Both Medgadget and PsychCentral write about exploiting a vulnerability in physician-only site Sermo:
In the physician community, there’s been a fair amount of buzz about a physician’s-only community (or “social network,” if you prefer) called Sermo. I was curious as to how strong their registration system was to prevent non-physicians from subscribing to the service, which is free and open to all physicians that have either an M.D. or a D.O. (and a DEA prescribing number). So I asked a technology and security consultant friend of mine to check it out.His findings didn’t surprise me. It took him five minutes and only two tries to register a valid physician account at Sermo, even though he isn’t a physician. He used information freely available on the Internet to register as someone who was a legitimate physician.
Related posts:
- More Sermo and Pfizer
- Learning from Sermo
- The future of Sermo
- The AMA and Sermo break up, and how it’s getting ugly
- Medgadget keeps the pressure on Sermo
- How private are Sermo conversations?
- Physician shortages and national security
KevinMD.com on Facebook
Comments on this entry are closed.