Browsed by
Tag: arp spoofing

Adding HSTS To Your Website

Adding HSTS To Your Website

So you’ve moved your website to use SSL/TLS and that’s it? Not quite! Your next step should to test your site and enable HSTS (HTTP Strict Transport Security). Testing via Qualys SSL Labs I *love* the SSL Labs server test from Qualys. It’s free and it does a fantastic job of testing (and subsequently grading) your website for cipher suites, protocols (SSL/TLS versions), etc. IMO, it should be one of the first checks performed after standing up a website and…

Read More Read More

Hacking HL7 Data Interfaces in Medical Environments: Attacking and Defending the Achille’s Heel of Healthcare

Hacking HL7 Data Interfaces in Medical Environments: Attacking and Defending the Achille’s Heel of Healthcare

This security research paper is the second of two examining the HL7 messaging standard, which is arguably the most fundamental flaw in healthcare IT. HL7 is used extensively for system-to-system communications and is in nearly every healthcare facility worldwide. The first paper is an overview of what can be done with stolen medical data, what HL7 is, as well as potential dangers inherent to HL7. The second paper moves beyond theory and is an in-depth, technical discussion on ways to…

Read More Read More

HL7 Data Interfaces in Medical Environments: Understanding the Fundamental Flaw in Healthcare

HL7 Data Interfaces in Medical Environments: Understanding the Fundamental Flaw in Healthcare

This security research paper is the first of two examining the HL7 messaging standard, which is arguably the most fundamental flaw in healthcare IT. HL7 is used extensively for system-to-system communications and is in nearly every healthcare facility worldwide. The first paper is an overview of what can be done with stolen medical data, what HL7 is, as well as potential dangers inherent to HL7. The second paper moves beyond theory and is an in-depth, technical discussion on ways to…

Read More Read More