Online:
Visits:
Stories:
Profile image
By ActivistPost (Reporter)
Contributor profile | More stories
Story Views

Now:
Last Hour:
Last 24 Hours:
Total:

Lose Your Plan, Lose Your Doctor, Lose Your Personal Data

Thursday, January 23, 2014 8:35
% of readers think this story is Fact. Add your two cents.

(Before It's News)

Obamacare Site “Alarmingly” Insecure, Expert Says

B4INREMOTE-aHR0cDovLzEuYnAuYmxvZ3Nwb3QuY29tLy1pSmIxd25nQ3ppVS9VdUUwMXA0dzJRSS9BQUFBQUFBQVlaVS9aNjB0Q2E2cS15Zy9zMTYwMC9vYmFtYS0xMDAxNTQyNDUtbGFyZ2UuanBnLily Dane
Activist Post

Top cyber security consultant David Kennedy has provided testimony to Congress that outlines “critical flaws” and “alarming security threats” on the Healthcare.gov website.

Last Sunday, Kennedy told Fox’s Chris Wallace that he was easily able to penetrate the healthcare exchange. He said he determined that he could gain access to 70,000 personal records of Obamacare enrollees.

He’s a security expert, so surely he used some tricks of the trade to crack the website, right?

Nope. Kennedy said it only took him about 4 minutes and a standard browser to access the information, and that he didn’t even have to hack the website:

“And 70,000 was just one of the numbers that I was able to go up to and I stopped after that,” he said. “You know, I’m sure it’s hundreds of thousands, if not more, and it was done within about a 4 minute time frame. So, it’s just wide open.” 

“You can literally just open up your browser, go to this, and extract all this information without actually having to hack the website itself,” he said.


Kennedy explained what he and other experts discovered about the lack of security on the exchange:

“What we learned was that they had rushed through what we call the software development life cycle where they actually build the application.” 

“So when you do that, security doesn’t really get integrated into it. And what happened with the rocky launch in October is they slapped a bunch of servers in trying to fix the website just to keep it up and running so that people could actually go and use it. The problem is they still didn’t imbed any security into it.” 

“It’s not just myself that’s saying this website is insecure, it’s also seven other independent security researchers that also looked at the research I’ve done and came to the exact same conclusion.”

Last Thursday, Kennedy told the House Science, Space and Technology Committee that nothing has changed since the November hearing on the site’s security issues:

HealthCare.gov is not secure today. I don’t understand how we’re still discussing whether the website is insecure or not. It is insecure – 100 percent.

Before the hearing, Kennedy told Reuters what is wrong with the site:

The government has yet to plug more than 20 vulnerabilities that he and other security experts reported to the government shortly after HealthCare.gov went live on October 1. Hackers could steal personal information, modify data, attack the personal computers of website users and damage the infrastructure of the site.

Teresa Fryer, the CMS chief information security officer, claimed that the Obamacare website underwent end-to-end security testing on December 18 and that all industry standards were met:

“The (federal marketplace) is secure. In many instances, we have gone above and beyond what is required, with layered protection, continuous monitoring and additional penetration testing,” Fryer said.

Darrell Issa, chairman of the House Oversight and Government Reform Committee, made an excellent point:

It seems to defy common sense that a website plagued with functional problems was, in fact, perfectly secure by design.

Lily Dane is a staff writer for The Daily Sheeple, where this first appeared. Her goal is to help people to “Wake the Flock Up!”



Source: http://www.activistpost.com/2014/01/lose-your-plan-lose-your-doctor-lose.html

Report abuse

Comments

Your Comments
Question   Razz  Sad   Evil  Exclaim  Smile  Redface  Biggrin  Surprised  Eek   Confused   Cool  LOL   Mad   Twisted  Rolleyes   Wink  Idea  Arrow  Neutral  Cry   Mr. Green

Top Stories
Recent Stories

Register

Newsletter

Email this story
Email this story

If you really want to ban this commenter, please write down the reason:

If you really want to disable all recommended stories, click on OK button. After that, you will be redirect to your options page.