« Despite Agency Denials, Emails Show EPA Coordinated With Left-Wing Political Groups to Pressure Energy Companies;
EPA Head Dodges Questions
| Main | Overnight Open Thread (1-16-2014) »
January 16, 2014

World's Most Famous Hacker, Kevin Mitnick, Calls Obamacare's Complete Lack of Security "Shameful"

Totally fixed, y'all. Mitnick submitted his report to the House Committee on Science, Space, and Technology.

[M]itnick wrote: "It's shameful the team that built the Healthcare.gov site implemented minimal, if any, security best practices to mitigate the significant risk of a system compromise."

...

Mitnick concluded that, "After reading the documents provided by David Kennedy that detailed numerous security vulnerabilities associated with the Healthcare.gov Website, it's clear that the management team did not consider security as a priority."

His comments were backed up by testimony by Kennedy, who is CEO and founder of TrustedSec LLC and a self-described "white hat hacker," meaning someone who hacks in order to fix security flaws and not commit cybercrime. In November, Kennedy and other experts testified before the same panel about security issues on Healthcare.gov.

Kennedy testified that most of the flaws they identified at the time still exist on the site, and said "indeed, it's getting worse," telling the panel that he and other experts have seen little improvement in the past two months.

"Nothing has really changed since our November 19 testimony," Kennedy said.

How bad are the security flaws? Well, not that bad. I mean, a hacker could just take over your computer through the Healthcare.gov interface, is all.

“The site is fundamentally flawed in ways that make it dangerous to people who use it,” said Kevin Johnson, one of the experts who reviewed Kennedy’s findings.

Johnson said that one of the most troubling issues was that a hacker could upload malicious code to the site, then attack other HealthCare.gov users.

“You can take control of their computers,” said Johnson, chief executive of a firm known as Secure Ideas and a teacher at the non-profit SANS Institute, the world’s biggest organization that trains and certifies cyber security professionals.

They're doing "passive analysis," which means just looking at the code. "Active analysis" would be, obviously, an actual attempt to hack (in order to expose security flaws, not to actually steal information).

They could prove their claims, then, by hacking the site. But that is itself illegal, and I guess for some reason I can't fathom Obama won't sign an Executive Order permitting them to hack the site (under supervision) to see just how vulnerable it is.

Instead, I guess, we'll just all roll the dice and let a smile be our umbrella.

Here's how Reuters spins the story-- that Republicans, rather than hackers and security experts, are trying to scare people about Healthcare.gov's lack of security.

Republicans warn of security flaws in Obamacare website

Republicans in Congress sought to showcase what they call major security problems with the Obamacare website HealthCare.gov on Thursday, just as U.S. officials ramp up a national campaign to persuade young adults to use the site to enroll in health insurance.

In a public messaging tug-of-war that will likely intensify in coming weeks, the Republican-led House of Representatives targeted the healthcare reform law in three separate oversight hearings. Two were geared toward Republican claims that HealthCare.gov remains vulnerable to hackers more than three months after its botched October 1 rollout.

Democrats accused Republicans of "cherry picking" partial information about the website to try and scare consumers away from it

See? It's just Republicans making these claims. Not experts. Just a politically-motivated attack Republicans just made up, you see.

lolcat_internet.jpg

Are LOLcats still a thing? I was told LOLcats were still a thing.

And, Open Blog.


digg this
posted by Ace at 07:38 PM

| Access Comments




Recent Comments
olddog in mo, uckfay ancercay: "Got the tuna steaks marinating. Just waiting for ..."

jsg: ".410 is a great squirrel gun. ..."

Ben Had: "Insom, I'm partial to Texas Hold'em. ..."

LoneRanger: "Nurse a .22 and patience ..."

jsg: "Really wanted to burn the brush pile today but it' ..."

Insomniac: "231 Hey Insom, wanna play cards? Posted by: Ben H ..."

SMH: "* sends orderly with tray of SOS * Posted by: Mes ..."

Nurse ratched : "Any hints for keeping the squirrels from eating my ..."

Blonde Morticia: " Well, looks like I've got this thread practicall ..."

Blonde Morticia: " Linn - it all went pretty well this week. They a ..."

KTbarthedoor: "Tonypete at November 16, 2019 02:33 PM Probably ..."

Weasel: "37 I recognize the plumeria and bird of paradise, ..."

Recent Entries
Search


Polls! Polls! Polls!
Frequently Asked Questions
The (Almost) Complete Paul Anka Integrity Kick
Top Top Tens
Greatest Hitjobs

The Ace of Spades HQ Sex-for-Money Skankathon
A D&D Guide to the Democratic Candidates
Margaret Cho: Just Not Funny
More Margaret Cho Abuse
Margaret Cho: Still Not Funny
Iraqi Prisoner Claims He Was Raped... By Woman
Wonkette Announces "Morning Zoo" Format
John Kerry's "Plan" Causes Surrender of Moqtada al-Sadr's Militia
World Muslim Leaders Apologize for Nick Berg's Beheading
Michael Moore Goes on Lunchtime Manhattan Death-Spree
Milestone: Oliver Willis Posts 400th "Fake News Article" Referencing Britney Spears
Liberal Economists Rue a "New Decade of Greed"
Artificial Insouciance: Maureen Dowd's Word Processor Revolts Against Her Numbing Imbecility
Intelligence Officials Eye Blogs for Tips
They Done Found Us Out, Cletus: Intrepid Internet Detective Figures Out Our Master Plan
Shock: Josh Marshall Almost Mentions Sarin Discovery in Iraq
Leather-Clad Biker Freaks Terrorize Australian Town
When Clinton Was President, Torture Was Cool
What Wonkette Means When She Explains What Tina Brown Means
Wonkette's Stand-Up Act
Wankette HQ Gay-Rumors Du Jour
Here's What's Bugging Me: Goose and Slider
My Own Micah Wright Style Confession of Dishonesty
Outraged "Conservatives" React to the FMA
An On-Line Impression of Dennis Miller Having Sex with a Kodiak Bear
The Story the Rightwing Media Refuses to Report!
Our Lunch with David "Glengarry Glen Ross" Mamet
The House of Love: Paul Krugman
A Michael Moore Mystery (TM)
The Dowd-O-Matic!
Liberal Consistency and Other Myths
Kepler's Laws of Liberal Media Bias
John Kerry-- The Splunge! Candidate
"Divisive" Politics & "Attacks on Patriotism" (very long)
The Donkey ("The Raven" parody)
Powered by
Movable Type 2.64