Re: dumb. Comcast pop-ups

[Jon Kibler <Jon.Kibler () aset com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jim Murray wrote:

> > The problem was given a more concrete example by a colleague who  
> > pointed out that most medical hardware running on windows boxes is not  
> > only certified for windows only, but specific *patchlevels*, and that  
> > consequently these machines can get restored, taken down, reinstalled,  
> > and put back on the net with known vulnerabilities because their  
> > software is certified with vulnerabilities intact.
>
> If I were to find any critical piece of medical hardware connected to
> the public internet it'd be very concerned indeed. Surely best practice
> dictates that clinical networks are kept isolated from the
> administrative networks & public internet?


Happens all the time. I have slammed several medical organizations that I have
audited that have major equipment accessible from the Internet (CT Scanners,
MRIs, etc.), because the doctors demand full remote access to the device, so
they can check images (etc.) from their home (or where ever). The dominant
attitude is "the doctors get what the doctors want."

Worse and even dumber, vendors want their equipment Internet accessible so they
can do remote diagnostics.

And don't even go do the "they should at least require a VPN" path. Too many
small medical organizations have outsourced their IT operations, and they do not
have the staff or competence to set up and maintain VPNs, add vendors and
doctors on the fly, etc. As one medical IT person put it a few years ago, "You
try to explain to a doctor over the telephone how to download, install, and
configure the VPN software on his home computer at 3AM."

So, we *definitely* have plenty of *stupid* out there, and with the big push for
electronic medical records (which I strongly favor, but let's not go there now
- -- and yes, all the issues associated with them terrify me!), the situation is
going to get *FAR* worse before it gets any better.

Jon
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-813-2924
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrRzvwACgkQUVxQRc85QlNn5QCgjkIhkPkd0Ku5pb+9cJK+gxKC
xKwAn39AFUp4c49Xh068Bfr6+8+64u95
=SgWn
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.