lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 21 Oct 2009 10:23:04 -0400
From: Shawn Merdinger <shawnmer@...il.com>
To: Michael Krymson <krymson@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: McKesson Horizon Clinical Infrastructure
	(HCI) version 7.6/7.8/10.0/10.1 hardcoded passwords

Hi Michael,

On Wed, Oct 21, 2009 at 9:36 AM, Michael Krymson <krymson@...il.com> wrote:
> Oh shit, accounting@...esson.com bounced, too! That must mean they don't
> even have any accounting!

Hehe...who knows?  Maybe you needed to do @internal.mckesson.com ;-P

Bringing this back to the issue at hand, a security POC at any vendor
is, I suggest, a good thing (tm).

As an fyi, and specifically pertaining to medical device security,
some efforts are underway; and I humbly suggest that this community
could make further recommendations.

Please see the following:

"Manufacturer Disclosure Statement for Medical Device Security" by the
Healthcare Information and Management Systems Society (HIMSS)

Healthcare Information and Management Systems Society (HIMSS) --
http://www.himss.org

HIMSS Manufacturer Disclosure Statement for Medical Device Security --
http://www.himss.org/ASP/topics_FocusDynamic.asp?faid=99

"In light of increased focus on medical device security, the HIMSS
Medical Device Security Work Group created the Manufacturer Disclosure
Statement for Medical Device Security (MDS2)." --
http://www.nema.org/stds/hn1.cfm

Direct PDF download of HIMSS/NEMA HN 1-2008 guidelines:
http://www.jira-net.or.jp/commission/system/04_information/files/HN1_MDS2_final.pdf

MDS2 Excel worksheet:
http://www.nema.org/stds/complimentary-docs/upload/MDS2%20Worksheet.xls

Cheers,
--scm

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ