Monday, January 20, 2014

Reminding us why the phrase "good enough for government work" was created


Hacking expert David Kennedy says he cracked HealthCare.gov in 4 minutes


The man who appeared before Congress last week to explain the security pitfalls of HealthCare.gov took to Fox News on Sunday to explain just how easy it was to penetrate the website.

Hacking expert David Kennedy told Fox’s Chris Wallace that gaining access to 70,000 personal records of Obamacare enrollees via HealthCare.gov took about 4 minutes and required nothing more than a standard browser, the Daily Caller reported.

“And 70,000 was just one of the numbers that I was able to go up to and I stopped after that,” he said. “You know, I’m sure it’s hundreds of thousands, if not more, and it was done within about a 4 minute timeframe. So, it’s just wide open.”
“You can literally just open up your browser, go to this, and extract all this information without actually having to hack the website itself,” he said.

Mr. Kennedy testified before Congress Thursday that HealthCare.gov was “100 percent” insecure, Washington Free Beaconreported.

“What we learned was that they had rushed through what we call the software development life cycle where they actually build the application,” he said on Fox. “So when you do that, security doesn’t really get integrated into it. And what happened with the rocky launch in October is they slapped a bunch of servers in trying to fix the website just to keep it up and running so that people could actually go and use it. The problem is they still didn’t imbed any security into it.”
“It’s not just myself that’s saying this website is insecure, it’s also seven other independent security researchers that also looked at the research I’ve done and came to the exact same conclusion,” he said.

No comments:

Post a Comment