Death By Caffeine

The first time I heard a shortened version of this teen dies from drinking too much caffeine story, I was a bit skeptical. Certainly people die from caffeine overdoses, but generally those occur when people mistakenly or intentionally ingest caffeine in pill or powdered form. Since caffeine is generally considered to be nausea-inducing in high dosages, fatal overdoses from drinking prepared products with caffeine are rare.

But the facts of this case are insane,

Davis Allen Cripe collapsed at a high school in April after drinking a McDonald’s latte, a large Mountain Dew soft drink and an energy drink in just under two hours, Gary Watts said.

. . .

Most energy drinks contain a caffeine equivalent of three cups of coffee and as much as 14 teaspoons of sugar, the AAP says.

Davis may have consumed about 470mg of caffeine in just under two hours, based on statistics from the website caffeineinformer.com.

It says a McDonald’s latte has 142mg of caffeine, a 570ml (20oz) Mountain Dew has 90mg, and a 450ml (16oz) energy drink can have as much as 240mg.

If you go look at claims about safe caffeine usage, generally you’ll find credible authorities arguing that adults can consume about 400mg per day with no ill effects. Consuming more than 400mg per day is sometimes associated with people feeling jittery, restless or anxious. Actual data on fatal oral doses of caffeine is limited, but some estimates put it at 150 to 200 mg/kg.

Personally, I wouldn’t want to exceed more than 500mg/day–which is essentially what this young man consumed in less than two hours.

One of the things I wish manufacturers would do is more clearly label how much caffeine is in a product–both the mg of caffeine per serving and the total caffeine content. It is absurd to see caffeine-containing drinks, for example that say “30mg per serving” but a single can turns out to have 3 or 4 servings.

Why We Can’t Have Secure Things

On May 12, the WannaCry ransomware began spreading across Europe, with its most high profile victim begin the UK’s National Health System. It was widely reported that the NHS was hit hard, in part, because it was still relying on Windows XP for a large part of its infrastructure.

On May 14, someone Tweeted this article into my timeline disputing that. According to Matthew Schwartz writing at HealthCareInfoSecurity.com,

Based on new information, however, part of the problem appears to be that many NHS trusts didn’t pay for extended Windows 7 support.

“I think what is also becoming clear is that the NHS impact was a result of lack of patching Windows 7 rather than outdated XP,” Alan Woodward, a professor computer security at the University of Surrey, and a cybersecurity adviser to the EU’s law enforcement intelligence agency, Europol, tells Information Security Media Group.

“If this is the case then it shows that there is a lack of resources across the NHS IT estate,” he adds.

Interesting news, but I want to point something about the website posting this information. Although it is dedicated to covering infosec in health care, the site itself can’t be bothered to use SSL on its website.

Which is bad enough because it would open users of the website to trivial MITM attacks. But it gets worse. You an apparently pay these yahoos for a premium version of their offerings. And, of course, the login page for account access doesn’t use SSL either.

Part of the issue with infosec in large organizations is these sort of pretenders who can’t be bothered to implement the most basic of security measures and yet will try to convince the CIO or CEO that they need to direct part of your company’s infosec budget their way.