Jump to content

11 posts in this topic

Recommended Posts

Filed: K-1 Visa Country: China
Timeline
Posted

World's greatest hacker calls Healthcare.gov security 'shameful'

Published January 16, 2014

Security expert -- and once the world's most-wanted cyber criminal -- Kevin Mitnick submitted a scathing criticism to a House panel Thursday of ObamaCare's Healthcare.gov website, calling the protections built into the site "shameful" and "minimal."

In a letter submitted as testimony to the House Science, Space and Technology Committee, Mitnick wrote: "It's shameful the team that built the Healthcare.gov site implemented minimal, if any, security best practices to mitigate the significant risk of a system compromise."

Mitnick's letter, submitted to panel Chairman Lamar Smith, R-Texas, and ranking member Eddie Bernice Johnson, D-Texas, held comments from several leading security experts.

Mitnick concluded that, "After reading the documents provided by David Kennedy that detailed numerous security vulnerabilities associated with the Healthcare.gov Website, it's clear that the management team did not consider security as a priority."

RAW DATA: Security experts on Healthcare.gov issues

His comments were backed up by testimony by Kennedy, who is CEO and founder of TrustedSec LLC and a self-described "white hat hacker," meaning someone who hacks in order to fix security flaws and not commit cybercrime. In November, Kennedy and other experts testified before the same panel about security issues on Healthcare.gov.

Kennedy testified that most of the flaws they identified at the time still exist on the site, and said "indeed, it's getting worse," telling the panel that he and other experts have seen little improvement in the past two months.

"Nothing has really changed since our November 19 testimony," Kennedy said.

Only one-half of a vulnerability has been found and plugged since then, he told the committee. "They did a little bit of work on it and it's still vulnerable today."

Also speaking at the panel were Michael Gregg, chief executive officer of Superior Solutions, Waylon Krush, co-founder and CEO of Lunarline, and Dr. Lawrence Ponemon, chairman and founder of the Ponemon Institute.

There have been no confirmed security breaches or hacks of the site yet, despite the alarming current and past testimony from the panel. (At the November panel, Kennedy said the website "may have already been hacked.") The flaws that have been found are mere speculation, pointed out Krush, whose firm has done security work for the Department of Health and Human Services.

“Nobody here at this table can tell you there is a vulnerability,” he said during testimony. To actually test the flaws would require hacking the website itself, which would mean breaking the law, he noted.

http://www.foxnews.com/tech/2014/01/16/world-greatest-hacker-calls-healthcaregov-security-shameful/

If more citizens were armed, criminals would think twice about attacking them, Detroit Police Chief James Craig

Florida currently has more concealed-carry permit holders than any other state, with 1,269,021 issued as of May 14, 2014

The liberal elite ... know that the people simply cannot be trusted; that they are incapable of just and fair self-government; that left to their own devices, their society will be racist, sexist, homophobic, and inequitable -- and the liberal elite know how to fix things. They are going to help us live the good and just life, even if they have to lie to us and force us to do it. And they detest those who stand in their way."
- A Nation Of Cowards, by Jeffrey R. Snyder

Tavis Smiley: 'Black People Will Have Lost Ground in Every Single Economic Indicator' Under Obama

white-privilege.jpg?resize=318%2C318

Democrats>Socialists>Communists - Same goals, different speeds.

#DeplorableLivesMatter

Filed: IR-1/CR-1 Visa Country: China
Timeline
Posted

sounds like they need to redo the table.

Sometimes my language usage seems confusing - please feel free to 'read it twice', just in case !
Ya know, you can find the answer to your question with the advanced search tool, when using a PC? Ditch the handphone, come back later on a PC, and try again.

-=-=-=-=-=R E A D ! ! !=-=-=-=-=-

Whoa Nelly ! Want NVC Info? see http://www.visajourney.com/wiki/index.php/NVC_Process

Congratulations on your approval ! We All Applaud your accomplishment with Most Wonderful Kissies !

 

Posted

The committee is consulting experts, experts are making recommendations.. Of course, it could be that THE DEVIL KENYAN has a secret plot to steal everyone's SS# and sell them off to foreign powers in a bid to undermine the US and its economy.

Refusing to use the spellchick!

I have put you on ignore. No really, I have, but you are still ruining my enjoyment of this site. .

Posted

The committee is consulting experts, experts are making recommendations.. Of course, it could be that THE DEVIL KENYAN has a secret plot to steal everyone's SS# and sell them off to foreign powers in a bid to undermine the US and its economy.

I knew someone would see the light!! This is exactly what he is trying to do.

R.I.P Spooky 2004-2015

Posted

foxdistort.png

B. it was not on MSNBC, Al-Jazerra, Salon,CNN or other left wing approved sources so it is obvious right wing biased hate,no matter how many facts they quote

Filed: Country: Monaco
Timeline
Posted

The committee is consulting experts, experts are making recommendations.. Of course, it could be that THE DEVIL KENYAN has a secret plot to steal everyone's SS# and sell them off to foreign powers in a bid to undermine the US and its economy.

Don't underestimate the power of the vast, huge and incommensurable conspiracy. It has been afoot since 1961. They thought of everything. Resistance is futile!

200px-FSM_Logo.svg.png


www.ffrf.org




Filed: Country: Monaco
Timeline
Posted

B. it was not on MSNBC, Al-Jazerra, Salon,CNN or other left wing approved sources so it is obvious right wing biased hate,no matter how many facts they quote

F. Consider taking the time and reading the copy posted by the OP. The spin should have you dizzy. Take a second look before you ingest it. Here are a couple of words to help you: Mole. Hill. You can shake it any way you want but it is still just swill.

200px-FSM_Logo.svg.png


www.ffrf.org




Filed: Citizen (apr) Country: Russia
Timeline
Posted

http://www.sitepronews.com/2014/01/16/experts-call-healthcare-gov-security-shameful/

January 16, 2014

Experts Call Healthcare.gov Security Shameful

More then 20 Vulnerabilities Remain in Obamacare WebsiteBy SPN Staff Writers in Breaking NewsPhoto Credit: FutUndBeidl via flickrShare on facebookShare on twitterShare on google_plusone_shareShare on pinterest_shareShare on linkedinShare on emailMore Sharing Services0TranslateThe beleaguered Obamacare website is still at risk of being hacked due to a plethora of vulnerabilities, say a group of security experts.TrustedSec head of computer security David Kennedy testified before Congress today about Healthcare.govs security issues, saying only about 50 percent of the vulnerabilities discovered since last year have been patched.Kennedy, who also testified on the same subject last November, told Congress another 20-plus bugs have been found by other security researchers examining the site.Some issues still include critical or high-risk findings to personal information or risk of loss of confidentiality or integrity of the infrastructure itself, he said.Kennedy told Congress he asked a number of other security professionals to review his findings.I asked that they simply give their professional opinion on what they thought of the exposures and if they think best practices were followed on the healthcare.gov website, Kennedy said. The results were unanimous and unified its bad.Here is what some of them had to say:Counter Hack founder Ed SkoudisIve worked on dozens of large-scale breach cases over the past 12 years, looking at the root cause vulnerabilities and the attackers methods, Skoudis said. Reviewing the security issues discovered in the healthcare.gov site, I can tell you: this is a breach waiting to happen. Or, given the numerous vulnerabilities, perhaps a breach already has happened. These are exactly the kind of security flaws bad guys exploit in large-scale breaches. Urgent action is required to fix these flaws, applying well-known, time-tested, industry-standard security defenses.Mitnick Security Consulting CEO Kevin MitnickHealthcare.gov retrieves information from numerous third-party databases belonging to the IRS, Social Security Administration, Department of Homeland Security, and other State agencies, Mitnick said. It would be a hackers wet dream to break into Healthcare.gov and potentially gain access to the information stored in these databases. A breach may result in massive identity theft never seen before these databases house information on every U.S. citizen!Its shameful the team that built the Healthcare.gov site implemented minimal, if any, security best practices to mitigate the significant risk of a system compromise or access to consumer proprietary information.Secure Ideas CEO Kevin JohnsonIn my professional opinion, these findings exhibit not only a basic lack of security testing, but also reflect signs that standard IT change management and validation practices are not being followed, Johnson said. These security findings are typical findings we see when an application has been written by developers who have not been introduced to basic security training, nor understand the importance of security within an application.The findings disclose a wide range of issues that could cause serious harm to bothhealthcare.gov as well as any individual using the application. These flaws are not even complex problems that would require advanced security knowledge to detect. Instead, they are issues that are detected with simple, standard techniques, of which any developer or QA professional should be aware.The Centers for Medicare & Medicaid Services, which manages the health-care site, issued the following statement to Reuters:To date there have been no successful security attacks on HealthCare.gov and no person or group has maliciously accessed personally identifiable information from the site. Security testing is conducted on an ongoing basis using industry best practices to appropriately safeguard consumers personal information

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
- Back to Top -

Important Disclaimer: Please read carefully the Visajourney.com Terms of Service. If you do not agree to the Terms of Service you should not access or view any page (including this page) on VisaJourney.com. Answers and comments provided on Visajourney.com Forums are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Visajourney.com does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. VisaJourney.com does not condone immigration fraud in any way, shape or manner. VisaJourney.com recommends that if any member or user knows directly of someone involved in fraudulent or illegal activity, that they report such activity directly to the Department of Homeland Security, Immigration and Customs Enforcement. You can contact ICE via email at Immigration.Reply@dhs.gov or you can telephone ICE at 1-866-347-2423. All reported threads/posts containing reference to immigration fraud or illegal activities will be removed from this board. If you feel that you have found inappropriate content, please let us know by contacting us here with a url link to that content. Thank you.
×
×
  • Create New...