Before yawning and clicking back on your browser consider this - how closely are you integrated into you hospitals plan?
This is particularly important when you consider the new generation of imaging devices coming into the market.
Wirelss DR, clustered rooms and mobile imaging are going to be hitting the market in a big way in 08'.
Consider the session I was lucky enough to attend yesterday. I saw the flyer for this a month ago and noticed wireless DR on the agenda.
If you know anything about wireless you know the dificulties in locking the AP down WEP and WEP2 encryption SSID broadcast etc. All these make it difficult for any one to get by but anyone with enough time and patience can simply sit and capture paeckets till they get enough data to piece together files, passwords or IP and MAC addresses. Admittedly, they would have to be dedicated and committed to the task but the threat is out there.
Think i'm crazy? well, i'm doing it now at a local coffee shop just to prove a point. Bad guy WarDrivers do it everyday and the last thing you want is your data (especially medical data) in the hands of a hacker. Furthermore, virtually every wirless expert would admit that even
"the most secure WLANs aren't 100% safe from the continuously evolving external threats that include espionage, identity theft and other attacks, such as denial-of-service and man-in-the-middle attacks."
I got a satellite pic from this computerworld article
"The satellite photograph on this page shows how radio signals from a single access point can travel several city blocks outside of a building. Without proper security measures for authentication and encryption, any laptop with a wireless card can connect with the network or eavesdrop on all network traffic across that access point from any area within the colored areas on the map"
Admittedly these are a couple of years old but a simple scan at the local coffe shop will show (below) the
plethora of AP's within walking distance and if one were so inclined, one could connect an capture a few packets -
Like this - using my OWN EQUIPMENT (i am not hacking!
Open your prefered packet sniffer and tune in the network you want to sniff.
Pick off a few thousand packets (about 5 minutes worth)
Notice the way etheral breaks down the packets nicely?
Copy the selected data and save it with your prefered extension...
here are the first few lines of the raw packet:
oo70 ff d8 ff e0 00 10 4a 46 49 46 MT..........JFIF
0080 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 09 .............C..
0090 06 07 08 07 06 09 08 07 08 0a 0a 09 0b 0d 16 0f ................
00a0 0d 0c 0c 0d 1b 14 15 10 16 20 1d 22 22 20 1d 1f ......... ."" ..
00b0 1f 24 28 34 2c 24 26 31 27 1f 1f 2d 3d 2d 31 35 .$(4,$&1'..-=-15
00c0 37 3a 3a 3a 23 2b 3f 44 3f 38 43 34 39 3a 37 ff 7:::#+?D?8C49:7.
00d0 db 00 43 01 0a 0a 0a 0d 0c 0d 1a 0f 0f 1a 37 25 ..C...........7%
00e0 1f 25 37 37 37 37 37 37 37 37 37 37 37 37 37 37 .%77777777777777
00f0 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 7777777777777777
0100 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 37 7777777777777777
0110 37 37 37 37 ff c0 00 11 08 00 5b 00 8d 03 01 22 7777......[...."
And the final product:
To be sure, its 'only' a jpeg - but wait, remember what standards dicom images are based on?
And you probably have a freeware dicom viewer on your machine too...
No comments:
Post a Comment