World’s greatest hacker calls security ‘shameful’

  • ghost in the wires 660.jpg

    The cover of “Ghost in the Wires,” the autobiography of notorious computer hacker and security expert Kevin Mitnick. (Little, Brown & Company)

  • 2014 screenshot.jpg

    A screenshot of the website, which a group of leading security experts warn has significant security flaws. (

Security expert — and once the world’s most-wanted cyber criminal — Kevin Mitnick submitted a scathing criticism to a House panel Thursday of ObamaCare’s website, calling the protections built into the site “shameful” and “minimal.”

In a letter submitted as testimony to the House Science, Space and Technology Committee, Mitnick wrote: “It’s shameful the team that built the site implemented minimal, if any, security best practices to mitigate the significant risk of a system compromise.”

Mitnick’s letter, submitted to panel Chairman Lamar Smith, R-Texas, and ranking member Eddie Bernice Johnson, D-Texas, held comments from several leading security experts.

Mitnick concluded that, “After reading the documents provided by David Kennedy that detailed numerous security vulnerabilities associated with the Website, it’s clear that the management team did not consider security as a priority.”

His comments were backed up by testimony by Kennedy, who is CEO and founder of TrustedSec LLC and a self-described “white hat hacker,” meaning someone who hacks in order to fix security flaws and not commit cybercrime. In November, Kennedy and other experts testified before the same panel about security issues on

Kennedy testified that most of the flaws they identified at the time still exist on the site, and said “indeed, it’s getting worse,” telling the panel that he and other experts have seen little improvement in the past two months.

“Nothing has really changed since our November 19 testimony,” Kennedy said.

Only one-half of a vulnerability has been found and plugged since then, he told the committee. “They did a little bit of work on it and it’s still vulnerable today.”

Also speaking at the panel were Michael Gregg, chief executive officer of Superior Solutions, Waylon Krush, co-founder and CEO of Lunarline, and Dr. Lawrence Ponemon, chairman and founder of the Ponemon Institute.

There have been no confirmed security breaches or hacks of the site yet, despite the alarming current and past testimony from the panel. (At the November panel, Kennedy said the website “may have already been hacked.”) The flaws that have been found are mere speculation, pointed out Krush, whose firm has done security work for the Department of Health and Human Services.

“Nobody here at this table can tell you there is a vulnerability,” he said during testimony. To actually test the flaws would require hacking the website itself, which would mean breaking the law, he noted.



Awesome stuff!

Shows what the Fake AV Scammer’s really do to your PC.

Land of the Free? I think not.

Obama administration collecting phone records of millions daily...
Secret court order requires VERIZON to hand over ALL CALL DATA...
WH defends: Critical tool against 'terrorist threats'...
Specifically targeted Americans, not foreigners...
'Homeland Security': Laptops, phones can be searched based on hunches...
NSA downloading 1.7 billion bits of info from internet every day...
'1984' Published 64 Years Ago Today...

This must stop NOW!

Critical Linux vulnerability imperils users, even after “silent” fix

Critical Linux vulnerability imperils users, even after “silent” fix