Hacker Says He Could Access 70,000 Healthcare.Gov Records In 4 Minutes

cold fjord writes with this excerpt from Computerworld: "[W]hite hat hacker David Kennedy, CEO of TrustedSec, may feel like he's beating his head against a stone wall. Kennedy said, 'I don't understand how we're still discussing whether the website is insecure or not. ... It is insecure — 100 percent.' Kennedy has continually warned that healthcare.gov is insecure. In November, after the website was allegedly 'fixed,' he told Congress it was even more vulnerable to hacking and privacy breaches. ... 'Out of the issues identified last go around, there has been a half of a vulnerability closed out of the 17 previously disclosed ... other security researchers have also identified an additional 20+ exposures on the site.' ... Kennedy said he was able to access 70,000 records within four minutes ... At the House Science and Technology Committee hearing held last week ... elite white hat hackers — Kevin Mitnick, Ed Skoudis, Chris Nickerson, Eric Smith, Chris Gates, John Strand, Kevin Johnson, and Scott White – blasted the website's insecurity. ... Mitnick, the 'world's most famous hacker' testified: '... It would be a hacker's wet dream to break into Healthcare.gov ... A breach may result in massive identity theft never seen before — these databases house information on every U.S. citizen! It's shameful the team that built the Healthcare.gov site implemented minimal, if any, security best practices.'"

Comment removed

[account_deleted]

Comment removed based on user account deletion

So it has come to this

[Impy the Impiuos Imp]

> 70,000 Healthcare.Gov Records In 4 Minutes

Lie! There aren't even 70,000 people who have successfully registered yet.

Government!

[Anonymous Coward]

We all know that the private sector could have done better!

.....

Bwahahahahahahahahahahahahahahahaahahahah!

Oh! I shit my pants!

Re:Didn't see that coming

[Anonymous Coward]

..... will be as shocked as I am.

Your winnings sir...

Re:So it has come to this

[SJHillman]

69,000 of those records are actually just "F1RST P0ST!". Just like a typical Slashdot article.

oblig

[cellocgw]

Even worse, after accessing all those records, he logged in again as Bobby Tables and...

Big mouth

[jargonburn]

He should probably shut it. Doesn't he know that the best security is obscurity? If he keeps talking about how vulnerable that website is, someone MIGHT actually hack it! Is that what he wants??

How do I get clients like this?

[rebelwarlock]

I get between a few hundred and a few thousand USD for any given contract, and my clients actually expect their software to work. How does one go about getting this much money for a steaming pile of shit?

Re:Okay, but...

[Forty Two Tenfold]

From the misery of this site it looks as if it was specifically designed to kill Obamacare.

Re:New job for NSA

[DoofusOfDeath]

Well, at least you know it isn't vulnerable to SQL injection attacks.

Exactly. Just the other day, they probably told Congress, "We're vulnerable to no SQL injection attacks!"

Well the performance of the site is getting better

[TheMadTopher]

Hackers can get 70K records in 4 minutes from the healthcare.gov website? Great news! That's the best performance metric the website has had yet!