Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Says He Could Access 70,000 Healthcare.Gov Records In 4 Minutes

Posted by timothy on from the all-eggs-one-basket dept.

cold fjord writes with this excerpt from Computerworld: "[W]hite hat hacker David Kennedy, CEO of TrustedSec, may feel like he's beating his head against a stone wall. Kennedy said, 'I don't understand how we're still discussing whether the website is insecure or not. ... It is insecure — 100 percent.' Kennedy has continually warned that healthcare.gov is insecure. In November, after the website was allegedly 'fixed,' he told Congress it was even more vulnerable to hacking and privacy breaches. ... 'Out of the issues identified last go around, there has been a half of a vulnerability closed out of the 17 previously disclosed ... other security researchers have also identified an additional 20+ exposures on the site.' ... Kennedy said he was able to access 70,000 records within four minutes ... At the House Science and Technology Committee hearing held last week ... elite white hat hackers — Kevin Mitnick, Ed Skoudis, Chris Nickerson, Eric Smith, Chris Gates, John Strand, Kevin Johnson, and Scott White – blasted the website's insecurity. ... Mitnick, the 'world's most famous hacker' testified: '... It would be a hacker's wet dream to break into Healthcare.gov ... A breach may result in massive identity theft never seen before — these databases house information on every U.S. citizen! It's shameful the team that built the Healthcare.gov site implemented minimal, if any, security best practices.'"

11 of 351 comments (clear)

  1. Before they patch the hole by TimMD909 · · Score: 4, Funny

    The root password is "password1".

  2. So it has come to this by Impy+the+Impiuos+Imp · · Score: 5, Funny

    > 70,000 Healthcare.Gov Records In 4 Minutes

    Lie! There aren't even 70,000 people who have successfully registered yet.

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    1. Re:So it has come to this by SJHillman · · Score: 3, Funny

      69,000 of those records are actually just "F1RST P0ST!". Just like a typical Slashdot article.

  3. Government! by Anonymous Coward · · Score: 2, Funny

    We all know that the private sector could have done better!

    .....

    Bwahahahahahahahahahahahahahahahaahahahah!

    Oh! I shit my pants!

  4. Re:Didn't see that coming by Anonymous Coward · · Score: 2, Funny

    ..... will be as shocked as I am.

    Your winnings sir...

  5. oblig by cellocgw · · Score: 4, Funny

    Even worse, after accessing all those records, he logged in again as Bobby Tables and...

    --
    https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
  6. Big mouth by jargonburn · · Score: 4, Funny

    He should probably shut it. Doesn't he know that the best security is obscurity? If he keeps talking about how vulnerable that website is, someone MIGHT actually hack it! Is that what he wants??

  7. How do I get clients like this? by rebelwarlock · · Score: 4, Funny

    I get between a few hundred and a few thousand USD for any given contract, and my clients actually expect their software to work. How does one go about getting this much money for a steaming pile of shit?

  8. Re:Okay, but... by Forty+Two+Tenfold · · Score: 4, Funny

    From the misery of this site it looks as if it was specifically designed to kill Obamacare.

    --
    Upward mobility is a slippery slope - the higher you climb the more you show your ass.
  9. Re:New job for NSA by DoofusOfDeath · · Score: 4, Funny

    Well, at least you know it isn't vulnerable to SQL injection attacks.

    Exactly. Just the other day, they probably told Congress, "We're vulnerable to no SQL injection attacks!"

  10. Well the performance of the site is getting better by TheMadTopher · · Score: 4, Funny

    Hackers can get 70K records in 4 minutes from the healthcare.gov website? Great news! That's the best performance metric the website has had yet!