14 DAY TRIAL // A large number of visitors of HealthCare.gov, the main Obamacare website, have been interested in learning if the site is vulnerable to cross-site scripting (XSS) or SQL injection vulnerabilities.
It probably doesn’t surprise anyone that HealthCare.gov is a complete mess when it comes to privacy and security. Experts are finding DOS tools especially designed to take down the website, and government officials have admitted that at least 16 major cyberattacks had been aimed at it.
Now, the Guardian’s Alex Hern has spotted something interesting. If you write “;” in the search box on the main page of HealthCare.gov, you’re shown a list of SQL commands such as “; select * from users,” or “; show tables.”
If you type “<;” you are presented with a list of HTML commands that have most likely been tried out by a lot of users.
The SQL and the HTML commands don’t work, but this clearly shows that a lot of people are trying to take a crack at the website.