Healthcare.gov ‘may already have been compromised,’ security expert says

foxnews.com ^ | 11/19/2013

[Personal Responsibility]

Winner winner! Post of the day!

[RedMDer]

Support Free Republic.
Thank you!

[a fool in paradise]

Sounds like a backpedal from the claims earlier this week that it was being DDOS attacked by right wing zealots.

[commish]

Just from that I can deduce without any tools that there are severe Sql Injection issues, probably XML injection and cross-site scripting vulnerabilities too.

And that is just on a visual inspection. An hacker with the simplest of tools (Burp, Web Scarab, paros, etc.) could find myriad infiltration pathways in a matter of minutes.

[A_Former_Democrat]

“One key problem facing Healthcare.gov is that security wasn’t built into the site from the very beginning, he said — an opinion shared by both Kennedy and Fred Chang, the distinguished chair in cyber security at Southern Methodist University.”

Normally, I wouldn’t have believed this . . . however, now . . .

[COBOL2Java]

“Hackers are definitely after it,” said David Kennedy, CEO of information security firm TrustedSEC before a House Science, Space, and Technology committee hearing on security concerns surrounding the problematic Healthcare.gov website.

"Think they'll listen to him?"

"No way! Now, mirror those servers to ours"

[Personal Responsibility]

Let me sum up this PDF for those without the time / technical background to read and understand what’s being said:

If you value your identity, stay off Healthcare.gov

[Billthedrill]

One key problem facing Healthcare.gov is that security wasn’t built into the site from the very beginning...

Oh, that? We forgot about that.

“It’s not only social security numbers … it’s one of the largest collections of personal data, social security and everything else, that we’ve ever seen,” Kennedy said.

Well, heck, who would be interested in that?

The bad news is that your medical and tax records are now in the hands of a 12-year-old North Korean hacker. The good news is he's your heart surgeon.

[golas1964]

IBT ‘IATHF’ (It’s All The Hackers’ Fault!)

[Paladin2]

Just wait until you have to list the entire contents of your "arsenal" and have it verified by a BATFE home invasion inspection before getting a band-aid out of the ER nurse.

[RoosterRedux]

“One key problem facing Healthcare.gov is that security wasn’t built into the site from the very beginning, he said — an opinion shared by both Kennedy and Fred Chang, the distinguished chair in cyber security at Southern Methodist University.”

Normally, I wouldn’t have believed this . . . however, now . . .

As the Obamacare disaster grows more legs than a caterpillar, I am coming to the conclusion that this is the end of Obama.

He looks like an unplugged idiot--unaware, uncaring, indifferent, and just plain incompetent. And on top of that, he's a shameless liar.

Put a fork in him...he's done.

[Ray76]

Wow! You’re not kiddin.

Don’t go near it.

[cherokee1]

Funny how close this hole Deathcare episode is to a Dilbert cartoon. Dilbert’s Elbonians clearly have been the contractors in setting it up. The entire country of Elbonia, for you non-Dilbert types, is covered in knee-deep mud and the Elbonians are totally incompetent at everything. Their main attraction is that they work cheap and that, folks, is the only difference I can see so far between them and the Kenyan’s bunch. And maybe what Washington DC is knee-deep in? I don’t recall any episodes where the Elbonians set up a health insurance system but I expect Dilbert will be on it.

[Mr. K]

OMG!!!!!!!!!!!!!!!!!!!!!!!!

[Mr. K]

This site looks like something that a bunch of high-schoolers threw together in a weekend of all-nighters

How they managed to spend $680million on this is unbelievable

[Southack]

The sql commands are gone from that search list now.

[Lazamataz]

You get it. If there is no backend scrub... and from the front end, I cannot be certain there is... then all the enrollee and registrant data -- WITH BANK ACCOUNTS -- is in Indonesia, Russia, China, Pakistan, and any other third world country you can imagine.

ALREADY.

[Lazamataz]

Well! Perhaps they FREAKING SCRUBBED THE INPUT finally.

Too late, of course, all the data is sitting on some scumbags hard drive in Pakistan already.

[Southack]

Easy pickings...

[exit82]

What if someone put a Stuxnet in it?

Rut-roh.