Thursday, January 16, 2014

World's Most Famous Hacker calls ObamaCare Site's Complete Lack of Security "Shameful"

You might want to read this before you try to enroll in ObamaCare.

Kevin Mitnick used to be the world's most-wanted cyber criminal. Nowadays, He's one of the most sought after web security experts in the world, and it was in that capacity he issued a report at the request of the House Science, Space and Technology Committee on the ObamaCare website:

Mitnick's letter, submitted to panel Chairman Lamar Smith, R-Texas, and ranking member Eddie Bernice Johnson, D-Texas, held comments from several leading security experts.

"It's shameful the team that built the site implemented minimal, if any, security best practices to mitigate the significant risk of a system compromise." ...

Mitnick concluded that, "After reading the documents provided by David Kennedy that detailed numerous security vulnerabilities associated with the Website, it's clear that the management team did not consider security as a priority."

His comments were backed up by testimony by Kennedy, who is CEO and founder of TrustedSec LLC and a self-described "white hat hacker," meaning someone who hacks in order to fix security flaws and not commit cybercrime. In November, Kennedy and other experts testified before the same panel about security issues on

Kennedy testified that most of the flaws they identified at the time still exist on the site, and said "indeed, it's getting worse," telling the panel that he and other experts have seen little improvement in the past two months.

"Nothing has really changed since our November 19 testimony," Kennedy said.

Not to mention that the ObamaCare 'navigators', mostly recruited from ACORN and similar fraud factories are not even required to go through a criminal background check and have full access to your most intimate personal and financial data. It's an identity thief's paradise.

Other experts who looked at Kennedy's results were even more explicit in how dangerous the site is:

“The site is fundamentally flawed in ways that make it dangerous to people who use it,” said Kevin Johnson, one of the experts who reviewed Kennedy’s findings.

Johnson said that one of the most troubling issues was that a hacker could upload malicious code to the site, then attack other users.

“You can take control of their computers,” said Johnson, chief executive of a firm known as Secure Ideas and a teacher at the non-profit SANS Institute, the world’s biggest organization that trains and certifies cyber security professionals.

Remember, all these experts are doing is a passive investigation - just looking at the code. None of them have been allowed to perform active analysis, an actual attempt to hack the site under supervision in order to fully expose its security flaws. That's something that would in itself be criminal without the regime signing off on it. An needless to say, the Obama Administration is reluctant, to put it mildly, to allow anything like that.

The publicity would be unfortunate, no?

No comments: