[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Mail]  [Sign-in]  [Setup]  [Help]  [Register] 

Trump Is Planning to Send Kill Teams to Mexico to Take Out Cartel Leaders The Great Falling Away in the Church is Here | Tim Dilena How Ridiculous? Blade-Less Swiss Army Knife Debuts As Weapon Laws Tighten Jewish students beaten with sticks at University of Amsterdam Terrorists shut down Park Avenue. Police begin arresting democrats outside Met Gala. The minute the total solar eclipse appeared over US Three Types Of People To Mark And Avoid In The Church Today Are The 4 Horsemen Of The Apocalypse About To Appear? France sends combat troops to Ukraine battlefront Facts you may not have heard about Muslims in England. George Washington University raises the Hamas flag. American Flag has been removed. Alabama students chant Take A Shower to the Hamas terrorists on campus. In Day of the Lord, 24 Church Elders with Crowns Join Jesus in His Throne In Day of the Lord, 24 Church Elders with Crowns Join Jesus in His Throne Deadly Saltwater and Deadly Fresh Water to Increase Deadly Cancers to soon Become Thing of the Past? Plague of deadly New Diseases Continues [FULL VIDEO] Police release bodycam footage of Monroe County District Attorney Sandra Doorley traffi Police clash with pro-Palestine protesters on Ohio State University campus Joe Rogan Experience #2138 - Tucker Carlson Police Dispersing Student Protesters at USC - Breaking News Coverage (College Protests) What Passover Means For The New Testament Believer Are We Closer Than Ever To The Next Pandemic? War in Ukraine Turns on Russia what happened during total solar eclipse Israel Attacks Iran, Report Says - LIVE Breaking News Coverage Earth is Scorched with Heat Antiwar Activists Chant ‘Death to America’ at Event Featuring Chicago Alderman Vibe Shift A stream that makes the pleasant Rain sound. Older Men - Keep One Foot In The Dark Ages When You Really Want to Meet the Diversity Requirements CERN to test world's most powerful particle accelerator during April's solar eclipse Utopian Visionaries Who Won’t Leave People Alone No - no - no Ain'T going To get away with iT Pete Buttplug's Butt Plugger Trying to Turn Kids into Faggots Mark Levin: I'm sick and tired of these attacks Questioning the Big Bang James Webb Data Contradicts the Big Bang Pssst! Don't tell the creationists, but scientists don't have a clue how life began A fine romance: how humans and chimps just couldn't let go Early humans had sex with chimps O’Keefe dons bulletproof vest to extract undercover journalist from NGO camp. Biblical Contradictions (Alleged) Catholic Church Praising Lucifer Raising the Knife One Of The HARDEST Videos I Had To Make.. Houthi rebels' attack severely damages a Belize-flagged ship in key strait leading to the Red Sea (British Ship) Chinese Illegal Alien. I'm here for the moneuy Status: Not Logged In; Sign In United States News See other United States News Articles Title: Is My Date on Healthcare.gov Secure? - Committee on Science (19 Nov 2013) Source: scribd/Committee on Science URL Source: http://www.scribd.com/doc/185633740 ... repared-Statements-19-Nov-2013 Published: Nov 19, 2013 Author: nolu chan Post Date: 2013-11-19 23:49:39 by nolu chan Keywords: None Views: 1082 Comments: 1 Is My Date on Healthcare.gov Secure? - Committee on Science (19 Nov 2013) At page 30 of PDF, page 1 of David Kennedy/TrustedSec Security Analysis To Whom It May Concern, November 15, 2013 TrustedSec performed an open-source analysis of the security around the healthcare.gov website. This report contains information regarding the concerns for the security around the website and the ability to keep United States citizen information protected to an adequate level. TrustedSec did not perform analysis through “hacking” techniques, as our organization was not authorized to perform offensive activities against the site. Instead, TrustedSec utilized information readily available on the Internet as well as analysis of information presented back from the website to perform the assessment. What this analysis shows us is that as an attacker, there are known exposures in the healthcare.gov website today that could lead to significant compromise of the website and information. Additionally, the website is integrated into multiple agencies including some of the largest collections of United States citizen data – this includes the Internal Revenue Service (IRS) and other federal agencies. Based on our evaluation of the website, we have serious concerns over the security of the website and the ability to protect information. This document will explain our approach, what was identified, and the future roadmap to ensuring that the website and its integration into multiple agencies can be successful and secure. We appreciate the opportunity to present this information to government officials and look forward to our testimony on November 19, 2013. Sincerely, David Kennedy CEO, Founder - TrustedSec 11565 Pearl Rd. Suite 301 Strongsville, OH 44136 E: INFO@TrustedSec.com At page 44 of the PDF, page 15 of David Kennedy/TrustedSec Security Analysis 4.0 Website Recommendations Complex websites such as this are bound to have exposures and “glitches,” however it appears based on the sheer number of exposures and the lack of formal testing around security that there are systemic and serious concerns with the healthcare.gov website. Based on our experience, in large web applications such as this, there are a few options available in order to address the security concerns with the website. Option 1: Version 2.0 (Highly Recommended) The website that is currently up is functioning in some capacity. The overly complex solution designed for the integration into state exchanges and other areas for real-time display of healthcare programs should be re-written from a code optimization standpoint. In something this complex, if design and code quality weren’t created from the start, the fixes that we see now will only be small patches for a much larger problem. The first option would be to write a second healthcare.gov website in conjunction with what’s currently up and running. This version “2.0” would be completely redesigned from the ground up with security and proper development processes established. Option 2: Shut Down and Fix If the website is shut down for the time being in order to address the situation, this may allow a more rapid response to addressing security concerns with the website. A “penetration test” which is apparently in process on the website is not recommended at this point. A full source code review and dynamic logic testing with use cases on the application should be considered for a more in-depth review. This will alleviate some of the major security issues but based on the complexity and size, the remediation process will span seven to twelve months at a minimum. Option 3: Fix in Production The term “production” refers to a site or application that is already up and running with normal user traffic. In this case, significant changes to a production environment need to undergo extensive testing before promotion from a QA/Dev/Test scenario. In a formal process, coding changes would occur, be tested in a formal setting in a non-production instance and then be promoted to production, or the “live site”. This process definitely slows down the ability to introduce rapid fixes to the website as it could dramatically impact the end-user experience and functionality of the website. Post Comment   Private Reply   Ignore Thread   Top • Page Up • Full Thread • Page Down • Bottom/Latest #1. To: All (#0) Today, Henry Chao testified that 30 to 40% of the Federal website has not been built. That includes the part that processes tax credit payments to insurers. nolu chan  posted on  2013-11-20   0:20:17 ET  Reply   Trace   Private Reply   Top • Page Up • Full Thread • Page Down • Bottom/Latest

[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Mail]  [Sign-in]  [Setup]  [Help]  [Register]  Please report web page problems, questions and comments to webmaster@libertysflame.com