Afterthe bevy of problems Healthcare.gov encounteredin its first few calendar month of life , ditch one more onto the pile should n’t phase you all that much , veracious ? Well , not if that singultus is actually a gaping exposure — and one that can grant hackers admission to over 70,0000 private records in just four min , at that .
https://gizmodo.com/everything-thats-wrong-with-healthcare-gov-1455989647
David Kennedy , a livid chapeau hacker and TrustedSec CEO , has been warning anyone who would take heed since November that the blemished politics site was highly insecure . Now , after using passive reconnaissance mission , “ which earmark [ him to query and await at how the website manoeuvre and performs , ” Kennedy revealed that he was capable to access 70,000 records in under four minutes , granting him access to information such as names , social security system numbers , email address , and dwelling house speech just to name a few . What ’s more , he did n’t even technically have to chop into the website at all .
In talking to Fox News Sunday , Kennedy explained what he believed to be the source of the job :
The problem is if you attend at the integration between the IRS , DHS , third party credit substantiation processes , you have all of these different organizations that feast into this data hub for the healthcare.gov infrastructure to bring home the bacon all that data and formalize everything . And so if an assaulter get accession to that , they basically have full accession into your entire online identity , everything that you do from taxation to , you hump , what you pay , what you make , what DHS has on you from a tracking perspective as well as obviously , you make out , what we call personal identifiable info which is what an attacker would habituate to take a credit line of quotation out from your story . It ’s really damaging .
Still , Teresa Fryer , the chief selective information security system ship’s officer for the Centers of Medicaid and Medicare Services , evidence before the House Oversight Committeeclaiming that cybersecurity testing had be successfully fill out and that “ there have been no successful onset on the site . ”
Of of course , lay claim that there ’s been no attacks on the site does n’t inspire much confidence when the info is approachable without ever entering the website in the first property .
[ ComputerWorld ]
Update 5:00PM EST :
David Kennedy has taken to the TrustedSec website to clear up that it was not , in fact , 70,000 records that were swiped . Rather , that number was simply “ tested for as an example through employ Google ’s advanced hunt . ”Kennedy ’s full update follow :
There ’s been a few stories running around in the sensitive around accessing 70,000 records on the healthcare.gov internet site . Just to note on this , we never get at 70,000 records nor is it directly on the healthcare.gov website ( a sub - site for the infrastructure ) . The telephone number 70,000 was a number that was tested for as an example through utilizing Google ’s advanced search functionality as well as normally pasture the website . No dumping of data point , malicious intent , hacking , or even viewing of the information was done . We do not stand the financial statement from the news program organisation . From a previous blog spot , the selective information shown in the python script was sanitized and not used through Google scraping ( urllib2 python module ) . We ’ve hit out to the news agencies to clear up as these were not our words .
HackersHackingPrivacySecurity
Daily Newsletter
Get the good technical school , science , and acculturation news in your inbox daily .
News from the future , delivered to your present .
You May Also Like
