Advice Goddess Blog
Home  •  Columns  •  Blog  •  Features  •  Rude People  •  Amy's Books  •  Bio/Contact  •  Private Sessions  •  Radio Show  •  Speaking Engagements

Amy Alkon

Amy Alkon


SEARCH BLOG


SEARCH AMAZON

'We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites. As an Amazon Associate I earn from qualifying purchases."

Archives



Amy on Twitter

MAIN MENU
Home
Columns
Blog
Features
Rude People
Amy's Books
Bio/Contact
Advice Goddess Radio
Private Sessions


Masthead by
Little Shiva





Goddess' Dog (Aida) aida

Lucy (1998-2013)lucy


4.37
« Previous | Home | Next »
January 21, 2014

Government Built It!
The Obama administration hand-picked the contractor to build the ACA website. That's why hacking expert David Kennedy says he was able to hack into HealthCare.gov in four minutes.

Jessica Chasmar writes in the Wash Times:

Hacking expert David Kennedy told Fox's Chris Wallace that gaining access to 70,000 personal records of Obamacare enrollees via HealthCare.gov took about 4 minutes and required nothing more than a standard browser, the Daily Caller reported.

"And 70,000 was just one of the numbers that I was able to go up to and I stopped after that," he said. "You know, I'm sure it's hundreds of thousands, if not more, and it was done within about a 4 minute timeframe. So, it's just wide open."

"You can literally just open up your browser, go to this, and extract all this information without actually having to hack the website itself," he said.

Mr. Kennedy testified before Congress Thursday that HealthCare.gov was "100 percent" insecure, Washington Free Beacon reported.

Share | Comments (4)



*

Comments

What's the old saying? "If it ain't broke, don't 'fix' it?"

This was a disaster. Still is. I won't go NEAR that website.

Flynne at January 21, 2014 8:16 AM

From the article:

Toni Townes-Whitley, Princeton class of ’85, is senior vice president at CGI Federal, which earned the no-bid contract to build the $678 million Obamacare enrollment website at Healthcare.gov. CGI Federal is the U.S. arm of a Canadian company.

Talk about rewarding failures:
Obamacare Tech Firm Tried, Failed to Build Gun Registry in Canada

Jim P. at January 21, 2014 9:28 AM

Wait, I thought no-bid contracts were supposed to be a bad thing.

Old RPM Daddy (OldRPMDaddy at GMail dot com) at January 21, 2014 10:18 AM

I have no doubt that healthcare.gov is a terrible website, but the article in the Washington Times is completely wrong.

The "researcher" didn't crack the website, he didn't crack it in 4 minutes. He didn't access any records on the website.

He apparently did some unspecified google searching and determined from google searches that the website was built horribly. But even with Google it's not clear that he found anyone's actual records.

Read Kennedy's own post:

https://www.trustedsec.com/january-2014/explaining-security-issues-healthcare-gov/

"
Update 1: There’s been a few stories running around in the media around accessing 70,000 records on the healthcare.gov website. Just to note on this, we never accessed 70,000 records nor is it directly on the healthcare.gov website (a sub-site for the infrastructure). The number 70,000 was a number that was tested for as an example through utilizing Google’s advanced search functionality as well as normally browsing the website. No dumping of data, malicious intent, hacking, or even viewing of the information was done. We do not support the statements from the news organizations. From a previous blog post, the information shown in the python script was sanitized and not used through Google scraping (urllib2 python module). We’ve reached out to the news agencies to clarify as these were not our words.

Update 2: The Washington Times – the author of the story responded and is correcting the article to reflect accurately. Special thanks to them and the fast response.
"

jerry at January 21, 2014 4:34 PM

Leave a comment