Double plus ungood reportage
One correction: http://gizmodo.com/hackers-swiped-70-000-records-from-healthcare-gov-in-fo-1505786371
The clarification quoted here is incoherent, much like the original article; I’m not surprised it is being reported incorrectly. What does “a number that was tested for as an example through utilizing Google’s advanced search functionality” even mean?
I came to look at the comments here hoping someone could explain what the heck the correction meant. Glad I’m not the only one the found it rather incomprehensible.
I agree. The fact that he says “no malicious viewing of the data was done” implies that somehow the data could have been viewed. Very confusing. Perhaps intentionally so. It’s hard to post a retraction when even the person who admitted that they were misquoted can’t really give a coherent explanation of what they actually said.
Its sort of like a self-affirming tautology.
Google advanced search operators are just a way to filter the google index:
http://www.googleguide.com/advanced_operators_reference.html
Here, he would have been using something like “site:healthcare.gov inurl:x” potentially. Where X would be a part of the url string that matched individual accounts.
Now, the pages shouldn’t really show up in the search index, so gotcha Gov there. But, that also doesn’t mean any sensitive information is accessible at all.
Another funny side note. Google “result counts” (the number that appears above the search results) are often wildly inaccurate. Often, when you click thru to additional pages in the results, that number drops significantly. Even Google says the first number returned is an inexact estimate of the total results.
I like how he quotes securityheaders.com with 2 “happy findings” and 8 “not so happy findings” and then comes out with: "I quote: “www.healthcare.gov scores worse than approximately 50% of sites out there.”. "
Of course, that’s useless without actually looking at the findings. Several of the results either aren’t actually security issues or may not be security issues depending on how the site is actually structured. And yet, he’s quoting it without any examination as though they’re an authoritative site and that it proves his point…
Confirmation bias. Obamacare bad. See? Here’s the proof! Clearly those jigglypuff liberals are just trying to talk their way around this abominable result. Impeach!
His “retraction” is a lie. He’s suggesting that he never suggested that he had accessed 70,000 records, and that the mdeia screwed up.
He did suggest that he had accessed 70,000 records.
Here he is on Fox News, and in response to the reporter’s question
You say you can access 70,000 records […] within 4 minutes [without hacking the site]
he goes on to use mumbo-jumbo to say how he did it, and never once says that he did not, actually, access 70,000 records.
This topic was automatically closed after 5 days. New replies are no longer allowed.