Print

SD Times Blog: White hat hacker accessed 70,000 HealthCare.gov records in four minutes



Rob Marvin
Email
January 21, 2014 — 
TrustedSec CEO David Kennedy recounted to a Congressional panel last week how he was able to access 70,000 records from the HealthCare.gov website within four minutes, using a technique called passive reconnaissance.

Kennedy called the attack, which allowed him to query and look at how the website operated and performed, “rudimentary.” He was able to extract information from the site without actually going into the system. This wasn’t the first time he had testified about the security of HealthCare.gov, either. Last November he spoke about the same issues, and in a TrustedSec blog post the same day as last week’s hearing, he said things had only gotten worse.

“Today, nothing has changed and it’s business as usual on the HealthCare.gov site,” he wrote. “Out of the issues identified last go-around, there has been a half of a vulnerability closed out of the 17 previously disclosed, and since my last appearance, other security researchers have also identified an additional 20+ exposures on the site.”

Kennedy wasn’t alone at the hearing last week, either. Other white hat hackers testified to the House Science and Technology Committee about the same thing. Then Kennedy joined them—Kevin Mitnick, Ed Skoudis, Chris Nickerson, Eric Smith, Chris Gates, John Strand, Kevin Johnson, and Scott White—in signing and releasing a joint statement detailing their opinions and criticisms of HealthCare.gov security. 

In short, they all echo the sentiment that the glaring vulnerabilities in HealthCare.gov security could result in mass identity theft, and that the lack of security best practices in devising the site have made a breach all but certain.




Related Search Term(s): David Kennedy, Healthcare.gov, TrustedSec


Share this link: http://sdt.bz/67613
 

close
NEXT ARTICLE
SD Times Blog: HealthCare.gov is in good shape, but is it good enough?
The deadline is over, and while the website no longer crashes and burns when accessed, it still has major problems Read More...
 
 
 




News on Monday  more>>
Android Developer News  more>>
SharePoint Tech Report  more>>
Big Data TechReport  more>>

   
 
 

 


Download Current Issue
APRIL 2014 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?