"The critical firmware flaws came to light last year in an advisory that was sponsored by an investment that was betting against the stock of St. Jude, which was formally acquired by Abbott Laboratories in January. In the two days following the disclosure by investment firm Muddy Waters, St. Jude's stock price fell 12 percent. At the time, St. Jude issued a statement saying the Muddy Waters report was "false and misleading.""
This reminds me of the plot of Casino Royal where the villains short the stock of an airline / airplane manufacturer, then attempt to blow up the plane they are showing off to force the stock to sink. That is some questionable ethics, then again the investment firm is called "Muddy Waters" haha.
Muddy Waters is a famous research shop that specializes in exposing fraud or fishy accounting. They can spend years on a single thesis. They have tanked many companies who went out of their way to mislead investors.
Would love more details, since shorting a stock when you know about a critical product vulnerability sounds like "material nonpublic information" to me which would make this insider trading.
I wonder if this is more along the line of finding an exposed database in the wild, or tracking down OEM suppliers and buying samples.
It's hard to love people doing this, because they could have disclosed this privately, but I think it _is_ fair to impose a high cost on not ensuring security, and this is one way of doing that.
I wonder if there is a movie where a medical device company sells hundreds of thousands of remotely accessible life critical devices but doesn't really give a shit about security.
Germany had the highest reported rate of new implants for any country in the study, at almost 1/1000 just in 2009. In the US that would be 300,000 per year just in new devices, and based on the study's aggregate reporting we could guess another 1/3 for replacement devices - 400,000 new devices per year as a high guess.
There's probably better info in the article but I don't have journal access and don't want to spend $6 to get it for this article.
Hi, your pacemaker has been encrypted. It will continue to set your heartrate to this message in morse-code- unless you transfer 3 Bitcoins to the following wallet:
For more precise instructions on how to transfer Bitcoin, visit your local ER.
16 comments
[ 3.1 ms ] story [ 40.8 ms ] threadThis reminds me of the plot of Casino Royal where the villains short the stock of an airline / airplane manufacturer, then attempt to blow up the plane they are showing off to force the stock to sink. That is some questionable ethics, then again the investment firm is called "Muddy Waters" haha.
I wonder if this is more along the line of finding an exposed database in the wild, or tracking down OEM suppliers and buying samples.
It's hard to love people doing this, because they could have disclosed this privately, but I think it _is_ fair to impose a high cost on not ensuring security, and this is one way of doing that.
You have to agree to some ... interesting ... terms of use including not to distribute the link above, but I guess that ship has sailed.
You're free to discover flaws in products and trade ahead of announcing them.
I would have guessed the total number needing a pacemaker at all would be less than this rate (1/500).
In 2009 alone, doctors implanted ~225,000 pacemakers in the US: https://www.ncbi.nlm.nih.gov/pubmed/21707667
Germany had the highest reported rate of new implants for any country in the study, at almost 1/1000 just in 2009. In the US that would be 300,000 per year just in new devices, and based on the study's aggregate reporting we could guess another 1/3 for replacement devices - 400,000 new devices per year as a high guess.
There's probably better info in the article but I don't have journal access and don't want to spend $6 to get it for this article.
For more precise instructions on how to transfer Bitcoin, visit your local ER.