TechLetters #177 Ransomware vs UK healthcare (impact on care, treatment, blood testing). Apple AI transparency questions.
A ransomware attack by cybercriminals disrupted blood testing at London general practitioners and hospitals. Only 400 of 10,000 daily samples are processed, risking thousands of cancellations, including urgent cancer referrals. Many samples may be destroyed. That is a big problem which lead also to wasting of blood samples (tests, donations). Staff were called to donate blood (type 0), and take additional shifts. Such effects are exactly what I describe in my book Philosophy of Cybersecurity.
Security
Critical MS Outlook vulnerability with automatic code execution. “can be circulated from user to user and doesn’t require a click to execute … execution initiates when an affected email is opened”
Critical bug in Windows — wifi. It is possible to take control of the system via wifi. The user does not have to do anything. All he needs is for someone within range of his wifi to want to hack him. The attack is simple, repeatable, reliable. It worked for over 15 years. Now do wonder whether someone got to use this on a train ride or a business conference.
Privacy
Apple AI and its unclear controls. Apple's Private Cloud Compute (PCC) ensures security and privacy in AI processing by using custom-built server hardware and a specialized operating system with a narrow attack surface. PCC nodes handle user data solely for request fulfillment, deleting it post-processing. They exclude traditional server access tools, use RSA blind signatures for de-identified data, and prevent targeted attacks. The system uses custom operating system and is to be inspectable by researchers. Users apparently cannot (?) opt-out and it is unclear when remote server processing is in use. While trust is necessary, the system's technical design aims to be as best as possible.
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: