Stunning story on how Netragard used social engineering to execute an irrecoverable infrastructure compromise against one of its healthcare customers.

nsa-customer-hacking-tools-seller-vupenWhat’s more interesting on this story is – probably Netragard is one of the “anti-hacking solution” provider of NSA.

Is it a coincidence? Who is Netragard?

Netragard is a security company that delivers anti-hacking services, including penetration testing, vulnerability assessments, web application security testing, and related functions.

Netragard is a Massachusetts firm that sold more than fifty exploits to private businesses and US government agencies in 2012 . Prices ranged from $20,000 to more than $250,000. The founder of Netragard, Adriel Desautels, revealed that some of the above exploits could be considered “weaponised.” That means that the exploits have been acquired by governments for offensive purposes or active defense.

Read more here – http://resources.infosecinstitute.com/classified-nsa-exploit-tools-radon-dewsweeper-work/

Continue reading

Open source PACS & DICOM from DCM4CHE

Screen shot 2013-04-24 at 10.12.28 AM

Last 2 weeks I have configured and played with dmc4che. Its a collection of open source application and utilities for the health care enterprise, PACS and DICOM has been used by hospital in Malaysia from government and pubic sector, 80% of them using PACS/DICOM standard. Its has been developed in Java language to achieve performance and portability, supporting deployment on JDK 1.4 and up. 

With integration few components I managed to run it at local server. 

 

In order to complete the test I have downloaded DICOM sample image from http://www.osirix-viewer.com/datasets/

You need to use dmcsnd, example;
./dcmsnd CDRECORD@127.0.0.1:10104 /home/senn/Downloads/GOUDURIX/GOUDURIX/ -L DCMSND:10104

Once you insert the sample image you can start to browse patient ID and so on.

Screen shot 2013-04-24 at 11.24.49 AM

Once you have all these, you can start to play with DICOM and PACS.

To search the PACS we use the DICOM command C-FIND. This command takes as an argument a DICOM object that represent a query. The PACS transforms the object that we send to a query, probably to SQL, runs it and then transform every result record back into a DICOM object and send it back to us in a C-FIND response. The PACS sends one C-FIND response for every result record.

To learn more, I found this very straightforward website to teach DICOM and PACS.

http://dicomiseasy.blogspot.com/