Thursday, October 16, 2014

Technology Inspired By Nature : New Medical Device

Dialysis and implanted arteries widely used in medical industry to keep people alive. The major concern with these devices are blood clotting and infection due to adhered pathogens. Clotting of blood was  handled by treating blood with anticlotinng agents like Heparin. But this method have its own risk;by interfering with clotting, they can cause potentially deadly bleeding.

The New Dialysis Device

Recently, researchers at the Wyss Institute for Biologically Inspired Engineering at Harvard University looked to the carnivorous pitcher plant for guidance. The plant’s structure includes wells with surfaces too slippery for insects to crawl out of. Those surfaces inspired the development of a coating so slippery that it prevents blood and bacteria from sticking.

The team tested the coating on the interiors of tubes and catheters attached to pigs. They demonstrated that the coating did not degrade, and that blood kept flowing without clotting, for eight hours. Blood usually starts to clot in tubes in an hour. The study is in the journal Nature Biotechnology. [Daniel C. Leslie et al, A bioinspired omniphobic surface coating on medical devices prevents thrombosis and biofouling]

The researchers also tested whether a gecko could latch onto the coating with its notoriously sticky footpads. But not even the gecko could get a grip. 

Liquid-infused, Porous Surface (SLIPS) approach

SLIPS was inspired by the Nepenthes pitcher plant, which uses a layer of liquid water to create a low friction surface that prevents attachment of insects. The SLIPS technology creates omniphobic slippery surfaces by infiltrating porous or roughened substrates with various liquid perfluorocarbons (LPs) that prevent adhesion to the underlying substrate through formation of a stably immobilized, molecularly smooth, liquid overlayer. However, existing medical-grade materials, such as polycarbonate, polysulfone and polyvinyl chloride (PVC), have highly smooth surfaces. Thus, to create nonadhesive, antithrombogenic surfaces that might be useful for clinical medicine in the near-term, we set out to modify the SLIPS technology so that it can be applied to these smooth surfaces. This was accomplished by covalently binding a flexible molecular perfluorocarbon layer, or tethered perfluorocarbon (TP), on the material surface and then coating it with a mobile layer of an LP (perfluorodecalin) that has been used extensively in medicine for applications such as liquid ventilation, ophthalmic surgery and as an US Food and Drug Administration (FDA)-approved blood substitute.

Anticlotting Medical Device : Inspired By Pitcher Plant


Google researchers announced  that it has discovered a vulnerability (referred to as POODLE) in SSL version 3.0. Bodo Möller of the Google Security Team found the issue along with fellow Googlers Thai Duong and Krzysztof Kotowicz. Makers of web browsers, including Google, are working on a fix.
The exploit first allows attackers to initiate a “downgrade dance” that tells the client that the server doesn’t support the more secure TLS (Transport Layer Security) protocol and forces it to connect via SSL 3.0. From there a man-in-the-middle attack can decrypt secure HTTP cookies. Google calls this the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack.
In other words, your data is no longer encrypted. Google researchers Bodo Möller, Thai Duong and Krzysztof Kotowicz recommend disabling SSL 3.0 on servers and in clients. The server and client will default to the more secure TSL and the exploit won’t be possible.

TLS_FALLBACK_SCSV And Chromium Patcha

For end users, if your browser supports it, disable SSL 3.0 support or better yet use tools that support TLS_FALLBACK_SCSV (Transport Layer Security Signalling Cipher Suite Value), it prevents downgrade attacks. Google says that it will begin testing Chrome changes that disable using SSL 3.0 fallback and it will remove SSL 3.0 support completely from all its products in the coming months. In fact, there’s already a Chromium patch available that disables SSL 3.0 fallback.

Mozilla's Plan

In response to today’s news, Mozilla plans to turn off SSL 3.0 in Firefox. “SSLv3 will be disabled by default in Firefox 34, which will be released on Nov 25,” said Mozilla in a post. The code to disable the protocol will be available tonight via Nightly.

SSL Version Control

Anyone interested in disabling SSL 3.0 right now can do so with the SSL Version Control add on for Firefox.
Introduced in 1996, SSL protocol is supposed to allow for communication without fear of eavesdropping because the information being shared is encrypted. When a client (browser, apps etc,) pings a server they engage in a security handshake that creates keys to encrypt and decrypt information sent back and forth.

Microsoft had this to say:

Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0. This is an industry-wide vulnerability affecting the SSL 3.0 protocol itself and is not specific to the Windows operating system. All supported versions of Microsoft Windows implement this protocol and are affected by this vulnerability. Microsoft is not aware of attacks that try to use the reported vulnerability at this time. Considering the attack scenario, this vulnerability is not considered high risk to customers.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

This POODLE bites: exploiting the SSL 3.0 fallback [Google]

SSL 3.0 The 18 year Old Vulnarebility : The POODLE

