World’s Greatest Hacker: Security is ‘Shameful’

Posted by on Jan 16, 2014 at 1:50 pm

Heckuva job, Obama. Have these dolts considered this is one of the primary reasons nobody wants to sign up for ObamaCare? Well, that and the sticker shock, lack of choice and losing your doctor.

Security expert — and once the world’s most-wanted cyber criminal — Kevin Mitnick submitted a scathing criticism to a House panel Thursday of ObamaCare’s website, calling the protections built into the site “shameful” and “minimal.”

In a letter submitted as testimony to the House Science, Space and Technology Committee, Mitnick wrote: “It’s shameful the team that built the site implemented minimal, if any, security best practices to mitigate the significant risk of a system compromise.”

Mitnick’s letter, submitted to panel Chairman Lamar Smith, R-Texas, and ranking member Eddie Bernice Johnson, D-Texas, held comments from several leading security experts.

Mitnick concluded that, “After reading the documents provided by David Kennedy that detailed numerous security vulnerabilities associated with the Website, it’s clear that the management team did not consider security as a priority.”

His comments were backed up by testimony by Kennedy, who is CEO and founder of TrustedSec LLC and a self-described “white hat hacker,” meaning someone who hacks in order to fix security flaws and not commit cybercrime. In November, Kennedy and other experts testified before the same panel about security issues on

Kennedy testified that most of the flaws they identified at the time still exist on the site, and said “indeed, it’s getting worse,” telling the panel that he and other experts have seen little improvement in the past two months.

“Nothing has really changed since our November 19 testimony,” Kennedy said.

Indeed, nothing has.

“I don’t understand how we’re still discussing whether the website is insecure or not,” Kennedy told the committee. “It is insecure – 100 percent. It’s not a question of whether or not its insecure, it’s what we need to do to fix it.”

Before the hearing, Kennedy told Reuters the government has yet to plug more than 20 vulnerabilities that he and other security experts reported to the government shortly after went live on October 1.

Hackers could steal personal information, modify data or attack the personal computers of the website’s users, he said. They could also damage the infrastructure of the site, Kennedy said in an interview with Reuters ahead of Thursday’s testimony.

Wonderful. So when is this mess going to be repealed?


Tags: , ,

Comments are closed.