Healthcare.gov site advertising SQL injection attacks

By Neil Stevens | 1:30 PM on November 18, 2013
The opinions expressed by contributors are their own and do not necessarily represent the views of RedState.com.

healthcare injection

Via Alex Hern on Twitter, we find that the Obamacare website has attempted website attacks in its search box, automatically prompted for you if you type or mistype the right letters or punctuation.

Advertisement

This tells us a few things: there is a lack of polish in the Healthcare.gov website, there are many people who want to break into the website, and there isn’t much confidence in the security of the website. All of these things should be troubling to people with data in that system.

For the curious, let me explain what’s going on with these searches. These searches are attempting variants on a website attack called an SQL Injection attack. SQL is a programming language used very commonly for databases attached to websites, storing information used by the site.

Sites that store information in databases need to take input from the user (such as a URL, or a search box) and put that into a request to the database. The text from the public has to go into the SQL. That’s a problem, because malicious users who understand SQL could put SQL into their searches, running whatever commands they want on the database.

There are ways to fix that, though. The programmer can pre-process the text from the user to remove any ability to harm or control the database. It’s not always easy, because attackers can be tricky, but it’s a solved problem. Sanitizing inputs is a known, defined problem with known, defined solutions at this point. Any website worth anything should be using it, as long as the developers are competent at all.

Advertisement

However, people don’t have much confidence in the government to be fixing this properly. Randall Munroe made light of the problem way back in 2007. So what we’re seeing is that many, many people are attacking Healthcare.gov to test for these basic exploits, enough that the attacks are being suggested in the autocomplete feature!

Further, that the autocomplete feature is not hiding these searches suggests that the developers didn’t even consider that users may attempt these attacks, that the attacks aren’t being hidden in the way that profanities are. So we’re left to wonder: what other attacks didn’t they think about?

If I had data in that website, I would be troubled by this.

Tags: CYBERSECURITY HEALTHCARE.GOV OBAMACARE

Recommended

NYC Man Convicted Over Gunsmithing Hobby After Judge Says 2nd Amendment 'Doesn't Exist in This Courtroom' Jeff Charles
New Mind-Blowing Talking Points Go Out on Pro-Hamas Protests As Libs Scramble for Cover Bonchie
Embattled Republican Tony Gonzales Calls 'The AK Guy' a 'Neo-Nazi,' Brandon Herrera Fires Back Bonchie
Ya Don't Hate 'em Enough: Media Hypes Poll Showing 'High Disapproval' for DeSantis, but There's a Problem Sister Toldjah
Kamala Harris Gets Community Noted and Heavily Ratioed for Massive Hypocrisy in Weed Tweet Nick Arama
Jonathan Turley Decimates the 'Hush Money' Case Against Trump Nick Arama

Join the conversation as a VIP Member

Trending on RedState Videos

Advertisement
Trending
1
NYC Man Convicted Over Gunsmithing Hobby After Judge Says 2nd Amendment 'Doesn't Exist in This Courtroom'
2
New Mind-Blowing Talking Points Go Out on Pro-Hamas Protests As Libs Scramble for Cover
3
Embattled Republican Tony Gonzales Calls 'The AK Guy' a 'Neo-Nazi,' Brandon Herrera Fires Back
4
Ya Don't Hate 'em Enough: Media Hypes Poll Showing 'High Disapproval' for DeSantis, but There's a Problem
5
Kamala Harris Gets Community Noted and Heavily Ratioed for Massive Hypocrisy in Weed Tweet
Bombshell Report Reveals CIA's Rampant Mishandling of Sexual Assault Cases Within Its Ranks
Jeff Charles
Woman Riding LA Metro Near Universal Studios Dies After Being Stabbed in the Neck by a Homeless Man
Matt Funicello
Trump Risks Contempt Charges Over Alleged Violations of Gag Order in NY Hush Money Trial
Jeff Charles
Stunning Arrest: Minnesota State Senator Charged With Burglary Over Father’s Belongings
Jeff Charles
Shocking Twist: Judge Dismisses Cases of Illegal Immigrants for Riot at Southern Border
Jeff Charles
The Skinny on SCOTUS (2023 Term - March)
Susie Moore
Advertisement