Written by: C. Anthony Esposito II
Yet another concern arises for the embattled Healthcare.gov site. Many of you already know of Healthcare.gov and the issues they are now attempting to overcome. These however do not appear to be the only issues affecting the site. A little less than two weeks ago it was discovered that there was a DDos (Denial of Service) attack that had been launched against the site and widely reported. More info on that can be found here (http://www.arbornetworks.com/asert/2013/11/healthcare-gov-dos-tool/ ) Now it appears the site is being plagued with even more issues. A simple visit to the site and the search box shows and auto-completes a list of SQL injections.
A SQL injection is a technique in which an entry field is used to take advantage of non-valid input vulnerabilities with malicious SQL statements. These vulnerabilities pass the SQL commands through the Web application for execution on the back-end database. The malicious SQL statements then take advantage of those vulnerabilities and allow attackers to execute arbitrary SQL queries and commands.
While the SQL injections can cause serious issues, it would appear that these auto filled commands in the search box on Healthcare.gov do not function and they are little more then an eye soar to those who use the site. What it does do however is bring up serious concerns as to the safety and future of the site. All we can do now is hope that they can get the site fixed and secured properly.