Skip to comments.'White hat hacker': Why HealthCare.gov isn't secure
Posted on 11/19/2013 11:06:25 PM PST by Paul R.
Security expert who testified before Congress explains why your information on the federal ObamaCare site is not secure and how it is a gold mine for criminal hackers. More...
(Excerpt) Read more at video.foxnews.com ...
Once this gets out, all while Sebelius and the other minions continue to assure us that the site is secure... No one in their right mind will sign up, even if they like the Affordable Care Act. That's going to put a serious dent in ObamaCare, at least for a while, and the Administration's "trust" poll numbers will sink even lower.
The other problem I see is that while being a U.S. gov't website might deter some U.S. hackers, you just know that this has to be the biggest, juciest low hanging fruit ever, for hoardes of hackers in Russia, China, you name it...
I wouldn’t apply by phone or paper either. The same site is used to input the data on your application.
That's a VERY good point!!! Perhaps a number of us should point it out to Rush, Greta, and others.
I wonder if anyone has investigated the security of the states' exchanges, also.
This is an utterly insecure website. It is already compromised. Anyone who has entered their information should change their identity to avoid any problems.
“Anyone who has entered their information should change their identity to avoid any problems.”
I think I will identify as a poached egg and go look for a piece of toast to sit on. (Courtesy of P.G. Wodehouse)
The problems with Obamacare are approaching biblical proportions. They remind me of the plagues against the pharaoh of Egypt in the Old Testament.
Alinsky Rules - the Zero admin, DU, DailyKos, WaPo, and all the other jackals to attack everyone of the technical experts who testified that the website isn’t secure.
—— No one in their right mind will sign up,——
Well, it depends on what the definition of right mind is.
If you have no assets to steal, you will be left alone.
The security expert, Dave Kennedy, is the real deal. The primary tool any white hat hacker would use is called Metasploit.
And Dave just so happens to be the primary author of the book “Metasploit: The Penetration Tester’s Guide”, which is considered the top book on Metasploit, and includes a forward by the tool’s creator, HD Moore.
When he said he could break into the site in a few hours, he wasn’t kidding. Check out this video of him on Katie Couric (sorry to make you watch Katie) but it’s quite eye opening to watch this audience member’s shock as he compromised her laptop and took control of her entire computer, including webcam.
While Laz is known for his sarcastic, snarky, and witty remarks, he is being dead serious in this regard.
The site was so insecure until this week that it didn’t require what would normally be thought of as hacking, but more akin to report running. As I understand it has now Improved to ‘minor effort’ to gain access to what should be secured information.
An identity with a SSN is an asset of value.
Which is why why we value Lazamataz so highly on Free Republic...
(That and his innate ability to define the guiltyness or innocence of members of the opposite sex...:)
I think the person in the car in front of me with the "I (Heart) Obamacare" sticker on their car might be of the "right mind".
I almost wanted to pull up next to them and ask in a concerned voice "Are you okay?"
Hey, he promised transparency and that’s what we got.
Posted to Facebook
Someone yesterday posted what happens when you put a semicolon in the login box-
the first three suggestions were SQL injection attacks.
I think I’d like to add:
“;””drop table users”
(I broke it up JUST in case)
You have been on top of this as FR's "white hat techie" ... hacked already ... Programmers will have an OMG moment ... as well as presenting how it could have been done without the FUSTERCLICK (c).
They should have hired the hackers, who apparently know more about computers than MOOCH’s friend’s company does.
Yes, I realize that Laz has really been serious about the lack of security on the site. I have been following his posts on this topic and I realize that he knows what he is talking about, and has expressed the implications in no uncertain terms.
In a sense the seriousness of it is reflected in the sentence that I quoted from Laz’s post. Normally we think of people who have gone into a witness protection program who have a complete identity change to give some protection. If someone has tried to set up an account on the site, he might as well become a whole new person to avoid the consequences.