Andrew Gillan of Janus Henderson Investors says he likes markets in the Philippines and Indonesia, and explains why it's difficult to invest in Vietnam despite its...Investingread more
China has other "weapons" in its trade battle with the United States — and selling off its U.S. Treasury holdings will not be one of them, said Richard McGregor, senior fellow...China Economyread more
Deutsche Bank Wealth Management's global chief investment officer predicted the Federal Reserve will cut interest rates twice in the next 12 months, but chances of a four-time...US Economyread more
Google's services have been blocked in China for several years, but the company still has businesses there, as the tech giant seeks to sell products to Chinese firms in...Technologyread more
Netflix can sustain its lofty valuation only if global subscriber growth can support increasing content spending and debt.Technologyread more
Germany online bank N26 said it raised a huge $170 million in additional funding, valuing the six-year-old fintech start-up at $3.5 billion.Technologyread more
Stocks in Asia traded lower on Thursday afternoon. Australia's jobs data showed the net number of jobs created was far below expectations.Asia Marketsread more
The House voted to table a resolution to start impeachment proceedings against President Donald Trump introduced by Rep. Al Green.Politicsread more
A photo editing app has introduced a few new wrinkles to the faces of celebrities — and to the ongoing discussion around personal digital security, NBC reports.Technologyread more
Property price gains across the wider U.K. have been slowing since 2016, according to the U.K.'s Office for National Statistics.Real Estateread more
The International Monetary Fund on Wednesday said that the U.S. dollar was overvalued by 6% to 12%, based on near-term economic fundamentals, while the euro, Japan's yen and...World Economyread more
A group of cyber security professionals is warning that the U.S. government has failed to implement fixes to protect the HealthCare.gov website from hackers, some three months after experts first pointed out the problem.
David Kennedy, head of computer security consulting firm TrustedSec LLC, told Reuters that the government has yet to plug more than 20 vulnerabilities that he and other security experts reported to the government shortly after HealthCare.gov went live on October 1.
Hackers could steal personal information, modify data or attack the personal computers of the website's users, he said. They could also damage the infrastructure of the site, according to Kennedy, who is scheduled to describe his security concerns in testimony on Thursday before the House Science, Space and Technology Committee.
"These issues are alarming," Kennedy said in an interview on Wednesday.
The Centers for Medicare & Medicaid Services, the federal agency that oversees the site's operations, provided Reuters with a statement saying it takes the concerns seriously.
"To date there have been no successful security attacks on HealthCare.gov and no person or group has maliciously accessed personally identifiable information from the site," the statement said.
"Security testing is conducted on an ongoing basis using industry best practices to appropriately safeguard consumers' personal information."
HealthCare.gov lets consumers shop for insurance plans under President Barack Obama's Affordable Care Act, which mandates health insurance for all Americans.
The site, which is meant to serve millions of consumers in 36 states, was crippled by technology errors in the first two months after its launch on October 1. The Obama administration's efforts to repair the site helped it to work more smoothly beginning in December, but problems with data transmission remain.
Kennedy said he last week presented technical details describing the vulnerabilities in the site to seven independent cyber security experts, who reviewed videos of potential attack methods as well as logs and other documentation.
They wrote notes to the House Committee saying they were concerned about the site's security, which Kennedy provided to Reuters and will be released on Thursday to the committee led by Republicans who oppose the Affordable Care Act.
Members of the security community have been publicly pointing out problems with the site and say they have been privately providing the government with technical details of those issues since early October.
At a November Science Committee hearing, Kennedy and three other expert witnesses said they believed the site was not secure and three of them said it should be shut down immediately.
(Read more: Obamacare)
Kennedy and his peers who reviewed his work ahead of Thursday's hearing said the site still has serious security vulnerabilities that can be viewed from the outside.
"The site is fundamentally flawed in ways that make it dangerous to people who use it," said Kevin Johnson, one of the experts who reviewed Kennedy's findings.
Johnson said that one of the most troubling issues was that a hacker could upload malicious code to the site, then attack other HealthCare.gov users.
"You can take control of their computers," said Johnson, chief executive of a firm known as Secure Ideas and a teacher at the non-profit SANS Institute, the world's biggest organization that trains and certifies cyber security professionals.
He declined to provide further details about that vulnerability, saying he was concerned the information could be used by malicious hackers to launch attacks.
Kennedy said he learned of that particular attack method from another security researcher who had identified and tested it.
Yet Kennedy said he identified many other problems on his own, conducting what is known as "passive analysis" of the site, by using an ordinary Web browser and other software tools to look at HealthCare.gov's content and architecture from the outside.
He said he did not take the additional step of hacking into the site to look for other problems because he did not have permission from the government.
Waylon Krush, chief executive of a firm known as Lunarline that has done security work for the Department of Health and Human Services, said he questions Kennedy's conclusions that were drawn without launching attacks on the website.
"Anybody who brings testimony that says there is a vulnerability on HealthCare.gov is only speculating unless they have actually executed the code, at which point they are hacking a government website and that would be illegal," said Krush, who will also testify before the committee on Thursday.
Krush said he has not reviewed Kennedy's findings or done any work on the HealthCare.gov site itself.
"If I said everything was perfect, I would just be speculating because I did not work on the site," he said.
One security flaw that Kennedy first uncovered and reported to the government in October exposes information including a user's full name and email address. He said he wrote a short computer program in five minutes that automatically collects that data, which was able to import some 70,000 records in about four minutes.
He said the information was accessible via the Internet and he did not have to hack the site to get it. He declined to elaborate.
John Strand, a principal with Black Hills Information Security and a SANS Institute trainer who also reviewed Kennedy's findings, said he was concerned about what might have been uncovered if Kennedy had conducted a more in-depth probe and actually attempted to hack into the site.
He said he supports a recent move by the House of Representatives to force the government to disclose breaches whenever they occur. The government is generally not required to notify the public when its systems are compromised.
"We don't know how bad it is because they don't have to tell us," Strand said.
Lamar Smith, the Texas Republican chairman of the committee, said in a statement that the government should quickly move to plug the security flaws that have already been reported by security experts.
"If Americans' information is not secure, then the theft of their identities is inevitable and dangerous," he said. "The President should take swift action to ensure that the American people are not the next target of cyber criminals."
The government said on Saturday that Accenture Plc would replace CGI Federal, a subsidiary of CGI Group, as the lead contractor for the Obamacare enrollment website.