Hacker Says He Could Access 70,000 Healthcare.Gov Records In 4 Minutes 351
cold fjord writes with this excerpt from Computerworld: "[W]hite hat hacker David Kennedy, CEO of TrustedSec, may feel like he's beating his head against a stone wall. Kennedy said, 'I don't understand how we're still discussing whether the website is insecure or not. ... It is insecure — 100 percent.' Kennedy has continually warned that healthcare.gov is insecure. In November, after the website was allegedly 'fixed,' he told Congress it was even more vulnerable to hacking and privacy breaches. ... 'Out of the issues identified last go around, there has been a half of a vulnerability closed out of the 17 previously disclosed ... other security researchers have also identified an additional 20+ exposures on the site.' ... Kennedy said he was able to access 70,000 records within four minutes ... At the House Science and Technology Committee hearing held last week ... elite white hat hackers — Kevin Mitnick, Ed Skoudis, Chris Nickerson, Eric Smith, Chris Gates, John Strand, Kevin Johnson, and Scott White – blasted the website's insecurity. ... Mitnick, the 'world's most famous hacker' testified: '... It would be a hacker's wet dream to break into Healthcare.gov ... A breach may result in massive identity theft never seen before — these databases house information on every U.S. citizen! It's shameful the team that built the Healthcare.gov site implemented minimal, if any, security best practices.'"
Comment removed (Score:4, Funny)
So it has come to this (Score:5, Funny)
> 70,000 Healthcare.Gov Records In 4 Minutes
Lie! There aren't even 70,000 people who have successfully registered yet.
Government! (Score:2, Funny)
We all know that the private sector could have done better!
.....
Bwahahahahahahahahahahahahahahahaahahahah!
Oh! I shit my pants!
Re:Didn't see that coming (Score:2, Funny)
..... will be as shocked as I am.
Your winnings sir...
Re:So it has come to this (Score:4, Funny)
69,000 of those records are actually just "F1RST P0ST!". Just like a typical Slashdot article.
oblig (Score:5, Funny)
Even worse, after accessing all those records, he logged in again as Bobby Tables and...
Big mouth (Score:5, Funny)
How do I get clients like this? (Score:5, Funny)
Re:Okay, but... (Score:4, Funny)
Re:New job for NSA (Score:5, Funny)
Well, at least you know it isn't vulnerable to SQL injection attacks.
Exactly. Just the other day, they probably told Congress, "We're vulnerable to no SQL injection attacks!"
Well the performance of the site is getting better (Score:5, Funny)