Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»Latest Breaking News»U.S. healthcare website h...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Latest Breaking News

Related: General Discussion, Editorials & Other Articles

alp227

(31,994 posts) Tue Nov 19, 2013, 01:25 PM Nov 2013

U.S. healthcare website has security bugs, expert warns Congress

Source: Reuters

The website at the center of U.S. President Barack Obama's healthcare overhaul has security flaws that put user data at "critical risk" despite recent government assurances it is safe to use, a respected security expert said on Tuesday.

"There are actual, live vulnerabilities on the site now," David Kennedy, head of computer security consulting firm TrustedSec LLC, told Reuters before testifying at a congressional hearing on the topic "Is My Data on HealthCare.gov Secure?"

Kennedy, a former U.S. Marine Corps cyber-intelligence analyst, presented a 17-page report describing the problems to the House Science, Space and Technology Committee. It does not go into specifics in some areas, he said, because that could provide criminals with a blueprint for launching attacks.

The website is an online exchange that allows consumers to shop for insurance plans under Obama's Affordable Care Act, which mandated that Americans have health insurance and created new marketplaces to buy and sell policies.

Read more: http://www.reuters.com/article/2013/11/19/us-usa-healthcare-security-idUSBRE9AI0NR20131119

InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 9 replies, 1589 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (1) ReplyReply to this post
9 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
U.S. healthcare website has security bugs, expert warns Congress (Original Post) alp227 Nov 2013 OP
And I guarantee that the GOPers are giddy as hell Iliyah Nov 2013 #1
Yeah, they call it NSA surveillance. nt valerief Nov 2013 #2
The founder and CEO of this company has made guest appearances on Fox and BBC bocephus0706 Nov 2013 #3
Christ what next? I swear they're doing this shit on purpose. Myrina Nov 2013 #4
if there weren't any problems, how could they train us to ignore them? MisterP Nov 2013 #6
Here's the first part of this article: TwilightGardener Nov 2013 #5
enrollment is thru March'14 quadrature Nov 2013 #7
Sounds like someone is mad that "TrustedSec LLC" didn't get in on the contract. PSPS Nov 2013 #8
As a federal website, they embedded a lot of private third party libraries.. Jesus Malverde Nov 2013 #9

Iliyah

(25,111 posts)
1. And I guarantee that the GOPers are giddy as hell
Reply to alp227 (Original post)
Tue Nov 19, 2013, 01:32 PM
Nov 2013

although some of those breaches I believe are GOPers in nature.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

bocephus0706

(27 posts)
3. The founder and CEO of this company has made guest appearances on Fox and BBC
Reply to alp227 (Original post)
Tue Nov 19, 2013, 02:19 PM
Nov 2013

And got his start at with the NSA.hmmmmm

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Myrina

(12,296 posts)
4. Christ what next? I swear they're doing this shit on purpose.
Reply to alp227 (Original post)
Tue Nov 19, 2013, 02:34 PM
Nov 2013

Were there no serious and objective IT firms available for this program?

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

TwilightGardener

(46,416 posts)
5. Here's the first part of this article:
Reply to alp227 (Original post)
Tue Nov 19, 2013, 03:39 PM
Nov 2013

"Republicans opened a second front in their political battle against President Barack Obama's healthcare program on Tuesday, with a coordinated effort to convince Americans not only that its main enrollment website is broken but that personal data is vulnerable to theft.

In a Republican-sponsored hearing in the U.S. House of Representatives, three security experts said HealthCare.gov has security flaws that put user data at risk despite government assurances."
TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

PSPS

(13,571 posts)
8. Sounds like someone is mad that "TrustedSec LLC" didn't get in on the contract.
Reply to alp227 (Original post)
Tue Nov 19, 2013, 09:52 PM
Nov 2013

But I'm sure he can provide just the fixes that are needed, right?

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Jesus Malverde

(10,274 posts)
9. As a federal website, they embedded a lot of private third party libraries..
Reply to alp227 (Original post)
Tue Nov 19, 2013, 09:56 PM
Nov 2013

To me as programmer it's weird to see the site load all these libraries hosted on private external servers. Hack any of them and you have hacked healthcare.gov

//dnn506yrbagrg.cloudfront.net/pages/scripts/0011/1179.js?384697

//s.ytimg.com/yts/jsbin/www-widgetapi-vflyFvlBB.js

//stats.g.doubleclick.net/dc.js

www.googletagmanager.com/gtm.js?id=GTM-FQF

//rum-static.pingdom.net/prum.min.js

//plus.google.com/112755994883163074657

//cdn.optimizely.com/js/166688199.js

google-analytics.com

//static.chartbeat.com/js/chartbeat.js

These are actual, live vulnerabilities on the site now.

Some more technical info http://builtwith.com/?https%3A%2F%2Fwww.healthcare.gov%2F

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
Reply to this discussion
Latest Discussions»Latest Breaking News»U.S. healthcare website h...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.