Hacker News new | past | comments | ask | show | jobs | submit login

If you're talking about an MRI machine, and you put it on the goddamned internet, $300 is actually a pretty cheap security tutorial.



I imagine the infection zigzagged to get there. Something like:

1. A doctor opens an email on an office computer. Infection entrypoint from the internet.

2. The office computer worms it to a patient record server.

3. The patient record computer worms it to an MRI tech computer.

4. The tech computer worms it to the MRI itself. (If it's even hitting MRIs and not just tech computers.)

Each of the machines has a reason it needs to share files/data with the two layers it connects to, and there's no "bad" direct link. The worm exploited the filesharing mechanism.

A high security situation would probably implement a one-way upload from the MRI subsystem (machine + tech computer), but c'mon, lots of us work on networks with filesharing zigzags to penetrate deep in to them.


You do not need to put it on the Internet. It only needs to be connected to local network and it will be infected by someone connecting their laptop to it.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: