via the always informative Catalin Cimpanu, writing at ZDNet, comes the anticipated TLS Certificate renewal failures for at least 80 United States federal websites due to the federal government shutdown. Color us a bright shade of completely not surprised.
"In the end, nothing good will come out of this shutdown. May it be a cyber-attack that goes undetected or agencies losing cyber-security personnel leaving for the private sector, the ripple effects of this shutdown will haunt agencies for months or years to come." - via Catalin Cimpanu, writing at ZDNet, comes news of federal website TLS Certificate renewal failures.
465,000. The number of Abbott manufactured pacemakers that require software updates due to life-threatening vulnerabilities resident within installed software packages. Coupled with easy accessibility via the interwebs, another example of incompetent software engineering in the manufacturing process? No, just a jarring welcome to the Internet of Shite. The United States Food and Drug Administration's announcement ordering a recall and detailing the flaws came as no real surprise:
via the FDA Announcement: Abbott's (formerly St. Jude Medical's) implantable cardiac pacemakers, including cardiac resynchronization therapy pacemaker (CRT-P) devices, provide pacing for slow or irregular heart rhythms. These devices are implanted under the skin in the upper chest area and have connecting insulated wires called "leads" that go into the heart. A patient may need an implantable cardiac pacemaker if their heartbeat is too slow (bradycardia) or needs resynchronization to treat heart failure. The devices addressed in this communication are the following St. Jude Medical pacemaker and CRT-P devices:
- Accent MRI
- Accent ST
Meanwhile, in incompetent application security testing news, comes this astonishing example of blatant coding stupidity - Microsoft Corporation's (NasdaqGS: MSFT) crack team of questionable-capability-developers (have these people heard of fuzzers?) unleashed a deeply flawed Windows Defender product on millions of customers.
As luck would have it (if you believe in that sort of thing), the product was just patched months after the faulty codebase was wrapped-up-all-pretty-like. The flaw was discovered by security researcher Tavis Ormandy of Google Project Zero fame; his report (and closure of same) on 2017/06/23 is today's proof - at the very least - there are Security Researchers Doing The Right Thing.