Tag Archive for: improve

Suspect you have experienced a side effect or incident from a healthcare product? Submit a Yellow Card report to improve safety for everyone

/in


The eighth annual #MedSafetyWeek campaign has today (6 November 2023) been launched by the Medicines and Healthcare products Regulatory Agency (MHRA). Part of a global campaign involving 88 countries, the initiative runs from 6-12 November and aims to improve patient safety by encouraging reporting of any suspected side effects from medicines and adverse incidents associated with medical devices.

With this year’s theme being ‘Who can report?’, the campaign focuses on the key role that every patient, carer and healthcare professional has in reporting suspected side effects and adverse incidents with medical devices, and the positive impact this can have on patient safety. You don’t have to prove that the healthcare product caused the side effect or incident – just a suspicion is enough for you to submit a report.

This year’s campaign consists of an international collaboration involving 100 organisations spanning across 88 countries that operate their own national patient safety monitoring systems like the MHRA Yellow Card scheme. The purpose of safety monitoring is to gain information about new side effects and adverse incidents, to find out more about known ones, and, most importantly, to ensure the safest use of medicines and medical devices.

All healthcare products carry a risk of causing adverse reactions or incidents. The Yellow Card scheme is one of several robust measures used by the MHRA to continuously monitor the safety of medicines and medical devices once in clinical use to ensure their benefits continue to outweigh any risks. All healthcare product regulators operate systems to detect and analyse adverse reactions and incidents.

It is important that everyone submits a report to the Yellow Card scheme as soon as they suspect a side effect from a medicine or adverse incident associated with a medical device. This ensures that actions to reduce harm are based on the best available evidence and can improve safety for as many people as possible.

Dr Alison Cave, MHRA Chief Safety Officer, said:

“Every report made to the MHRA Yellow Card scheme counts. Yellow Card reports are vital in building more knowledge and understanding about the potential risks of…

Source…

It's Time to Improve Cybersecurity Awareness Amongst Discord Users – devmio

/in



It’s Time to Improve Cybersecurity Awareness Amongst Discord Users  devmio

Source…

America’s original hacking supergroup creates a free framework to improve app security

/in


Cult of the Dead Cow (cDc), a hacking group known for its activist endeavors, has built an open source tool for developers to build secure apps. Veilid, launched at DEF CON on Friday, includes options like letting users opt out of data collection and online tracking as a part of the group’s mission to fight against the commercialization of the internet.

“We feel that at some point, the internet became less of a landscape of knowledge and idea sharing, and more of a monetized corporate machine,” cDc leader Katelyn “medus4” Bowden said. “Our idea of what the internet should be looks more like the open landscape it once was, before our data became a commodity.”

Similar to other privacy products like Tor, cDc said there’s no profit motive behind the product, which was created “to promote ideals without the compromise of capitalism.” The group emphasized the focus on building for good, not profit, by throwing slight shade at a competing conference for industry professionals, Black Hat, held in Las Vegas at the same time as DEF CON. “If you wanted to go make a bunch of money, you’d be over at Black Hat right now,” Bowden said to the audience of hackers.

The design standards behind Veilid are “like Tor and IPFS had sex and produced this thing,” cDc hacker Christien “DilDog” Rioux said at DEF CON. Tor is the privacy-focused web browser best known for its connections to the “dark web,” or unlisted websites. Run as a non-profit, the developers behind Tor run a system that routes web traffic through various “tunnels” to obscure who you are and what you’re browsing on the web. IPFS, or the InterPlanetary File System, is an open-source set of protocols behind the internet, mainly used for file sharing or publishing data on a decentralized network.

The bigger Veilid gets, the more secure it will be as well, according to Rioux. The strength doesn’t come from the number of apps made on the framework, but by how many people use the apps to further the routing of nodes that make up the network. “The network gains strength by a single popular app,” Rioux said. “The big Veilid network is supported by the entire ecosystem not just your app.” In the…

Source…

Chrome Supports Key Pinning on Android to Improve Security

/in


Key pinning, a technique used to prevent an attacker from tricking a vulnerable certificate authority (CA) into issuing an apparently valid certificate for a server, is now used in Chrome for Android, version 106. This helps preventing man-in-the-middle attacks against Google services.

As Chrome security engineers David Adrian, Joe DeBlasio, and Carlos Joan Rafael Ibarra Lopez explain, key pinning was devised at Google as a response to real attacks seen in the wild, specifically an attack that targeted Google services in 2011.

Key pinning was born as an extension to the HTTP protocol, later deprecated, that enabled sending an HTTP header that tells user agents to “pin” cryptographic identities over a period of time.

During that time, user agents (UAs) will require that the host presents a certificate chain including at least one Subject Public Key Info structure whose fingerprint matches one of the pinned fingerprints for that host.

This effectively reduces the number of CAs that can authenticate the domain while the identity is pinned. While effective, key pinning has its own drawbacks. For example, if pins get out of date, there’s a risk of locking users out of a service, which leads to a number of good practices:

Whenever pinning, it’s important to have safety-valves such as not enforcing pinning (i.e. failing open) when the pins haven’t been updated recently, including a “backup” key pin, and having fallback mechanisms for bootstrapping.

These mechanisms are hard for individual sites to manage, say Google engineers, which, as mentioned, led to the RFC being deprecated. As a matter of fact, Google removed public key pinning from Chrome in 2017. But key pinning may still have its own use cases, including web browsers, automatic software updates, and package managers, where client and server are operated by the same entity.

Specifically, in Google’s case, thanks to the control that the company has on its browser, Chrome embeds pinned certificates (pins) for all Google properties. This means every HTTPS access is only authenticated through a key belonging to the embedded set of pins.

To fully understand what role key pinning plays into Chrome…

Source…