Three Take Advantage of Windows Flaws to Attack Hospital

Discussion in 'Computer Support' started by Au79, Feb 11, 2006.

  1. Au79

    Au79 Guest

    Au79, Feb 11, 2006
    #1
    1. Advertisements

  2. Au79

    Clued Weasel Guest

    Clued Weasel, Feb 11, 2006
    #2
    1. Advertisements

  3. Au79

    Rick Merrill Guest

    it takes two to tango ...
     
    Rick Merrill, Feb 11, 2006
    #3
  4. Au79

    Mitch Guest

    That's silly.
    You can't just dismiss the problems of the OS just because there are
    some ways around the problem -- the holes are still there and need to
    be protected.
    In other words, there can be more than one fool for any problem.
    Don't feel compelled to blame just one person.
     
    Mitch, Feb 12, 2006
    #4
  5. Au79

    Toolman Tim Guest

    In Mitch spewed forth:
    Any network left open to that kind of vulnerability has only it's
    administrators/operators to blame.
     
    Toolman Tim, Feb 12, 2006
    #5
  6. Au79

    Mitch Guest


    Really? No matter what OS they have, it's their fault, and the software
    producer can never be blamed in any way?

    I disagree strongly.
    Microsoft sold a product with significant problems in it. Who is to
    blame for that? Doesn't it make them necessarily included in ALL blame
    related to those problems?
    Worse, many are KNOWN problems, and things that could be fixed if
    Microsoft went to the effort. Yet they often don't bother.

    I'll give you an example of what I mean:
    Let's say a guy leaves his car unlocked, then someone steals it.
    He was negligent in not vigilantly protecting his property. But the
    CRIMINAL is the person that takes the car.
    Now, say the car was provided without any way to lock it. A normal car,
    it just doesn't come with locks. You would include the car maker in the
    blame, wouldn't you? You could say the owner is responsible for
    building in new locks, but that doesn't mean the car maker doesn't get
    any blame.

    So there are three people who contributed to the problem: the car
    maker, who provided no way to secure the car in spite of a known need
    to do so, the car thief, who committed the actual crime, and the
    negligence of the car owner.
    The thief is certainly the one who committed the crime. But if you
    extend the blame to the rest of the parties, it is silly to blame the
    owner and not the manufacturer.
     
    Mitch, Feb 12, 2006
    #6
  7. Au79

    Mistoffolees Guest



    Really? No matter what OS they have, it's their fault, and the software
    producer can never be blamed in any way?

    I disagree strongly.
    Microsoft sold a product with significant problems in it. Who is to
    blame for that? Doesn't it make them necessarily included in ALL blame
    related to those problems?
    Worse, many are KNOWN problems, and things that could be fixed if
    Microsoft went to the effort. Yet they often don't bother.

    I'll give you an example of what I mean:
    Let's say a guy leaves his car unlocked, then someone steals it.
    He was negligent in not vigilantly protecting his property. But the
    CRIMINAL is the person that takes the car.
    Now, say the car was provided without any way to lock it. A normal car,
    it just doesn't come with locks. You would include the car maker in the
    blame, wouldn't you? You could say the owner is responsible for
    building in new locks, but that doesn't mean the car maker doesn't get
    any blame.

    So there are three people who contributed to the problem: the car
    maker, who provided no way to secure the car in spite of a known need
    to do so, the car thief, who committed the actual crime, and the
    negligence of the car owner.
    The thief is certainly the one who committed the crime. But if you
    extend the blame to the rest of the parties, it is silly to blame the
    owner and not the manufacturer.[/QUOTE]

    Unfortunately, the liability for any fallout of the hacking
    belongs to the affected hospitals. In other words, the systems
    should not have been penetrated in the first place. Regulations
    that mandate the implementation of such protection have been in
    place for close to 10 months. In your example, the car owner
    should have known not to have bought a car without proper locks
    and, even with proper locks, would also have to install a backup
    anti-theft device, such as a fuel-pump cutoff switch.
     
    Mistoffolees, Feb 12, 2006
    #7
  8. Au79

    Toolman Tim Guest

    In Mitch spewed forth:
    Not so. If I, as a car owner with no locks knew that security was an issue,
    I would be the ONLY one remiss in not taking the initiative to secure my
    property. There is NO blame on the manufacturer. Like back in the early days
    of autos. They shipped without seat belts. Are they to blame for all the
    injuries that occured? Extending blame is not reasonable.

    If the system is open, it is the administrators of the network that are
    solely to blame - ESPECIALLY since so much is publicly known about the
    security issues in MS products. Knowing the problems exist should cause the
    administrators to be taking steps to prevent the exploitation. Just like if
    I park my car in a bad neighborhood, I'd better lock it and set the alarm.
     
    Toolman Tim, Feb 12, 2006
    #8
  9. Au79

    dogsBollix Guest


    actual case in point
    the gm/opel zafira has the spare wheel under the back of the car
    it's Very Easy to steal
    gm/opel know that but say theft is a "social" problem
    you can buy a lock for it for £30
    you know that
    so what do you do if the unlocked wheel gets nicked
    complain like hell to gm/opel and hope they will fit the lock for free ?
    or buy a lock so the new wheel doesn't get nicked ?

    or buy the lock BEFORE the wheel gets nicked and save yourself a lot of
    hassle ?

    dB
     
    dogsBollix, Feb 12, 2006
    #9
  10. Au79

    Zitty Guest

    Where did Microsoft come into this? Nowhere does it say that the hospital
    was running any particular OS.
     
    Zitty, Feb 12, 2006
    #10
  11. Au79

    Toolman Tim Guest

    In Zitty spewed forth:
    Well, you're right, of course. But honestly I'd have to say it was implied
    by the fact that the malware that infected the systems appear to be the
    typical adware type of crap that infects Windows boxes.
     
    Toolman Tim, Feb 12, 2006
    #11
  12. Au79

    Whiskers Guest

    The methods apparently used to take over the computers without alerting
    anyone to what was happening, would only work with Windows.
     
    Whiskers, Feb 12, 2006
    #12
  13. Au79

    Clued Weasel Guest

    Of course, the title of the thread refers to Xwindows :)
     
    Clued Weasel, Feb 12, 2006
    #13
  14. Au79

    Mitch Guest

    That's kind of my point -- restricting the liability to just the most
    immediate person in charge isn't going to solve anything, it's just
    making the prosecution easy. Microsoft still needs to be prosecuted as
    building in the problem.
    That does make the most immediate person in charge sound like he wasn't
    working very hard to protect them.
    So you would say that it is foolish to buy Microsoft? Certainly the
    second part is what people deal with today.. patching the weaknesses
    with protective tools.
     
    Mitch, Feb 13, 2006
    #14
  15. Au79

    Mitch Guest

    Yes, I should have specified in my analogy that security is not an
    obvious and completely well-known problem. I'm suggesting the same kind
    of mix as computers; that experts all know it and how to protect from
    it, but new users do nothing until something happens.
    People that don't know cars come with and without locks wouldn't know
    to look for this property, even though the manufacturer knows it is
    needed and should be provided by them at manufacture.

    I think we differ on the blame issue, though -- you say above that all
    blame rests on the person who is responsible for security to know how
    to fix the problems, and I am saying that the company making the
    product shares the blame because it is their product, they are required
    to provide a safe and reasonable product, and they know (even better)
    that security is a serious issue.
     
    Mitch, Feb 13, 2006
    #15
  16. Au79

    dogsBollix Guest

    you might want to check the EULA
    you don't BUY MS products
    you BUY a LICENCE to USE them "as seen",as is, flaws and all

    now that would be a slick pymamid selling idea
    forget the "put me on your mailing list"
    just sell licences for some crap software :)

    dB
    (ooops maybe i shouldn't be giving people ideas)
     
    dogsBollix, Feb 13, 2006
    #16
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.