Skip to comments.Security Expert Hacks Obamacare Website In 4 Minutes; Accesses 70,000 Records
Posted on 01/20/2014 8:42:03 PM PST by Zakeet
The hits just keep on coming for ObamaCare. It was less than two weeks ago that I highlighted the potential premium rate death spiral that ObamaCare faces due to the fact that only old and sick people are signing up for the program. Now it seems there are further security related concerns plaguing the site, as cyber-security expert David Kennedy recently claimed that gaining access to 70,000 personal records of Obamacare enrollees via HealthCare.gov took about 4 minutes.
Its actually hard to be this incompetent if you tried. More from the Washington Times:
The man who appeared before Congress last week to explain the security pitfalls of HealthCare.gov took to Fox News on Sunday to explain just how easy it was to penetrate the website.
Hacking expert David Kennedy told Foxs Chris Wallace that gaining access to 70,000 personal records of Obamacare enrollees via HealthCare.gov took about 4 minutes and required nothing more than a standard browser, the Daily Caller reported.
And 70,000 was just one of the numbers that I was able to go up to and I stopped after that, he said. You know, Im sure its hundreds of thousands, if not more, and it was done within about a 4 minute timeframe. So, its just wide open.
You can literally just open up your browser, go to this, and extract all this information without actually having to hack the website itself, he said.
Mr. Kennedy testified before Congress Thursday that HealthCare.gov was 100 percent insecure, Washington Free Beaconreported.
For some context on this very important issue, check out the video below:
[Video embedded in article]
Full article here.
Its actually hard to be this incompetent if you tried ...
This hacker is obviously racist.
Obamacare is just about over.
I call BS!
Everyone knows there aren’t 70,000 records there!
Or, maybe he better check to see what’s in those records...I’d predict he got 70,000 versions of:
“Access Denied. 404. Server timeout. Abort/retry/fail?”
all the various combinations and permutations of Obama's
3. Birth dates
4 Hospital of birth
5. Fathers name
6. Fathers nationality
7. Social security numbers
9. Sexual orientation
That depends; given the underlying database-structure a single person's data could be spread across multiple database tables (not a bad thing*), each of which is a distinct record.
* You can use this to group data together, or to "compress" common data -- like storing 1..50 for each of the several states and using that number to reference the state rather than the full name or two-letter postal code.
0 only found out when he saw it on TV, like the rest of us.
It’s patriotic to lose your personal info, right Joe?
But, hey, look over there at Chris Christie . . .
65,000 of those records were put there by other hackers.
That is exactly why the process control industry uses so many layers of protection to it’s servers running SQL servers process layer servers.
That and of course Windows OS running on the servers.
Also most of this is edicts sent down from above by boards that have direct ties to Federal Government Security Regs for Process Control. Oh, that is right, that only goes BOOM not someones life savings
Well it is hard to believe the thing is even sustainable at this point.
Maybe he can tell us how many successfully enrolled and how many paid. Seems the government is unable to determine these numbers.
SQL Injection Marker
Sounds about right, Bob :)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.