lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <AANLkTik5Q8jjFsRFdzBcgnVyOZcbBGUp4DCQqZoYBbQP@mail.gmail.com>
Date: Fri, 13 Aug 2010 09:53:46 -0400
From: Jeffrey Walton <noloader@...il.com>
To: Caspian@...dom-interrupt.org
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Reliable reports on attacks on medical
 software and IT-systems available?

On Wed, Aug 11, 2010 at 10:48 PM,  <Caspian@...dom-interrupt.org> wrote:
> halfdog wrote:
>> Paul Schmehl wrote:
>>> --On Tuesday, August 10, 2010 21:03:35 +0000 halfdog <me@...fdog.net> wrote:

[SNIP]

>>>> * Medical personal in hospitals with high grade of IT-system usage are so
>>>> trained and skilled, so that they detect manipulation and no harm is done
>>>>
>>> Laughable.  Medical personnel wouldn't have a clue about whether their systems
>>> have been hacked.  Their IT staff *might*.
>>
>
> Most Radiology personnel would catch on to this pretty quickly- assuming
> it was meant to be a lethal attack. Pretty much any operator who has to
> train to the level these people do should be able to spot a lethal
> attack in progress, since the attack would cause the machine to behave
> erratically.
Like the Therac-25? "...it was involved with at least six accidents
between 1985 and 1987, in which patients were given massive overdoses
of radiation, approximately 100 times the intended dose... Three of
the six patients died as a direct consequence....." (
(http://en.wikipedia.org/wiki/Therac-25).

BTW, what is the difference in erratic behavior due to a software bug,
and erratic behavior due to an attacker?

> You need the equivalent of an associate's degree to be an
> x-ray tech where I am, at least, and I think it's the same for most of
> North America and Europe. Hospitals often have their own specialists who
> tend to train like pilots- a certain number of hours with a specific
> machine, and then retraining when it gets updated. IT staff are
> sometimes part of that group.
>
> [SNIP]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ