OSNews

This problem is well known to me due to my work. There are hospitals where you just need to plug your laptop into the LAN outlet in the wall - you get an IP via DHCP without any authentification and can easily log into several machines ("network drives") without being prompted for a password. Using means like ethereal, tcpdump and ping -f, a hacker could do really bad things to such machines, starting from blocking their data transfers, copying data and destroying it (and maybe the backups on accessible NAS, too) up to installing malware and abusing the clinic's IT systems to spread spam.

One thing I miss in nubmer 10 of the list is that "Windows" is also used in ICUs (intensive care units). This is highly dangerous! As it has been mentioned in the discussion on another topic, the term "bluescreen of death" becomes a dangerous connotation here.

Maybe "Windows" is okay for client systems (that emulate an IBM 3270 dialog client in worst case) or data postprocessing, but for critical systems, it's simply too dangerous.

Regarding updates in "Windows": Due to the advertizing by MICROS~1 people do really believe that they do not need to do system administration, including considerations what to install and what not to install, when to get updates and how to install them. They believe that "Windows" does everything by itself, because it is so "user friendly" and does your thinking. Another opinion is that you can save money by not hiring a professional to take care of the IT infrastructure. Why? You can do this on your own, just by clicking! The result: Out there in Germany's medical system there are many old "Windows NT" and "Windows XP" (the most common ones) out there that didn't see any updates since the date of their release. And nobody cares...



And for a cardiac pacemaker? "Hold the installation DVD against your breast and click your nose to install. If you are near a WLAN entry spot, just raise your finger to get the updates." :-)