On 11/07/2006, at 4:11 PM, Greg Twyford wrote:
Nor, I'm afraid, some software vendors and support organisations.
One definitely, possibly two, that I know of routinely install the
freeware version of VNC on their customers PCs. A recent case
positively confirmed that they were doing it without informing the
customer at all, let alone informing them of the potential risks.
Well, I see your point but this is also a sign of them providing a
level of support at a desktop level, going the extra mile so to
speak, but probably without much security knowledge.
My protests, as a third party technician, about their behaviour in
another case were greeted with considerable animosity. In that
instance the practice had no idea of what they were doing either.
Who was it? When I was at Totalcare, VNC installations were standard
practice but this was several years ago, they were not accessible
from the outside world and the practice was aware of what it was.
Prior to windows firewall, it was trivial to push VNC onto a host if
you had domain administrative credentials, as software companies
often do.
The new practice accreditation standards will treat us all to the
spectacle of surveyors, who may be well qualified as doctors or
practice managers, but totally unqualified in IT, determining the
adequacy of practices' information security procedures.
I'm really looking forward to that.
Me too, in fact I'm talking to a HR expert about providing a service
to help practices get ready for and pass accreditation (the new
standards are mainly concerned with HR and IT). I can't beat them so
I'm thinking about joining them.
Peter.
_______________________________________________
Gpcg_talk mailing list
[email protected]
http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
