Skip to comments.No security ever built into Obamacare site: Hacker
Posted on 12/02/2013 5:34:50 PM PST by tobyhill
It could take a year to secure the risk of "high exposures" of personal information on the federal Obamacare online exchange, a cybersecurity expert told CNBC on Monday. "When you develop a website, you develop it with security in mind. And it doesn't appear to have happened this time," said David Kennedy, a so-called "white hat" hacker who tests online security by breaching websites. He testified on Capitol Hill about the flaws of HealthCare.gov last week.
"It's really hard to go back and fix the security around it because security wasn't built into it," said Kennedy, chief executive of TrustedSec. "We're talking multiple months to over a year to at least address some of the critical-to-high exposures on the website itself."
According to the Department of Health and Human Services, which oversaw the implementation of the website, the components used to build the site are compliant with standards set by Federal security authorities.
(Excerpt) Read more at cnbc.com ...
I was so thrilled to see Drudge's headline.
All the reporting about the HealthCare,gov relaunch has been about the Potemkin website with its dysfunctional backend and the "glitches" that still need to be fixed.
Virtually nothing has been said or printed about the website's utter lack of security and the fact that Obama would forcibly subject citizens' to reveal their personal data to every amateur hacker, identity-theft ring, and evil enterprise in the world.
Another conspiracy of silence.
Security-shmerity, as long as Obama’s buddies in Canada got 650 million of taxpayer money, that’s all Obama really cared about anyway.
(Well, hey, they HAD to make it as easy as possible for the NSA to collect all the info they wanted!)
No, it's impossible.
There's no such thing as a completely secure system. I used to say that the only completely secure computer is still in the factory sealed box, but then back in the 90s, Apple shipped quite a few systems that were "pre-infected" with malware.
But if a system is designed from the start without security, it can NEVER become a trusted system.
Actually, it's not just HIPPA. I believe that if you take credit card payments on a website, the entire system has to be PCI DSS (Payment Card Industry Data Security Standard) compliant. Otherwise, the major payment card vendors will not allow you access to their financial networks.
If the government were to force these vendors to abandon their own security standards, then we've got a real problem here.