Full Disclosure mailing list archives
Re: McKesson Horizon Clinical Infrastructure (HCI) version 7.6/7.8/10.0/10.1 hardcoded passwords
From: Shawn Merdinger <shawnmer () gmail com>
Date: Wed, 21 Oct 2009 10:23:04 -0400
Hi Michael, On Wed, Oct 21, 2009 at 9:36 AM, Michael Krymson <krymson () gmail com> wrote:
Oh shit, accounting () mckesson com bounced, too! That must mean they don't even have any accounting!
Hehe...who knows? Maybe you needed to do @internal.mckesson.com ;-P Bringing this back to the issue at hand, a security POC at any vendor is, I suggest, a good thing (tm). As an fyi, and specifically pertaining to medical device security, some efforts are underway; and I humbly suggest that this community could make further recommendations. Please see the following: "Manufacturer Disclosure Statement for Medical Device Security" by the Healthcare Information and Management Systems Society (HIMSS) Healthcare Information and Management Systems Society (HIMSS) -- http://www.himss.org HIMSS Manufacturer Disclosure Statement for Medical Device Security -- http://www.himss.org/ASP/topics_FocusDynamic.asp?faid=99 "In light of increased focus on medical device security, the HIMSS Medical Device Security Work Group created the Manufacturer Disclosure Statement for Medical Device Security (MDS2)." -- http://www.nema.org/stds/hn1.cfm Direct PDF download of HIMSS/NEMA HN 1-2008 guidelines: http://www.jira-net.or.jp/commission/system/04_information/files/HN1_MDS2_final.pdf MDS2 Excel worksheet: http://www.nema.org/stds/complimentary-docs/upload/MDS2%20Worksheet.xls Cheers, --scm _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- McKesson Horizon Clinical Infrastructure (HCI) version 7.6/7.8/10.0/10.1 hardcoded passwords graphic7 (Oct 19)
- Re: McKesson Horizon Clinical Infrastructure (HCI) version 7.6/7.8/10.0/10.1 hardcoded passwords Shawn Merdinger (Oct 19)
- Re: McKesson Horizon Clinical Infrastructure (HCI) version 7.6/7.8/10.0/10.1 hardcoded passwords Rohit Patnaik (Oct 19)
- Re: McKesson Horizon Clinical Infrastructure (HCI) version 7.6/7.8/10.0/10.1 hardcoded passwords Michael Krymson (Oct 21)
- Re: McKesson Horizon Clinical Infrastructure (HCI) version 7.6/7.8/10.0/10.1 hardcoded passwords Shawn Merdinger (Oct 21)
- Re: McKesson Horizon Clinical Infrastructure (HCI) version 7.6/7.8/10.0/10.1 hardcoded passwords Shawn Merdinger (Oct 19)