Information Technology company TrustedSec revealed Monday in a Congressional hearing they discovered profiles from the site indexed on Google as well as numerous security flaws. The company did no direct ‘hacking’ to test the government’s healthcare website,
Instead, TrustedSec utilized information readily available on the Internet as well as analysis of information presented back from the website to perform the assessment. What this analysis shows us is that as an attacker, there are known exposures in the healthcare.gov website today that could lead to significant compromise of the website and information.Additionally, the website is integrated into multiple agencies including some of the largest collections of United States citizen data – this includes the Internal Revenue Service (IRS) and other federal agencies.
In other words, the site holds lots of supposedly private information, but the security is so lax that it may be compromised with little effort using commonly available resources. Additionally, the information is shared among government agencies, further increasing the potential damage to citizens in the case of a security breach.
Based on our evaluation of the website, we have serious concerns over the security of the website and the ability to protect information. This document will explain our approach, what was identified, and the future roadmap to ensuring that the website and its integration into multiple agencies can be successful and secure.
Trusted Sec went on to explain,
…we are confident that the security around the application was not appropriately tested prior to release, that the safeguards to protect sensitive information are not in place, and that there are and will continue to be for a significant amount of time serious security concerns with the website unless direct action is taken to address these concerns
Source: TrustedSec
Photo: Invader Xan on Flickr
All you need to do is to just make use of boards, message boards, free internet dating chat line numbers e-mail notifications and chat alerts, backfloor checks, voice messaging, and the majority more, you can meet up.
I’m truly enjoying the design and layout of your blog. It’s a
very easy on the eyes which makes it much more pleasant for
me to come here and visit more often. Did you hire out a developer to create your theme?
Outstanding work!
I got this website from my friend who shared with me concerning this website
and at the moment this time I am visiting this site and reading very informative articles or reviews here.