[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] McKesson Horizon Clinical Infrastructure (HCI) version 7.6/7.8/10.0/10.1 hardcoded passwords
- To: Michael Krymson <krymson@xxxxxxxxx>
- Subject: Re: [Full-disclosure] McKesson Horizon Clinical Infrastructure (HCI) version 7.6/7.8/10.0/10.1 hardcoded passwords
- From: Shawn Merdinger <shawnmer@xxxxxxxxx>
- Date: Wed, 21 Oct 2009 10:23:04 -0400
Hi Michael,
On Wed, Oct 21, 2009 at 9:36 AM, Michael Krymson <krymson@xxxxxxxxx> wrote:
> Oh shit, accounting@xxxxxxxxxxxx bounced, too! That must mean they don't
> even have any accounting!
Hehe...who knows? Maybe you needed to do @internal.mckesson.com ;-P
Bringing this back to the issue at hand, a security POC at any vendor
is, I suggest, a good thing (tm).
As an fyi, and specifically pertaining to medical device security,
some efforts are underway; and I humbly suggest that this community
could make further recommendations.
Please see the following:
"Manufacturer Disclosure Statement for Medical Device Security" by the
Healthcare Information and Management Systems Society (HIMSS)
Healthcare Information and Management Systems Society (HIMSS) --
http://www.himss.org
HIMSS Manufacturer Disclosure Statement for Medical Device Security --
http://www.himss.org/ASP/topics_FocusDynamic.asp?faid=99
"In light of increased focus on medical device security, the HIMSS
Medical Device Security Work Group created the Manufacturer Disclosure
Statement for Medical Device Security (MDS2)." --
http://www.nema.org/stds/hn1.cfm
Direct PDF download of HIMSS/NEMA HN 1-2008 guidelines:
http://www.jira-net.or.jp/commission/system/04_information/files/HN1_MDS2_final.pdf
MDS2 Excel worksheet:
http://www.nema.org/stds/complimentary-docs/upload/MDS2%20Worksheet.xls
Cheers,
--scm
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/