cold fjord writes: Computerworld reports, "... white hat hacker David Kennedy, CEO of TrustedSec, may feel like he’s beating his head against a stone wall. Kennedy said, "I don't understand how we're still discussing whether the website is insecure or not.
... It is insecure — 100 percent." Kennedy has continually warned that healthcare.gov is insecure. In November, after the website was allegedly “fixed,” he told Congress it was even more vulnerable to hacking and privacy breaches. ... “Out of the issues identified last go around, there has been a half of a vulnerability closed out of the 17 previously disclosed ... other security researchers have also identified an additional 20+ exposures on the site.” ... Kennedy said he was able to access 70,000 records within four minutes ... At the House Science and Technology Committee hearing held last week ... elite white hat hackers — Kevin Mitnick, Ed Skoudis, Chris Nickerson, Eric Smith, Chris Gates, John Strand, Kevin Johnson, and Scott White – blasted the website’s insecurity. ... Mitnick, the 'world's most famous hacker' testified:"... It would be a hacker's wet dream to break into Healthcare.gov ... A breach may result in massive identity theft never seen before — these databases house information on every U.S. citizen! It's shameful the team that built the Healthcare.gov site implemented minimal, if any, security best practices ... ""