Print 37 comment(s) - last by lagomorpha.. on Jan 20 at 12:03 PM

Over 20 vulnerabilities were reported shortly after launched, but the government has neglected to address them was a mess the first couple of months after its October launch, and while many of its issues appear to be clearing up; experts say there are gaping holes in the website's security. 
According to a report from Reuters, cyber security experts have called the U.S. government out on its lack of effort to fix security problems with, which were pointed out shortly after the site's launch last year.
David Kennedy, head of computer security consulting firm TrustedSec LLC, is leading the crusade against the government in an effort to get these security holes patched. He said that he reported over 20 vulnerabilities shortly after launched on October 1, but the government has neglected to address them. 
One of the first vulnerabilities Kennedy found was that hackers could easily obtain the full names and email addresses of Americans who signed up with He said it took him five minutes to write a computer program that imported about 70,000 records in only four minutes. 
Further, Kennedy discovered from a fellow security researcher that hackers could upload malicious code to, allowing them to take control of other users' computers to steal and/or modify data as well as attack other computers. 
"These issues are alarming," said Kennedy.


Kennedy and three other security experts first presented these security flaws at a November Science Committee hearing, where they suggested that the site be shut down immediately. 
The Centers for Medicare & Medicaid Services, which oversees's operations, responded by saying no threats have been detected regarding the health insurance site.  
"To date there have been no successful security attacks on and no person or group has maliciously accessed personally identifiable information from the site," said the federal agency. "Security testing is conducted on an ongoing basis using industry best practices to appropriately safeguard consumers' personal information."
For weeks after's initial launch, the site experienced slow speeds and loading messages preventing users from shopping the health insurance marketplace. 
Back in November, Republican investigators with the House of Representatives Energy and Commerce Committee launched an investigation of the's troubles, and found emails from the project manager back in July 2013 that warned of potential issues that could arise. project manager Henry Chao sent an email out about the site's main contractor, CGI Federal, on July 16 saying that he "needs to feel more confident they are not going to crash the plane at take-off."
Staff shortages, problems with contractors and software issues were among the issues discussed prior to's launch. 
More recently,'s first contractor, CGI Federal -- which launched the site back in October -- was booted in favor of Accenture. CGI Federal's government contract for will expire February 28, 2014, and the contractor said it would not be renewed (more than likely because of all the website's problems). 
Accenture's new one-year contract is worth $45 million USD for the project's initial phase, with a total value of $90 million by the time it expires.

Source: Reuters

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Corrupt Administration
By Argon18 on 1/16/2014 2:50:34 PM , Rating: 4
No mention of the fact that the contractor who built is owned by Michelle Obama's friend and school class mate? Or the fact that the new replacement contractor, Accenture, was a big Obama 2012 campaign donor?

Obama promised to "bring accountability to Washington" and he's done exactly the opposite. Whether its ObamaCare failures, Benghazi lies/coverups, Fast-n-Furious scandal, NSA spying, Record debt, Record deficit, Record numbers on Welfare, Record numbers on Food Stamps, Illegal Senate recess appointments, etc etc the list goes on and on.

What is consistent about every one of these massive failures? Nobody is held accountable! Nobody gets fired, nothing changes. What a turd of a president.

RE: Corrupt Administration
By ritualm on 1/16/2014 2:58:13 PM , Rating: 2
Surprised? Not really. What we see as grossly unacceptable IT security practices are merely seen by those in charge as "business as usual".

RE: Corrupt Administration
By XZerg on 1/16/2014 4:27:49 PM , Rating: 2
Sadly, nobody is held accountable anywhere, under any management or in any country but say communist or dictatorial.

RE: Corrupt Administration
By JediJeb on 1/16/2014 5:03:08 PM , Rating: 3
Yea, there were people executed for the Melamine in infant formula mess over in China, here people could kill half the country with some screw up and if they worked for the government they would just get reassigned with a raise.

RE: Corrupt Administration
By lagomorpha on 1/20/2014 12:03:33 PM , Rating: 2
there were people executed for the Melamine in infant formula mess over in China

But were they the actual people responsible or were they the whipping boys for the wealthy and powerful who profited?

RE: Corrupt Administration
By TSS on 1/16/2014 5:05:32 PM , Rating: 1
So? Just vote republican next time around. I'm sure another war or 2 in some godforsaken places will clear all those problems right up (sarcasm, just incase i have to spell it out).

Don't get me wrong i got suckered in by Obama too, in 2008 when he was preaching change. That changed (oh irony) in a hurry when he appointed pretty much the same staff as Bush had (mostly (ex-)wallstreet bankers etc). I've never been one for outlandish conspiracy theories, but if there ever was a plan by some evil overlords to crush hope, Obama was certainly the one appointed to do it.

I'll still say it though, at this point we can no longer say it's the presidents fault. Wether he recieves orders from above or he's just a plain ol' idjet, doesn't make a difference. The people at fault are the people of the United States now. There's never been a time in US history where it was so blatantly obvious that neither the democratic party or the republican party represented the people anymore. Infact i saw a post on a website the other day saying the majority of americans now identify themselves as "indepentants".

So why are the cronies still in control? Where are the mass protests? The Revolution, yknow, "taxation without reprisentation" and all that? And don't throw "tea party" out there i've read their economical proposals, they're even more suicidal then Abenomics. They're definitly not out for the benifit of the common people.

Have people become too jaded because what happened to the Occupy movement? Because they where as incompetent at organising a protest as the leaders of the US are at running the country? Let's be honest here the "leaders" of the protest held their meetings in the lobby of a nearby bank, sillyest protest i've ever seen.

Honestly i've never really understood this world anyway but it seems i understand it less with each and every day as it spirals further into madness. If anything, I'd guess i'm just hoping for the same thing that everybody else is; wether it's a mass revolt or the final collapse we all know is coming, i'm just hoping it'll all end and go away.

RE: Corrupt Administration
By KCjoker on 1/16/2014 6:27:25 PM , Rating: 3
My solution is to vote out all incumbents regardless of party.

RE: Corrupt Administration
By Dorkyman on 1/17/2014 8:32:32 PM , Rating: 1
Bull. It is a guarantee that if Romney, with his many years of highly-successful business projects, had been elected instead of the great affirmative-action Narcissist, things would be designed and implemented effectively. That's how private enterprise survives--it's either efficient or it dies.

Don't lump R's with the D's on this one. The D's are simply incompetent at this kind of thing.

RE: Corrupt Administration
By powerwerds on 1/16/2014 11:26:28 PM , Rating: 2
I sympathize with your feelings of never having really understood the world anyway. I especially feel that way whenever I consider our entire political system, the people who are running it, and the decisions those people make. Lately the entire lot does seem strikingly mad.

I feel like not only are we going in the wrong direction, but the new decisions that are being made aren't such that would "right the ship," but instead are those that obviously exacerbate the problems further. Truly mad.

RE: Corrupt Administration
By Arsynic on 1/17/14, Rating: 0
RE: Corrupt Administration
By Samus on 1/16/14, Rating: -1
RE: Corrupt Administration
By troysavary on 1/17/2014 6:15:21 AM , Rating: 3
Illegally putting guns in the hands of drug cartels in an attempt to make legitimate gun dealers look like bad guys, then covering it up when American border patrol agents get killed with these same weapons is not a serious issue?

RE: Corrupt Administration
By Piiman on 1/18/2014 1:40:56 PM , Rating: 1
I think you might want to do some more research as FF was started under GB it just had a different name under his administration. But when you simply want to attack someone why let facts get in the way?

RE: Corrupt Administration
By Argon18 on 1/17/2014 10:54:29 AM , Rating: 2
"But fast and furious, benghazi? All that crap is going nowhere because they aren't serious enough issues."

My purpose was to point out the lack of accountability, since this was one of BO's big campaign marketing points.

Sure those two incidents are water under the bridge, but the point is they were both large high-level failures of this administration where American citizens died as a result. That's pretty damn serious IMO.

Fast n Furious is relevant because of this administration's anti 2nd amendment views. Putting a huge weapons cache in drug cartel hands and then "oops, we lost track of it" is big.

Benghazi is relevant because it's the first American diplomat killed in over 3 decades. Not only that, but the series of lies and coverups by the then-Sec of State, Hillary Clinton, who is a possible 2016 POTUS candidate. If the mass media is skewering Chris Christie over some NJ tourism TV commercials, they damn well need to be skewering Hillary.

RE: Corrupt Administration
By nolisi on 1/16/2014 6:27:39 PM , Rating: 2
Fact check some of your claims before posting, please:

As far as the rest, can you name a president in the last 50 years that has a completely clean bill when it comes to promises, cover ups, and spending? By these standards, every president of the last 50 years is a turd. Further, there is a strong degree of likelihood that any candidate that will likely win in 2016 will fail the same tests.

I'm still waiting for people who complain about "a turd of a president" to come up for a real solution that hasn't already been tried to remedy the issues that exist for every president in the oval office.

By the measure of democracy, the president isn't the turd. It's the turd of a citizenry (including yourself) that has failed to do anything about it (except, complain, of course).

RE: Corrupt Administration
By Argon18 on 1/17/2014 10:56:02 AM , Rating: 2
The raindrop never feels responsible for the flood. You can go back to sleep now.

RE: Corrupt Administration
By marvdmartian on 1/17/2014 7:25:39 AM , Rating: 2
Scariest line, ever:

"Don't worry. We're from the government. We're here to help."

RE: Corrupt Administration
By Arsynic on 1/17/2014 9:52:28 AM , Rating: 2
No one is held accountable because the "Fourth Estate" the media has been compromised by Democrat party operative and do the bidding of the Party. That's why with all of this going on, the biggest scandal is "Bridge Gate" because Hillary was promised the throne and Gov. Christie is the only one, so far, who's in her way. There's no reason why this should be a national story two years from a presidential election other than the fact to clear the way for Hillary and distract away from other failures.

The media has covered this local issue more than it's covered national scandals like Benghazi, Fast and Furious, the IRS targeting Tea Party groups to help Obama get reelected, and NSA spying. The media has been compromised and is nothing but a branch of the Democrat National Committee.

RE: Corrupt Administration
By Piiman on 1/18/2014 1:50:32 PM , Rating: 2
So all Media is controlled by Dems? LOL Cool but I have to wonder how they control FOX and every other conservative leaning Media organization?

RE: Corrupt Administration
By HostileEffect on 1/17/2014 1:18:05 PM , Rating: 2
"...Nobody is held accountable! Nobody gets fired..."

One of the perks of a government job, no matter how bad I am at it some days, I know I can never be fired and I always have a paycheck on the 1st and 15th. You just have to be willing eat one persons BS and make your own BS and keep pushing through more BS.

Complain all you want about Obamacare
By amanojaku on 1/16/2014 2:14:18 PM , Rating: 5
The true travesty is the inability to create a website. You know, something every government agency has had for at least 10 years? This isn't protein folding or financial analysis, this is a goddamn user registration page!

RE: Complain all you want about Obamacare
By WLee40 on 1/16/2014 2:15:03 PM , Rating: 2
True, True!!

By Piiman on 1/18/2014 1:53:56 PM , Rating: 2
No even close to being true.

RE: Complain all you want about Obamacare
By ritualm on 1/16/2014 2:41:13 PM , Rating: 2
It's not a bug, it's a feature!

By shabby on 1/16/2014 4:19:22 PM , Rating: 3
That's apple's excuse, and its patented so you can't use it!

By nafhan on 1/16/2014 2:57:39 PM , Rating: 2
I don't know if I'd call it the "true travesty", but if the front door doesn't work, it sure makes you question what's behind it.

By Piiman on 1/18/2014 1:53:29 PM , Rating: 2
Its obvious you have no idea what it takes to make a website to sell insurance from many different Insurers. Its not as simply as you want to believe and it is far more than a registration page.

HIPAA penalties
By danbcheney on 1/16/2014 2:59:17 PM , Rating: 2
There are severe financial penalties for any breaches including jail time for responsible executives specified in the HIPAA/HITECH laws. There must be some serious pressure to get things secured and cleaned up. I've worked in that environment before and top level security isn't easy, but it is certainly doable. Especially with a $90 million budget!

See Bob's comments for clarification of some of the things that can be done to help accomplish this.

RE: HIPAA penalties
By venym76 on 1/16/2014 3:13:50 PM , Rating: 2
-Especially with a $90 million budget!

That $90million is just to fix the website that cost over $640million and doesn't work. What people aren't seeing is that places like Minnesota received $350million for their state site and it doesn't work either. At least the MN head stepped down, not fired, but stepped down.

RE: HIPAA penalties
By Piiman on 1/18/2014 1:55:26 PM , Rating: 2
It does work I bought my Insurance from it. Is Just a Punch Line
By Arsynic on 1/17/2014 9:40:59 AM , Rating: 2
The joke goes this way: "What would happen if you turned a horribly conceived, Frankenstein of legislation into a website?"

This would be entertaining as fuck if my money wasn't involved in it. What's also sad is that the media is intentionally ignoring the biggest caveats of the law: 1) Young people aren't signing up in the numbers required to make the law viable. Which isn't surprising. In order to afford a $300/month healthcare plan you need to actually have a job where you can afford to pay it. Also, the same FUCKING IDIOTIC LAW says that young people can stay on their parent's insurance until they're 26. Imagine if social security only had 1/3 of the people contributing to it and the rest drawing benefits. That's the health care law.

2) People are losing their insurance due to the plans being non-compliant with the healthcare law. Yes, you a single 25 year old male need to purchase a plan with maternity care and which covers Viagra and penis pumps. So along with your affordable health insurance goes your favorite doctor as well. But the media glosses over it because their boy, Dictator Obama, won't invite them to black tie dinners or give them interviews if they're too mean to him.

3) Dictator Obama changing the law at his every whim to benefit himself and his party by delaying key devastating parts of the law until after the midterm elections.

By Piiman on 1/18/2014 1:57:17 PM , Rating: 1
"This would be entertaining as fuck if my money wasn't involved in it. What's also sad is that the media is intentionally ignoring the biggest caveats of the law: 1) Young people aren't signing up in the numbers required to make the law viable. Which isn't surprising. In order to afford a $300/month healthcare plan you need to actually have a job where you can afford to pay it."
do you even know how it works? It doesn't seem like you do?

By Perry Tanko on 1/19/2014 5:51:04 PM , Rating: 3
I have family members who might be using that website.

Time to get out the ole pencil and paper, fill out the paper form, and send that in with two stamps. Forget the Internet, the postal service is where it's at right now.

secure medical information
By WLee40 on 1/16/2014 2:10:37 PM , Rating: 2
For Shame! All the HIPPA bureaucracy stuffed down the throat of medical professionals and our staff and they don't even have the decency to take their own medicine...

Help me out...
By anactoraaron on 1/16/2014 2:34:50 PM , Rating: 2
How can you hack or otherwise attack a website that you can't access?

- 404 page not found

Seems difficult to me... :)

putting resources to good use
By milktea on 1/16/2014 3:48:29 PM , Rating: 2
The government should assign some of the NSA ITs to help fix the security flaws in the Since they're on ppl tax dollars, at least do something useful with them rather than just sitting and collecting meta data ;)

By bug77 on 1/17/2014 9:23:09 AM , Rating: 2
... the main contractor has CGI in its name? That's a nice touch.

"We can't expect users to use common sense. That would eliminate the need for all sorts of legislation, committees, oversight and lawyers." -- Christopher Jennings

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Yahoo Hacked - Change Your Passwords and Security Info ASAP!
September 23, 2016, 5:45 AM
A is for Apples
September 23, 2016, 5:32 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki