacker really means, but 'white' is 'good', 'black' is 'bad' and grey is between white and black.
You can think of it in terms of old westerns- the 'black hat' is the bad guy and 'white hat' is the good guy. Black hat hacking is doing it for personal gain or maliciousness.
Hacking for fun is something that pretty much all the 'hats' do. As far as software exploits go, the difference is what the intended goals are, and what is done with any vulnerabilities exposed.
*edit- and if you look around, you will find refernces to Barnaby Jack being a white hatter-
Quote:
Barnaby Jack could kill a man by computer from 30 feet away, but he never would.
The renowned 35-year-old hacker, who revolutionized bank and medical device security, died on Thursday in San Francisco. According to the San Francisco Police, officers responded to a call that evening after his body was discovered by a loved one. The San Francisco medical examiner has not determined a cause of death.
The New Zealand native was the best kind of hacker, a “white hat” whose mission to identify vulnerabilities in systems wasn’t meant to wreak havoc, but to effect change in technology safety and security.
I would not be suprised if the whole 'Barnaby Jack = black hatter' is mostly due to his going to black hat hacking conferences. With an added dash of 'OMG he was doing what with medical equipement?' From what I've seen of major corporations, sometimes just telling the company(ies) involved that there is a security issue in a quiet and discrete way means nothing changes. Maybe thats just my cynicism comign out.....
Somebody out there is hacking these things. Either you hear about it at Black Hat because somebody like Barnaby Jack tells you or you don't hear about it and people die because their pacemakers stop mysteriously and nobody is allowed to tell you why.
If Barnaby Jack wanted to kill people or steal from ATMs he would have been doing that and you wouldn't know about it. Would that really have made you feel safer?
People not knowing why the pacemakers stopped is one thing, but if people found out, why would they not be allowed to report why?
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by newbiesforever
People not knowing why the pacemakers stopped is one thing, but if people found out, why would they not be allowed to report why?
Because then it could be repeated. Otherwise why not let the information out now rather than letting somebody die before doing so?
Or, more likely, because either nobody will know or those that do will use it against others or, if they work for a medical company, bury it in fear of shareholder value falling.
Sorry, that is in my opinion wrong. You'll get lots of different definitions of what a 'white hat', 'grey hat' and 'black hat' hacker really means, but 'white' is 'good', 'black' is 'bad' and grey is between white and black.
You can think of it in terms of old westerns- the 'black hat' is the bad guy and 'white hat' is the good guy. Black hat hacking is doing it for personal gain or maliciousness.
Hacking for fun is something that pretty much all the 'hats' do. As far as software exploits go, the difference is what the intended goals are, and what is done with any vulnerabilities exposed.
*edit- and if you look around, you will find refernces to Barnaby Jack being a white hatter-
I would not be suprised if the whole 'Barnaby Jack = black hatter' is mostly due to his going to black hat hacking conferences. With an added dash of 'OMG he was doing what with medical equipement?' From what I've seen of major corporations, sometimes just telling the company(ies) involved that there is a security issue in a quiet and discrete way means nothing changes. Maybe thats just my cynicism comign out.....
I already read that WP article. Even if Jack had had altruistic motives, he would be insanely irresponsible to tell anyone but the device manufacturers and security companies about any vulnerabilities--but that's reportedly exactly what he planned to do.
Sorry, that is in my opinion wrong. You'll get lots of different definitions of what a 'white hat', 'grey hat' and 'black hat' hacker really means, but 'white' is 'good', 'black' is 'bad' and grey is between white and black.
You can think of it in terms of old westerns- the 'black hat' is the bad guy and 'white hat' is the good guy. Black hat hacking is doing it for personal gain or maliciousness.
Hacking for fun is something that pretty much all the 'hats' do. As far as software exploits go, the difference is what the intended goals are, and what is done with any vulnerabilities exposed.
*edit- and if you look around, you will find refernces to Barnaby Jack being a white hatter-
I would not be suprised if the whole 'Barnaby Jack = black hatter' is mostly due to his going to black hat hacking conferences. With an added dash of 'OMG he was doing what with medical equipement?' From what I've seen of major corporations, sometimes just telling the company(ies) involved that there is a security issue in a quiet and discrete way means nothing changes. Maybe thats just my cynicism comign out.....
I already read that WP article. Even if Jack had had altruistic motives, he would be insanely irresponsible to tell anyone but the device manufacturers and security companies about any vulnerabilities--but that's reportedly exactly what he planned to do.
I know moral issues are usually complex. There are surely no good guys here. Certainly not the black hatters. (Say, I wonder whyy it's not "black hackers.") Tell me most hackers won't get drunk on a sense of power.
Last edited by newbiesforever; 08-05-2013 at 03:09 PM.
People not knowing why the pacemakers stopped is one thing, but if people found out, why would they not be allowed to report why?
He wasnt stopping pacemarkers, he demonstrated using them to deliever fairly high voltage shocks.
That would not be what I would do if I wanted to kill someone..it would be far better to use it at a normal voltage level but change the pattern so that it caused a heart attack. That would look like some sort of failure rather than something underhanded.
Provided that the hacker cleaned out any connection logs (and I have no idea if pacemarkers would even have them) it would be very difficult to impossible for a ME to even know what caused the problem, let alone report the cause.
If some dodgy pacemarker (or other medical hacking method) murder method was used, as far as I know the only thing that could stop it being reported would be pressure from the medical companies.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by newbiesforever
I already read that WP article. Even if Jack had had altruistic motives, he would be insanely irresponsible to tell anyone but the device manufacturers and security companies about any vulnerabilities--but that's reportedly exactly what he planned to do.
So you'd rather vulnerabilities were hidden until used by an attacker?
No corporation will bother to fix something not cutting into their bottom line. The scenario in Fight Club where automotive companies calculate the cost of repair of a defect and the cost of the law suits if they don't may be a little contrived but it's not far off the mark.
The criminals here are the corporations allowing equipment like pacemakers and insulin pumps to be sold with no protection whatsoever. That, right there, is criminal negligence in my book and there is no way in hell they would admit it without a push.
I already read that WP article. Even if Jack had had altruistic motives, he would be insanely irresponsible to tell anyone but the device manufacturers and security companies about any vulnerabilities--but that's reportedly exactly what he planned to do.
I didnt post a link to the WP (washingtonpost) but to thedailybeast.com
Reportedly? We dont know..and never will know..exactly what he was going to tell people in his presentation. All we know for sure it that he was schedlued to make a presentation "in which he would demonstrate shortcomings in medical devices like pacemakers and defibrillators."
Considering this-
Quote:
In a 2012 speech to at the BreakPoint security conference in Melbourne, Jack actually demonstrated this type of “anonymous assassination” by reverse-engineering a pacemaker transmitter that could deliver deadly electric shocks. A video of the demonstration isn’t available because Jack didn’t want to reveal the name of the manufacturer and put anyone in danger
I doubt he was going to create a step by step 'this is how you kill with a pacemarker' wiki page.
Quote:
Originally Posted by newbiesforever
There are surely no good guys here. Certainly not the black hatters. (Say, I wonder whyy it's not "black hackers.") Tell me most hackers won't get drunk on a sense of power.
There are good guys.
Its debateable if Barnaby Jack was a 'good guy' or not, but to make a blanket statement that the are 'no good guys' either shows a lack of knowledge, or a biased position.
After all, a large proportion (I'd say almost everyone) who is involved with coding linux, BSD and FOSS software has been called a hacker at some point.....
Quote:
Originally Posted by 273
No corporation will bother to fix something not cutting into their bottom line. The scenario in Fight Club where automotive companies calculate the cost of repair of a defect and the cost of the law suits if they don't may be a little contrived but it's not far off the mark.
Ford Pinto.
Quote:
Ford knows the Pinto is a firetrap, yet it has paid out millions to settle damage suits out of court, and it is prepared to spend millions more lobbying against safety standards. With a half million cars rolling off the assembly lines each year, Pinto is the biggest-selling subcompact in America, and the company's operating profit on the car is fantastic. Finally, in 1977, new Pinto models have incorporated a few minor alterations necessary to meet that federal standard Ford managed to hold off for eight years. Why did the company delay so long in making these minimal, inexpensive improvements?
Ford waited eight years because its internal "cost-benefit analysis," which places a dollar value on human life, said it wasn't profitable to make the changes sooner.
The Pinto Memo was a short document which included a cost-benefit analysis weighing the cost of an $11 per car fix against the cost of settling cases where the flaw caused death or injury.
Benefit:
Burn Deaths Burn Injuries Burn Vehicles
Savings 180 180 2100
Unit Cost $200,000 $67,000 $700
Sub-Totals $36,000,000 $12,060,000 $1,470,000
Total Cost $49 million
Risks:
Car Sales Light Truck Sales
Sales 11,000,000 15,000,000
Unit Cost $11 $11
Sub-Totals $121,000,000 $16,500,000
Total Cost $137 million
I'm not offended, but think that between you quasi-insulting me (have we even met?) and your rage toward corporations (they merely annoy me), I should duck out of this thread or at least not post anymore. Goodbye.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by cascade9
Ford Pinto.
Thanks for the info -- I'd heard about that but not realised it really was that criminally negligent. I'd thought it was just not very good and exaggerated in anecdotes for effect.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by newbiesforever
I'm not offended, but think that between you quasi-insulting me (have we even met?) and your rage toward corporations (they merely annoy me), I should duck out of this thread or at least not post anymore. Goodbye.
Did you read about the Pinto? I find it hard not to be appalled at such things and, rest assured, it is a legal mandate that corporations behave in that way.
This isn't rage -- this is an understanding that corporations are set up to be psychopaths. It's a pretty well-accepted view.
I don't hate corporations, personally (I work for a huge one), but I don't trust them at all and think law and independent researchers, whistle blowers and the like are needed to keep them in check.
I don't like criminal hackers either but actual criminal hackers tend to keep quiet about their results.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
