The Star Online: World Updates |
- Exclusive: U.S. government failed to secure Obamacare site - experts
- U.S. to airlift Rwandan forces into Central African Republic
- 'Vaping' a slow burner in China, world's maker of e-cigarettes
Exclusive: U.S. government failed to secure Obamacare site - experts Posted: 15 Jan 2014 09:05 PM PST BOSTON (Reuters) - A group of cyber security professionals is warning that the U.S. government has failed to implement fixes to protect the HealthCare.gov website from hackers, some three months after experts first pointed out the problem. David Kennedy, head of computer security consulting firm TrustedSec LLC, told Reuters that the government has yet to plug more than 20 vulnerabilities that he and other security experts reported to the government shortly after HealthCare.gov went live on October 1. Hackers could steal personal information, modify data or attack the personal computers of the website's users, he said. They could also damage the infrastructure of the site, according to Kennedy, who is scheduled to describe his security concerns in testimony on Thursday before the House Science, Space and Technology Committee. "These issues are alarming," Kennedy said in an interview on Wednesday. The Centers for Medicare & Medicaid Services, the federal agency that oversees the site's operations, provided Reuters with a statement saying it takes the concerns seriously. "To date there have been no successful security attacks on HealthCare.gov and no person or group has maliciously accessed personally identifiable information from the site," the statement said. "Security testing is conducted on an ongoing basis using industry best practices to appropriately safeguard consumers' personal information." HealthCare.gov lets consumers shop for insurance plans under President Barack Obama's Affordable Care Act, which mandates health insurance for all Americans. The site, which is meant to serve millions of consumers in 36 states, was crippled by technology errors in the first two months after its launch on October 1. The Obama administration's efforts to repair the site helped it to work more smoothly beginning in December, but problems with data transmission remain. Kennedy said he last week presented technical details describing the vulnerabilities in the site to seven independent cyber security experts, who reviewed videos of potential attack methods as well as logs and other documentation. They wrote notes to the House Committee saying they were concerned about the site's security, which Kennedy provided to Reuters and will be released on Thursday to the committee led by Republicans who oppose the Affordable Care Act. Members of the security community have been publicly pointing out problems with the site and say they have been privately providing the government with technical details of those issues since early October. At a November Science Committee hearing, Kennedy and three other expert witnesses said they believed the site was not secure and three of them said it should be shut down immediately. 'FUNDAMENTALLY FLAWED' Kennedy and his peers who reviewed his work ahead of Thursday's hearing said the site still has serious security vulnerabilities that can be viewed from the outside. "The site is fundamentally flawed in ways that make it dangerous to people who use it," said Kevin Johnson, one of the experts who reviewed Kennedy's findings. Johnson said that one of the most troubling issues was that a hacker could upload malicious code to the site, then attack other HealthCare.gov users. "You can take control of their computers," said Johnson, chief executive of a firm known as Secure Ideas and a teacher at the non-profit SANS Institute, the world's biggest organization that trains and certifies cyber security professionals. He declined to provide further details about that vulnerability, saying he was concerned the information could be used by malicious hackers to launch attacks. Kennedy said he learned of that particular attack method from another security researcher who had identified and tested it. Yet Kennedy said he identified many other problems on his own, conducting what is known as "passive analysis" of the site, by using an ordinary Web browser and other software tools to look at HealthCare.gov's content and architecture from the outside. He said he did not take the additional step of hacking into the site to look for other problems because he did not have permission from the government. 'ONLY SPECULATING' Waylon Krush, chief executive of a firm known as Lunarline that has done security work for the Department of Health and Human Services, said he questions Kennedy's conclusions that were drawn without launching attacks on the website. "Anybody who brings testimony that says there is a vulnerability on HealthCare.gov is only speculating unless they have actually executed the code, at which point they are hacking a government website and that would be illegal," said Krush, who will also testify before the committee on Thursday. Krush said he has not reviewed Kennedy's findings or done any work on the HealthCare.gov site itself. "If I said everything was perfect, I would just be speculating because I did not work on the site," he said. One security flaw that Kennedy first uncovered and reported to the government in October exposes information including a user's full name and email address. He said he wrote a short computer program in five minutes that automatically collects that data, which was able to import some 70,000 records in about four minutes. He said the information was accessible via the Internet and he did not have to hack the site to get it. He declined to elaborate. John Strand, a principal with Black Hills Information Security and a SANS Institute trainer who also reviewed Kennedy's findings, said he was concerned about what might have been uncovered if Kennedy had conducted a more in-depth probe and actually attempted to hack into the site. He said he supports a recent move by the House of Representatives to force the government to disclose breaches whenever they occur. The government is generally not required to notify the public when its systems are compromised. "We don't know how bad it is because they don't have to tell us," Strand said. Lamar Smith, the Texas Republican chairman of the committee, said in a statement that the government should quickly move to plug the security flaws that have already been reported by security experts. "If Americans' information is not secure, then the theft of their identities is inevitable and dangerous," he said. "The President should take swift action to ensure that the American people are not the next target of cyber criminals." The government said on Saturday that Accenture Plc would replace CGI Federal, a subsidiary of CGI Group, as the lead contractor for the Obamacare enrollment website. |
U.S. to airlift Rwandan forces into Central African Republic Posted: 15 Jan 2014 07:45 PM PST WASHINGTON (Reuters) - The U.S. military will soon begin flying Rwandan troops into the Central African Republic, possibly starting on Thursday, in its second such operation in support the African Union's efforts to stem bloodshed there, a U.S. official said on Wednesday. The U.S. official, speaking to Reuters on condition of anonymity, said the airlift operation could last just over a month and would involve two U.S. military C-17 aircraft. The airlift mission would be very similar to the one the United States carried out flying forces from Burundi into the Central African Republic late last year, the official said. Rwanda's foreign minister has been quoted telling local radio that the country would send around 800 troops. The U.S. aircraft would fly out of Uganda into Rwanda's capital Kigali, where they would load before proceeding onto Bangui in the Central African Republic, the official said. A Muslim rebel coalition, Seleka, seized power in Central African Republic last spring, unleashing a wave of killings and looting that in turn sparked revenge attacks by the "anti-balaka" Christian militia. The United Nations estimates that months of fighting in the landlocked former French colony has displaced around 1 million people, or just over a fifth of the population. The national death toll is difficult to estimate. More than 1,000 people were killed in Bangui alone last month and sporadic violence has continued despite the presence of 1,600 French troops and 4,000 African Union peacekeepers. France's U.N. envoy said on Wednesday that the level of hatred in Central African Republic between Muslims and Christians had been underestimated and is creating a "nearly impossible" situation for African Union and French forces to combat. U.N. Secretary-General Ban Ki-moon is expected to submit a report to the Security Council next month with recommendations for a possible U.N. peacekeeping force that would take over from the African troops. (Reporting by Phil Stewart; Additional reporting by Michelle Nichols and Louis Charbonneau in New York; Editing by Eric Walsh) |
'Vaping' a slow burner in China, world's maker of e-cigarettes Posted: 15 Jan 2014 07:35 PM PST SHANGHAI (Reuters) - When Qu Liang's wife became pregnant, the 30-year-old Shanghai salesman switched from smoking to "vaping", a practice uncommon in China although it is the world's leading producer of electronic cigarettes. E-cigarettes were invented about a decade ago by a Chinese medical researcher and the country supplies nearly all global demand. Puffing on the devices, or vaping, is surging worldwide, but it forms only a tiny part of China's 1.2 trillion yuan (about $200 billion) cigarette business. Now, rising public awareness about the hazards of smoking, coupled with China's hardening stance on smoking in public, is opening up an opportunity for e-cigarettes to make inroads into the world's biggest tobacco market. "As more and more places become off limits to smoking, I find myself using e-cigarettes more often," said Qu. Since starting using the product six years ago for health reasons, Qu has started selling e-cigarettes himself, expanding the business from exports to the domestic market this year. E-cigarettes are mostly sold online in China, where government regulation around the product is still lax. Countries like Singapore and Brazil currently ban e-cigarettes. Centred in the southern metropolis of Shenzhen, Chinese manufacturers including Shenzhen Smoore Technology, FirstUnion Group, Shenzhen Seego Technology Co Ltd and Ruyan Tech make around 95 percent of the world's e-cigarettes, slim, battery-powered metal tubes that turn nicotine-laced liquid into vapour that is inhaled. Vaping is potentially a healthier alternative to smoking as the absence of combustion averts some of the harmful side-effects of tobacco smoke. But a big issue is the lack of long-term scientific evidence to support the safety and effectiveness of e-cigarettes, prompting critics like the British Medical Association to warn of the dangers of their unregulated use. Nevertheless, the e-cigarettes market is growing fast, although it is still only a tiny proportion of the global tobacco business. Last weekend, Hollywood stars Leonardo DiCaprio and Julia Louis-Dreyfus were seen smoking e-cigarettes at the globally televised Golden Globes awards ceremony. Some analysts predict e-cigarettes could outsell conventional cigarettes within a decade, particularly as Big Tobacco grapples with declining sales due to government regulation and health-aware consumers. E-cigarette sales in the United States grew at 115 percent each year between 2009 and 2012, and could grow us much as 240 percent this year, according to experts. The global e-cigarette market could increase fivefold to $10 billion by 2017, according to some estimates. CHINA'S TANTALISING MARKET For Chinese manufacturers of e-cigarettes, while the export market is surging, the domestic potential is tantalising. Even a tiny portion of its 300 million-plus smokers would offer an attractive prize. In 2012, Chinese smoked a total of 2.46 trillion cigarettes - 4.8 per person, per day - and the country accounts for one-third of global consumption. "The harsher control of tobacco is great news for electric cigarettes," said Lai Baosheng, general manager of e-cigarette maker Smoore, adding lax smoking rules in China had previously slowed the development of the business. Beijing has moved to clamp down on smoking, reinforcing a ban on officials smoking in public and increasing the price of tobacco by 5 percent this month. Health authorities said they would enforce a ban on smoking in public places nationwide this year - a law that has long been in the works. Smoore shipped over 100 million e-cigarettes to mostly Europe and the United States in 2013 with a sales value of 800 million yuan, double the level a year before, although Lai says the company is starting to eye the opportunity within China as smoking rules harden. Analysts say China's domestic market would have to eventually open up to e-cigarettes. "There's an unavoidable logic here that eventually no one will smoke regular tobacco on this planet," said Shane MacGuill, London-based tobacco analyst at Euromonitor. "China won't be able to become a kind of ghetto of tobacco, so there will have to be some movement towards an alternative, though how soon it's going to happen I'm not sure. It will happen but it will take longer." Tobacco companies such as British American Tobacco Plc and Philip Morris International Inc as well as independent U.S. firms already source e-cigarettes from China. But e-cigarettes could also give them entry into the Chinese market - currently tobacco sales in China are largely governed by a state monopoly. Tobacco imports made up less than 1 percent of China's market in 2012, according to Euromonitor, with the China National Tobacco Corporation dominating 98 percent of the domestic market, according to a paper from Brookings. E-cigarettes offer a potential route into China's closely controlled tobacco market for brands such as Lorillard Inc's blu e-cigarette, Philip Morris parent Altria's MarkTen, BAT's Vype or Reynolds American Inc's Vuse. With China's large state-owned tobacco firms largely steering clear of e-cigarettes - only one has made an obvious mention of looking into the technology - global Big Tobacco could target wealthier, more health-conscious smokers in China's urban centres. But regulation of China's e-cigarettes market is still in flux, and there are serious obstacles, not least China's reluctance to risk losing the massive tax revenues currently derived from regular tobacco. The country could also decide to control any e-cigarette market as strictly as it does the traditional tobacco industry, leaving little room for outside players. "Nonetheless, I think it has to be seen as a potential way in to the Chinese market," said Eddy Hargreaves, tobacco analyst at Cannacord Genuity. "The potential generally is huge and we'd expect it (to catch on in China), albeit it at a slower rate to the United States and Europe." ($1 = 6.0412 Chinese yuan) (Additional reporting by Shanghai newsroom; Editing by Kazunori Takada and Raju Gopalakrishnan) |
You are subscribed to email updates from World To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
Google Inc., 20 West Kinzie, Chicago IL USA 60610 |
0 ulasan:
Catat Ulasan