Loading...

CAST 2014 Keynote - There Was Not a Breach; There Was a Blog

3,532 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Aug 18, 2014

"There Was Not a Breach; There Was a Blog" by Ben Simo

Like millions of other Americans, Ben Simo visited HealthCare.gov in search of health insurance for a member of his family. And like millions of others, Ben found a frustratingly buggy website that was failing to fulfill its purpose: to educate people on the new health insurance law and help people purchase health insurance. After a few failed attempts at creating an account, Ben put on his tester hat and turned on his web developer tools as he continued his pursuit to get information about insurance options. Ben soon discovered a chain of security vulnerabilities that exposed users of the system to unnecessary risk.

After finding the HealthCare.gov customer service people unequipped to recieve reports of security vulnerabilities, Ben began blogging his discoveries. This spawned a storm of public attention in the midst of the political hot topic of the day. In this storm, Ben gathered a variety of public labels including "security researcher", "web expert", "methodical IT guru", and "not too bright". Ben's reports even came up in congressional hearings, in which the Secretary of Health and Human Services referred to Ben as "a sort of skilled hacker". Ben's reports helped bring attention, and eventually fixes, to problems that suggested a systematic lack of care and understanding of information security. Join Ben as he shares his experience, the issues he has found, and the lessons we can learn from HealthCare.gov.

Loading...


to add this to Watch Later

Add to

Loading playlists...