SD Times Blog: White hat hacker accessed 70,000 records in four minutes

Rob Marvin
January 21, 2014 — 
TrustedSec CEO David Kennedy recounted to a Congressional panel last week how he was able to access 70,000 records from the website within four minutes, using a technique called passive reconnaissance.

Kennedy called the attack, which allowed him to query and look at how the website operated and performed, “rudimentary.” He was able to extract information from the site without actually going into the system. This wasn’t the first time he had testified about the security of, either. Last November he spoke about the same issues, and in a TrustedSec blog post the same day as last week’s hearing, he said things had only gotten worse.

“Today, nothing has changed and it’s business as usual on the site,” he wrote. “Out of the issues identified last go-around, there has been a half of a vulnerability closed out of the 17 previously disclosed, and since my last appearance, other security researchers have also identified an additional 20+ exposures on the site.”

Kennedy wasn’t alone at the hearing last week, either. Other white hat hackers testified to the House Science and Technology Committee about the same thing. Then Kennedy joined them—Kevin Mitnick, Ed Skoudis, Chris Nickerson, Eric Smith, Chris Gates, John Strand, Kevin Johnson, and Scott White—in signing and releasing a joint statement detailing their opinions and criticisms of security. 

In short, they all echo the sentiment that the glaring vulnerabilities in security could result in mass identity theft, and that the lack of security best practices in devising the site have made a breach all but certain.

Related Search Term(s): David Kennedy,, TrustedSec

Share this link:

SD Times Blog: is in good shape, but is it good enough?
The deadline is over, and while the website no longer crashes and burns when accessed, it still has major problems Read More...

News on Monday  more>>
Android Developer News  more>>
SharePoint Tech Report  more>>
Big Data TechReport  more>>



Download Current Issue

Need Back Issues?

Want to subscribe?