Wednesday, October 30, 2013

“High risk”: Document shows HHS launched ObamaCare website without end-to-end security testing « Hot Air

“High risk”: Document shows HHS launched ObamaCare website without end-to-end security testing « Hot Air: "“High risk,” but they launched it anyway. The result: A flaw in the password-reset part of the site that would have made it unusually easy for hackers to fool the site into letting them log on as other users. “This seems really sloppy,” said the IT specialist who uncovered it. The flaw was fixed on Monday night, but it is indeed a bad omen about the rest of the site’s security that something as basic as this went uncorrected for nearly a month. And things might get worse before they get better: Rogers’s point in the clip below isn’t merely that they rushed this thing out without a comprehensive security check, it’s that the ongoing repairs to the site’s functionality could be creating new security holes that they’re not even aware of yet."

'via Blog this'

No comments:

Post a Comment