End Times and Current Events
February 06, 2023, 08:26:00 pm
Welcome, Guest. Please login or register.

Login with username, password and session length
News: "Search the scriptures; for in them ye think ye have eternal life: and they are they which testify of me." John 5:39 (KJB)
  Home Help Search Gallery Staff List Login Register  

The true cost of Obamacare

December 31, 2022, 10:08:58 am NilsFor1611 says: blessings
August 08, 2018, 02:38:10 am suzytr says: Hello, any good churches in the Sacto, CA area, also looking in Reno NV, thanks in advance and God Bless you Smiley
January 29, 2018, 01:21:57 am Christian40 says: It will be interesting to see what happens this year Israel being 70 years as a modern nation may 14 2018
October 17, 2017, 01:25:20 am Christian40 says: It is good to type Mark is here again!  Smiley
October 16, 2017, 03:28:18 am Christian40 says: anyone else thinking that time is accelerating now? it seems im doing days in shorter time now is time being affected in some way?
September 24, 2017, 10:45:16 pm Psalm 51:17 says: The specific rule pertaining to the national anthem is found on pages A62-63 of the league rulebook. It states: “The National Anthem must be played prior to every NFL game, and all players must be on the sideline for the National Anthem. “During the National Anthem, players on the field and bench area should stand at attention, face the flag, hold helmets in their left hand, and refrain from talking. The home team should ensure that the American flag is in good condition. It should be pointed out to players and coaches that we continue to be judged by the public in this area of respect for the flag and our country. Failure to be on the field by the start of the National Anthem may result in discipline, such as fines, suspensions, and/or the forfeiture of draft choice(s) for violations of the above, including first offenses.”
September 20, 2017, 04:32:32 am Christian40 says: "The most popular Hepatitis B vaccine is nothing short of a witch’s brew including aluminum, formaldehyde, yeast, amino acids, and soy. Aluminum is a known neurotoxin that destroys cellular metabolism and function. Hundreds of studies link to the ravaging effects of aluminum. The other proteins and formaldehyde serve to activate the immune system and open up the blood-brain barrier. This is NOT a good thing."
September 19, 2017, 03:59:21 am Christian40 says: bbc international did a video about there street preaching they are good witnesses
September 14, 2017, 08:06:04 am Psalm 51:17 says: bro Mark Hunter on YT has some good, edifying stuff too.
September 14, 2017, 04:31:26 am Christian40 says: i have thought that i'm reaping from past sins then my life has been impacted in ways from having non believers in my ancestry.
View Shout History
Pages: 1 ... 7 8 [9] 10 11 ... 13   Go Down
Author Topic: The true cost of Obamacare  (Read 22661 times)
Psalm 51:17
Global Moderator
Hero Member
Offline Offline

Posts: 28357

View Profile
« Reply #240 on: January 16, 2014, 11:16:47 am »

Hackers: HealthCare.gov still riddled with potential security issues

Cybersecurity researchers slammed HealthCare.gov's security during a House hearing on Thursday morning, saying the site is still riddled with problems that could put consumers' sensitive health details at risk.

“The reason we’re concluding that this is so shockingly bad is that the issues across the site are so varied,” David Kennedy, founder of the information security firm TrustedSec, told NBC News. “You don’t even have to hack into the system to see big issues – which means there are [major problems] underneath.”

Kennedy was the first of a group of so-called "white-hat hackers" who testified before the House of Representatives Science Committee on Thursday. He previously appeared before the committee on November 19, when he said he was able to identify 18 major issues with the site – without even hacking into it.

“Nothing’s really changed since our November 19 testimony,” Kennedy said during the hearing. “In fact, it’s worse.”

Only half of one of those 18 issues on HealthCare.gov has been fixed since that November meeting, Kennedy said, and he has since learned of more problems with the site. A separate House Oversight committee hearing began Thursday morning with testimony expected from the Department of Health and Human Service's chief information security officer.

TrustedSec isn’t disclosing the specifics of how those vulnerabilities work, as they are active issues that hackers could exploit. But Kennedy did cite issues including the disclosure of user profiles and the “ability to access anyone’s eligibility report on the website without the need for any authentication or authorization.”

Some issues still include critical or high-risk findings to personal information or risk of loss of confidentiality or integrity of the infrastructure itself,” Kennedy said in his written testimony. He also submitted statements from seven other security researchers who expressed serious concerns.

HealthCare.gov is run through the Centers for Medicare and Medicare Services (CMS), which released a statement Thursday insisting the agency takes security concerns seriously and has a “robust system in place” to address potential issues.

“To date, there have been no successful security attacks on Healthcare.gov and no person or group has maliciously accessed personally identifiable information from the site,” CMS said in the statement, adding that it continually conducts security testing on the site.

The committee, which is chaired by Rep. Lamar Smith (R-Tex.), also heard testimony from Michael Gregg, the CEO of security consulting firm Superior Solutions.

Gregg discussed concerns about Healthcare.gov “going up fast,” comparing the process with those of private companies like Microsoft, which roll out products in waves and spend a lot of time testing them. Healthcare.gov didn’t follow that type of process, he said, and the data it contains is a goldmine.

“Hacking today is big business,” Gregg told the committee. “It’s no longer the lone hacker in the basement.”

When questioned by the panel, Gregg and Kennedy both said they would not put their personal information on HealthCare.gov.

The third of the three cybersecurity researchers on the panel disagreed. Waylon Krush, CEO of the security firm Lunarline, stressed that he would put his information on the site.

Krush explained that Lunarline has worked with federal clients, and he used his written testimony to lay out the six-step process that federal information systems use to mitigate risk.

He also criticized Kennedy and Gregg for engaging in what he called speculation, pointing out that “no one at this table” was involved in the setup and management of HealthCare.gov. What’s more, he added, because hacking into the system would be a crime, no one has – at least not legally -- looked deep into the site to fully understand its setup.

“Just as security critics lack the hands on knowledge necessary to make dramatic claims about the site's weaknesses, I cannot claim to understand all of Healthcare.gov's security intricacies,” Krush said in his written testimony.

Gregg argued that a third party should be assigned to do just that: plumb the depths of the site and figure out a way to fix the problems through “an independent assessment.”

Another security researcher, who was not a part of the committee hearing, was not as optimistic.

“If you build a house on a bad foundation and it’s sinking into a swamp, it’s really hard to pick up the house and rebuild the foundation,” said Alex McGeorge, a senior security researcher at Immunity Inc. Companies hire Immunity to hack into their own systems and show vulnerabilities.

“Security isn’t a bolt-on,” McGeorge said. “It’s not easy to retrofit once you have a system up and running.”

This week the Obama Administration booted the original IT contractor, CGI Federal, that managed Healthcare.gov. CGI Federal’s contract will not be renewed in February, and Accenture won the contract instead.

“From a security standpoint, one of the things that’s so interesting about this site is that it’s so dynamic -- and it’s changing quickly,” McGeorge said. “You’ve got so many hands in the pot.”

Unfortunately, “that is the exact opposite of how you create a secure site,” McGeorge said.

There’s also an upside to the ever-changing nature of Healthcare.gov and its stewards: When the site is constantly shifting, it’s tougher for hackers to exploit vulnerabilities they found previously.

“It’s harder to hit a moving target,” McGeorge said. “But a moving target also makes more mistakes.”
Report Spam   Logged
Pages: 1 ... 7 8 [9] 10 11 ... 13   Go Up
Jump to:  

Powered by EzPortal
Bookmark this site! | Upgrade This Forum
Free SMF Hosting - Create your own Forum

Powered by SMF | SMF © 2016, Simple Machines
Privacy Policy