Healthcare.gov ‘may already have been comprised’ security experts stated over two weeks ago on November 19th during a committee hearing on security concerns surrounding the problematic healthcare.gov website. This comes from the statements made by four different Security Expert’s working for TrustedSEC, an information security firm. All four cyber security expert’s unanimously concurred that, given the security issues, Americans should Not Use the Site.
- I posted this article literally 2 weeks before it was finally covered by Mainstream Media and a week before NBC even mentioned it. You have got to start questioning the Mainstream Media for only now mentioning the committee hearing on security when it should have been brought to ALL AMERICANS attention that the site is not protected and nor was security ever considered. Here is the link to the CNBC article.
“Hackers are definitely after it”, stated the CEO of TrustedSEC David Kennedy. “And if I had to guess, based on what I can see…I would say the website is either hacked already or will be soon”. Kennedy based this on an analysis revealing a large number of SQL injection attacks against the healthcare.gov website.
What is an SQL Injection? What does a large amount of SQL Injections mean?
According to Acunetix,a web application security website, A SQL Injection is a web attack mechanism used by hackers to steal data from organizations. It is the type of attack that takes advantage of improper coding of web applications that allows a hacker to inject SQL commands into a login form to allow them to gain access to the data held within your database. Databases, such as the healthcare.gov website, store data needed for websites to deliver specific content to visitors and render information to customers, suppliers and employee’s. User credentials, financial and payment information, and company statistics may all be resident within a database.
A SQL Injection Example: Take a simple login page where a legitimate user would enter their username/password combo to enter a secure area to view their personal details. When a legitimate user submits their details, an SQL is generated from these details and submitted to the database for verification. If valid, the user is allowed access. Through an SQL Injection the hacker inputs a SQL command, bypasses the login form barrier and allows the hacker to view whats on the database. In sum SQL Injections give a hacker the ability to communicate directly to the database.
In the context of the healthcare.gov website, which thousands have found that they can input their personal information into the healthcare database, such as Social Security Numbers, Bank Accounts, Addresses and health insurance records, we see that one of the major issues comes about, AKA the Glitches. One of the major issues we have heard about is users unable to regain access back into their accounts via the login page after they have created an account and put their personal information into the database.
To my second question, What does a large amount of SQL Injection’s mean?
It means that when large amounts of SQL Injections are seen against a website, such as what is happening against healthcare.gov, it is indicative of a large amount of hacking attempts. Take for instance David Kennedy’s statement that, “Based on the exposures that I identified – if a hacker wanted access to the site or sensitive information – they could get it”. What we are now left with is the question of the security of the website, wouldn’t there be some form of security that has already been set up to prevent/protect us?
The answer is simple, “One key problem facing healthcare.gov is that security wasn’t built into the site from the very beginning” stated Kennedy. Kennedy as well as Fred Chang, who serves as a distinguished chair in cyber security at Southern Methodist University, share this opinion as to a huge issue with healthcare.gov.
Security on behalf of the American people does not come first for this administration seen in the absolute lack of attention to this major security flaw, but it doesn’t end there. Remember the Obamacare Navigators are not required to submit to a background check and already we have found numerous cases exposing them as being felons as well as Illegal Aliens.
On that note ill leave you to question the government and warn you, Do Not use the healthcare.gov website and Do Not go to an Obamacare Navigator! Spread the word about this and please don’t believe this administration.
Ask Yourself This One Question
The Administration knew damn well in advance that the website was not ready for the October 1st rollout and yet they went ahead and did it. Why would that be when they knew each and every one of us were putting our personal information and security into the database but it couldn’t be protected?
- Hearing: Security Flaws in Obamacare Website Endanger Americans (freebeacon.com)
- Exclusive: Expert to warn Congress of Healthcare.gov security bugs (news.yahoo.com)
- Healthcare.gov ‘may already have been compromised,’ security expert says (deserteagletech.wordpress.com)
- SQL Injection Playground (jcosentino11.wordpress.com)
- Great news: Healthcare.gov still has “critical risk” security flaws (hotair.com)
- Healthcare.gov site advertising SQL injection attacks (redstate.com)
- Terrified Obama Trapped Inside Healthcare.gov Website (theonion.com)
- Security expert David Kennedy to warn Congress of Healthcare.gov security bugs – @Reuters (reuters.com)