Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Healthcare.gov ‘may already have been compromised,’ security expert says
foxnews.com ^ | 11/19/2013

Posted on 11/19/2013 10:56:11 AM PST by RoosterRedux

Not only is healthcare.gov at risk, it may already have been compromised, a security expert testified before the Senate.

“Hackers are definitely after it,” said David Kennedy, CEO of information security firm TrustedSEC before a House Science, Space, and Technology committee hearing on security concerns surrounding the problematic Healthcare.gov website.

“And if I had to guess, based on what I can see … I would say the website is either hacked already or will be soon.”

One key problem facing Healthcare.gov is that security wasn’t built into the site from the very beginning, he said -- an opinion shared by both Kennedy and Fred Chang, the distinguished chair in cyber security at Southern Methodist University.

“There’s not a lot of security built into the site, at least that’s what we can see from a 10,000 foot view,” Kennedy told the committee.

(Excerpt) Read more at foxnews.com ...


TOPICS: News/Current Events
KEYWORDS: fusterclick; healthcaredotgov
Navigation: use the links below to view more comments.
first previous 1-2021-4041-59 next last
To: Paladin2

Winner winner! Post of the day!


21 posted on 11/19/2013 11:56:27 AM PST by Personal Responsibility (Government: Slimy used car salesmen writing laws forcing you to buy their cars)
[ Post Reply | Private Reply | To 12 | View Replies]


Support Free Republic.
Thank you!

22 posted on 11/19/2013 11:56:51 AM PST by RedMDer (Happy with this, America? Make your voices heard. 2014 is just around the corner. ~ Sarah Palin)
[ Post Reply | Private Reply | View Replies]

To: RoosterRedux; GeronL

Sounds like a backpedal from the claims earlier this week that it was being DDOS attacked by right wing zealots.


23 posted on 11/19/2013 12:05:49 PM PST by a fool in paradise (America 2013 - STUCK ON STUPID)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lazamataz

Just from that I can deduce without any tools that there are severe Sql Injection issues, probably XML injection and cross-site scripting vulnerabilities too.

And that is just on a visual inspection. An hacker with the simplest of tools (Burp, Web Scarab, paros, etc.) could find myriad infiltration pathways in a matter of minutes.


24 posted on 11/19/2013 12:12:20 PM PST by commish (The takers rule. Time to implement the triple G plan - GOD, GUNS, & GOLD)
[ Post Reply | Private Reply | To 8 | View Replies]

To: RoosterRedux

“One key problem facing Healthcare.gov is that security wasn’t built into the site from the very beginning, he said — an opinion shared by both Kennedy and Fred Chang, the distinguished chair in cyber security at Southern Methodist University.”

Normally, I wouldn’t have believed this . . . however, now . . .


25 posted on 11/19/2013 12:15:49 PM PST by A_Former_Democrat ("I was all for Obamacare until I found out I was paying for it,")
[ Post Reply | Private Reply | To 1 | View Replies]

To: RoosterRedux
“Hackers are definitely after it,” said David Kennedy, CEO of information security firm TrustedSEC before a House Science, Space, and Technology committee hearing on security concerns surrounding the problematic Healthcare.gov website.

"Think they'll listen to him?"

"No way! Now, mirror those servers to ours"


26 posted on 11/19/2013 12:18:14 PM PST by COBOL2Java (I'm a Christian, pro-life, pro-gun, Reaganite. The GOP hates me. Why should I vote for them?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Tekgeek

Let me sum up this PDF for those without the time / technical background to read and understand what’s being said:

If you value your identity, stay off Healthcare.gov


27 posted on 11/19/2013 12:26:23 PM PST by Personal Responsibility (Government: Slimy used car salesmen writing laws forcing you to buy their cars)
[ Post Reply | Private Reply | To 16 | View Replies]

To: RoosterRedux
One key problem facing Healthcare.gov is that security wasn’t built into the site from the very beginning...

Oh, that? We forgot about that.

“It’s not only social security numbers … it’s one of the largest collections of personal data, social security and everything else, that we’ve ever seen,” Kennedy said.

Well, heck, who would be interested in that?

The bad news is that your medical and tax records are now in the hands of a 12-year-old North Korean hacker. The good news is he's your heart surgeon.

28 posted on 11/19/2013 12:27:33 PM PST by Billthedrill
[ Post Reply | Private Reply | To 1 | View Replies]

To: RoosterRedux

IBT ‘IATHF’ (It’s All The Hackers’ Fault!)


29 posted on 11/19/2013 12:32:40 PM PST by golas1964
[ Post Reply | Private Reply | To 1 | View Replies]

To: Billthedrill
Just wait until you have to list the entire contents of your "arsenal" and have it verified by a BATFE home invasion inspection before getting a band-aid out of the ER nurse.
30 posted on 11/19/2013 12:33:17 PM PST by Paladin2
[ Post Reply | Private Reply | To 28 | View Replies]

To: A_Former_Democrat
“One key problem facing Healthcare.gov is that security wasn’t built into the site from the very beginning, he said — an opinion shared by both Kennedy and Fred Chang, the distinguished chair in cyber security at Southern Methodist University.”

Normally, I wouldn’t have believed this . . . however, now . . .

As the Obamacare disaster grows more legs than a caterpillar, I am coming to the conclusion that this is the end of Obama.

He looks like an unplugged idiot--unaware, uncaring, indifferent, and just plain incompetent. And on top of that, he's a shameless liar.

Put a fork in him...he's done.

31 posted on 11/19/2013 12:44:32 PM PST by RoosterRedux (The only true wisdom is in knowing you know nothing -- Socrates)
[ Post Reply | Private Reply | To 25 | View Replies]

To: commish

Wow! You’re not kiddin.

Don’t go near it.


32 posted on 11/19/2013 12:46:01 PM PST by Ray76
[ Post Reply | Private Reply | To 24 | View Replies]

To: Buckeye McFrog

Funny how close this hole Deathcare episode is to a Dilbert cartoon. Dilbert’s Elbonians clearly have been the contractors in setting it up. The entire country of Elbonia, for you non-Dilbert types, is covered in knee-deep mud and the Elbonians are totally incompetent at everything. Their main attraction is that they work cheap and that, folks, is the only difference I can see so far between them and the Kenyan’s bunch. And maybe what Washington DC is knee-deep in? I don’t recall any episodes where the Elbonians set up a health insurance system but I expect Dilbert will be on it.


33 posted on 11/19/2013 12:52:46 PM PST by cherokee1 (skip the names---just kick the buttz)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Lazamataz

OMG!!!!!!!!!!!!!!!!!!!!!!!!


34 posted on 11/19/2013 12:56:55 PM PST by Mr. K
[ Post Reply | Private Reply | To 8 | View Replies]

To: RoosterRedux

This site looks like something that a bunch of high-schoolers threw together in a weekend of all-nighters

How they managed to spend $680million on this is unbelievable


35 posted on 11/19/2013 12:58:13 PM PST by Mr. K
[ Post Reply | Private Reply | To 1 | View Replies]

To: Lazamataz

The sql commands are gone from that search list now.


36 posted on 11/19/2013 1:00:49 PM PST by Southack (Media Bias means that Castro won't be punished for Cuban war crimes against Black Angolans in Africa)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Mr. K
You get it. If there is no backend scrub... and from the front end, I cannot be certain there is... then all the enrollee and registrant data -- WITH BANK ACCOUNTS -- is in Indonesia, Russia, China, Pakistan, and any other third world country you can imagine.

ALREADY.

37 posted on 11/19/2013 1:02:32 PM PST by Lazamataz (Early 2009 to 7/21/2013 - RIP my little girl Cathy. You were the best cat ever. You will be missed.)
[ Post Reply | Private Reply | To 34 | View Replies]

To: Southack
Well! Perhaps they FREAKING SCRUBBED THE INPUT finally.

Too late, of course, all the data is sitting on some scumbags hard drive in Pakistan already.

38 posted on 11/19/2013 1:03:29 PM PST by Lazamataz (Early 2009 to 7/21/2013 - RIP my little girl Cathy. You were the best cat ever. You will be missed.)
[ Post Reply | Private Reply | To 36 | View Replies]

To: Lazamataz

Easy pickings...


39 posted on 11/19/2013 1:05:04 PM PST by Southack (Media Bias means that Castro won't be punished for Cuban war crimes against Black Angolans in Africa)
[ Post Reply | Private Reply | To 38 | View Replies]

To: RoosterRedux

What if someone put a Stuxnet in it?

Rut-roh.


40 posted on 11/19/2013 1:05:12 PM PST by exit82 ("The Taliban is on the inside of the building" E. Nordstrom 10-10-12)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-59 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson