Author Topic: Expert: Healthcare.gov Security Risks Even Worse After ‘Fix’  (Read 946 times)

0 Members and 1 Guest are viewing this topic.

Offline Chieftain

  • AMF, YOYO
  • Hero Member
  • *****
  • Posts: 9,621
  • Gender: Male
  • Your what hurts??
Expert: Healthcare.gov Security Risks Even Worse After ‘Fix’
« on: December 04, 2013, 12:48:07 am »
Obamacare website more vulnerable to security breaches

http://freebeacon.com/expert-healthcare-gov-security-risks-even-worse-after-fix/

The Obamacare insurance marketplace is even more vulnerable to security breaches since the administration “fixed” Healthcare.gov, according to a cyber security expert.

Health and Human Services (HHS) released a progress report on Sunday following its self-imposed Nov. 30 deadline to repair the website, saying that the “team has knocked more than 400 bug fixes and software improvements off the punch list.”

The administration said that the “site capacity is stable at its intended level,” though the site continued to crash on Monday.

The eight-page report made no mention of the website’s numerous security flaws, which experts say put Americans’ personal information at risk.

“It doesn’t appear that any security fixes were done at all,” David Kennedy, CEO of the online security firm TrustedSec, told the Washington Free Beacon.

Kennedy said fundamental safeguards missing from Healthcare.gov that were identified by his company more than a month ago have yet to be put in place.

“There are a number of security concerns already with the website, and that’s without even actually hacking the site, that’s just a purely passive analysis of [it],” he said. “We found a number of critical exposures that were around sensitive information, the ability to hack into the site, things like that. We reported those issues and none of those appear to have been addressed at all.”

After warning Americans when testifying before Congress on Nov. 19 to stay away from Healthcare.gov, Kennedy now says the situation is even worse.

“They said they implemented over 400 bug fixes,” he said. “When you recode the application to fix these 400 bugs—they were rushing this out of the door to get the site at least so it can work a little bit—you’re introducing more security flaws as you go along with it because you don’t even check that code.”

“I’m a little bit more skeptical now, and I would still definitely advise individuals to not use the website because it’s definitely something that I don’t believe is secure and neither did the four individuals that testified in front of Congress,” Kennedy said. “I think there’s some major security concerns there around privacy and information, and they haven’t even come close to being addressed, and won’t be in the short term.”

Security exposures are not limited to the federal health exchange, but the 14 state marketplace websites as well. A breach has already been cited in Vermont, where a user was given access to another’s Social Security Number.

“That’s a whole other front of hacking,” Kennedy said. “That’s what’s actually going to contain all the sensitive information for residents in those states.”

“States are required to notify in the event of a breach, the federal government is not,” he added. “So in the event that Healthcare.gov gets compromised and all their information gets taken out of it they don’t have to notify anybody.”

Kennedy said the team working on Healthcare.gov is more likely to hide its security flaws than address them. When it was revealed that the most popular searches on the website were hack attempts—confirmed by entering a semicolon in the search bar—the website simply removed the tool.

“The top results were hacker attempts,” Kennedy said. “Their fix for it wasn’t, ‘Hey let’s restrict people from inputting malicious code into the website,’—because that’s how hackers break into websites—it was, ‘we’re just going to completely disable that entire function completely, and not even show the search results back.’”

CMS did not respond to requests for comment.

Offline Chieftain

  • AMF, YOYO
  • Hero Member
  • *****
  • Posts: 9,621
  • Gender: Male
  • Your what hurts??
Re: Expert: Healthcare.gov Security Risks Even Worse After ‘Fix’
« Reply #1 on: December 04, 2013, 12:52:47 am »
And Obama is "re-launching" Obamacare with a three week propaganda campaign to try and lure those loyal young dhimmies in to sign up and cough up their "fair share". 

Problem is, most of the Obammy voters always figured their "fair share" was zero, and in many cases among privileged minorities and young "single mothers" with multiple baby daddies, far less than zero thanks to things like Earned Income Credit, WIC, Rent assistance, heating assistance, ass-wiping assistance, etc....

The website was the easy part and that was FUBAR as soon as it opened.  The fit will really hit the shan after New Years when some of the more unsavory features of Obamacare will really kick in.


Online Bigun

  • Hero Member
  • *****
  • Posts: 51,331
  • Gender: Male
  • Resistance to Tyrants is Obedience to God
    • The FairTax Plan
Re: Expert: Healthcare.gov Security Risks Even Worse After ‘Fix’
« Reply #2 on: December 04, 2013, 12:58:26 am »
Quote
Obamacare website more vulnerable to security breaches

I wouldn't go within a mile of that thing with YOUR computer!
"I wish it need not have happened in my time," said Frodo.

"So do I," said Gandalf, "and so do all who live to see such times. But that is not for them to decide. All we have to decide is what to do with the time that is given us."
- J. R. R. Tolkien

Offline flowers

  • Hero Member
  • *****
  • Posts: 18,798
Re: Expert: Healthcare.gov Security Risks Even Worse After ‘Fix’
« Reply #3 on: December 04, 2013, 07:23:49 pm »
I wonder when it will come out that most who did go to the website now has their personel info stolen. Obama says the site is safe. What is going to happen when that info comes out?

2nd major lie about Obamacare by obama.  (yes I know all of what he says is a lie, but to LIV it will be a 2nd lie)