abc
QUICK LINKS:

MNsure Denies Website is Vulnerable, Blames Users

Updated: 11/27/2013 10:28 PM
Created: 11/27/2013 7:37 PM KSTP.com
By: Nick Winkler

MNsure, the state's health care exchange, says the vulnerability 5 EYEWITNESS NEWS exposed recently is not a MNsure vulnerability.

Instead, MNsure blames users who are not following sound security practices.

In our test, Mark Lanterman at Computer Forensic Services in Minnetonka, was able to use a device available to hackers to intercept username and password data.

Lanterman says the simulated attack is not a traditional middle man attack. Instead, he says the device exploits a vulnerability in the MNsure website itself.

However, MN.IT, the state's information technology department that developed MNsure's security, says the problem is not with its web. It says there's not a lot government entities can do to prevent such attacks.

Lanterman disagrees and says websites can be coded in a manner that protects user data even when middle man attacks like the one we performed are launched.

5 EYEWITNESS NEWS has also learned that despite the botched federal health care exchange rollout, even it is more secure than MNsure in terms of the simulated Wi-Fi attack we performed.

Click here for information on cyber security awareness.


Minneapolis/St. Paul

Few Clouds
29°
40° | 24°
  • Feels like: 18° F
  • Wind: N 15mph
  • Humidity: 58%
  • Sat More sun than clouds
    48° | 34°
  • Sun Partly cloudy
    56° | 45°
  • Mon Showers ending by midday
    57° | 37°
  • Tue More sun than clouds
    48° | 33°

Video

KSTP NEWS