Ace of Spades HQ

« Obama To Speak to ~~Press~~ Partisan Supporters at 2:30 Sharp | Main | Politico Magazine Offers Several Reasons Media Dropped The Ball on Vetting Obamacare, But Curiously Never Considers Pro-Obama Bias as a Factor »

December 03, 2013

Security Expert: No Security Built Into Obamcare; Flaws Are Big Enough to Permit Hackers to Use Healthcare.gov to Hack Users' Computers; Could Take a Year to Fix Even Just the High-Priority Flaws

Good God. Video at the link, and it's worth watching.

"We're talking multiple months to over a year to at least address some of the critical-to-high exposures on the website itself."

And that's just to fix the big holes in security, nevermind closing the smaller exploits.

This expert's advice? If you like your identity, you should keep your identity off Healthcare.gov. Period.

“They said they implemented over 400 bug fixes,” he said. “When you recode the application to fix these 400 bugs—they were rushing this out of the door to get the site at least so it can work a little bit—you’re introducing more security flaws as you go along with it because you don’t even check that code.”
“I’m a little bit more skeptical now, and I would still definitely advise individuals to not use the website because it’s definitely something that I don’t believe is secure and neither did the four individuals that testified in front of Congress,” Kennedy said. “I think there’s some major security concerns there around privacy and information, and they haven’t even come close to being addressed, and won’t be in the short term.”

It gets worse, actually. The expert (a white-hat hacker) notes that the federal government is not required to inform users when their security has been compromised.

“States are required to notify in the event of a breach, the federal government is not,” he added. “So in the event that Healthcare.gov gets compromised and all their information gets taken out of it they don’t have to notify anybody.”

I think we can safely predict that Obama will hide this information from the victims of his site, as he's hidden all information from "Obamacare's losers" already.

Legislation Required: The bills floating around Congress should remedy this defect and include a command that victims of security breaches be alerted, and the public generally apprised of how many breaches occur.

And throw in a criminal penalty for responsible officials should they choose to conceal such breaches.

posted by Ace at 03:46 PM

| Access Comments


Advertise Here! Intermarkets' Privacy Policy Support Donate to Ace of Spades HQ! Contact Ace: aceofspadeshq at gee mail.com Buck: buck.throckmorton at protonmail.com CBD: cbd at cutjibnewsletter.com joe mannix: mannix2024 at proton.me MisHum: petmorons at gee mail.com J.J. Sefton: sefton at cutjibnewsletter.com Recent Entries THE MORNING RANT: Government is Paying Manufacturers to Produce Electric School Buses, and Then Paying School Districts to Buy Them Mid-Morning Art Thread The Morning Report — 12/30/24 Daily Tech News 30 December 2024 Sunday Overnight Open Thread - December 29, 2024 [Doof] Gun Thread: Post Christmas and Pre-New Year 2024 Edition! Food Thread: Raccoons, Brisket, And Latkes...A Match Made In Heaven! First-World Problems... The Progressives Love Lawfare...Payback Is A B*tch! Sunday Morning Book Thread - 12-29-2024 ["Perfessor" Squirrel] Absent Friends Bandersnatch 2024 GnuBreed 2024 Captain Hate 2023 moon_over_vermont 2023 westminsterdogshow 2023 Ann Wilson(Empire1) 2022 Dave In Texas 2022 Jesse in D.C. 2022 OregonMuse 2022 redc1c4 2021 Tami 2021 Chavez the Hugo 2020 Ibguy 2020 Rickl 2019 Joffen 2014 AoSHQ Writers Group A site for members of the Horde to post their stories seeking beta readers, editing help, brainstorming, and story ideas. Also to share links to potential publishing outlets, writing help sites, and videos posting tips to get published. Contact OrangeEnt for info: maildrop62 at proton dot me Cutting The Cord And Email Security Cutting The Cord [Joe Mannix (not a cop)] Cutting The Cord: It's Easier Than You Think [Blaster] Private Email and Secure Signatures [Hogmartin] Moron Meet-Ups	« Obama To Speak to ~~Press~~ Partisan Supporters at 2:30 Sharp \| Main \| Politico Magazine Offers Several Reasons Media Dropped The Ball on Vetting Obamacare, But Curiously Never Considers Pro-Obama Bias as a Factor » December 03, 2013 Security Expert: No Security Built Into Obamcare; Flaws Are Big Enough to Permit Hackers to Use Healthcare.gov to Hack Users' Computers; Could Take a Year to Fix Even Just the High-Priority Flaws Good God. Video at the link, and it's worth watching. "We're talking multiple months to over a year to at least address some of the critical-to-high exposures on the website itself." And that's just to fix the big holes in security, nevermind closing the smaller exploits. This expert's advice? If you like your identity, you should keep your identity off Healthcare.gov. Period. “They said they implemented over 400 bug fixes,” he said. “When you recode the application to fix these 400 bugs—they were rushing this out of the door to get the site at least so it can work a little bit—you’re introducing more security flaws as you go along with it because you don’t even check that code.” “I’m a little bit more skeptical now, and I would still definitely advise individuals to not use the website because it’s definitely something that I don’t believe is secure and neither did the four individuals that testified in front of Congress,” Kennedy said. “I think there’s some major security concerns there around privacy and information, and they haven’t even come close to being addressed, and won’t be in the short term.” It gets worse, actually. The expert (a white-hat hacker) notes that the federal government is not required to inform users when their security has been compromised. “States are required to notify in the event of a breach, the federal government is not,” he added. “So in the event that Healthcare.gov gets compromised and all their information gets taken out of it they don’t have to notify anybody.” I think we can safely predict that Obama will hide this information from the victims of his site, as he's hidden all information from "Obamacare's losers" already. Legislation Required: The bills floating around Congress should remedy this defect and include a command that victims of security breaches be alerted, and the public generally apprised of how many breaches occur. And throw in a criminal penalty for responsible officials should they choose to conceal such breaches. posted by Ace at 03:46 PM \| Access Comments <script language="javascript" src="http://adserver.adtechus.com/addyn/3.0/5235/1131537/0/170/ADTECH;loc=700;cookie=info;target=_blank;key=key1+key2+key3+key4;grp=[group]"></script><noscript><a href="http://adserver.adtechus.com/adlink/3.0/5235/1131537/0/170/ADTECH;loc=300;key=key1+key2+key3+key4;grp=[group]" target="_blank"><img src="http://adserver.adtechus.com/adserv/3.0/5235/1131537/0/170/ADTECH;loc=300;key=key1+key2+key3+key4;grp=[group]" border="0" width="300" height="250"></a></noscript>	Recent Comments Thomas Paine: "Jennifer Granholm made over a million dollars on t ..." Defenestratus: "about 15 minutes Posted by: Ciampino - Singing qu ..." SMOD: "An Auburn University study says every single regul ..." pudinhead: "Canada first ... as an invasion dress rehersal. ..." Braenyard - some Absent Friends are more equal than others _ : "The back of the bus is a good place to be...at cer ..." Sharon(willow's apprentice): "Didn't a bunch of school buses catch fire ? I thin ..." Ciampino - Singing quietly has never been my forte: "[b]ISRO - PSLV-CA - SpaDeX [/b] [b]Launch Time: ..." Defenestratus: "49 Electric vehicles will make invading Russia har ..." Lizzy[/i]: ">> Has a school district ANYWHERE been used as a t ..." pudinhead: "48 Has a school district ANYWHERE been used as a t ..." XTC: "40 Just because the manifest unfair siphoning of m ..." Commissar of Plenty and Lysenkoism in Solidarity with the Struggle : "School bus driver charged with driving 32 kids whi ..." Recent Entries THE MORNING RANT: Government is Paying Manufacturers to Produce Electric School Buses, and Then Paying School Districts to Buy Them Mid-Morning Art Thread The Morning Report — 12/30/24 Daily Tech News 30 December 2024 Sunday Overnight Open Thread - December 29, 2024 [Doof] Gun Thread: Post Christmas and Pre-New Year 2024 Edition! Food Thread: Raccoons, Brisket, And Latkes...A Match Made In Heaven! First-World Problems... The Progressives Love Lawfare...Payback Is A Btch! Sunday Morning Book Thread - 12-29-2024 ["Perfessor" Squirrel] Search Search this site: Polls! Polls! Polls! Frequently Asked Questions What is the Deal with the Cowbell? Why is the Ace of Spades called "the Death Card"? The (Almost) Complete Paul Anka Integrity Kick Primary Document: The Audio Paul Anka Haiku Contest Announcement Integrity SAT's: Entrance Exam for Paul Anka's Band AllahPundit's Paul Anka 45's Collection AnkaPundit: Paul Anka Takes Over the Site for a Weekend (Continues through to Monday's postings) George Bush Slices Don Rumsfeld Like an Fckin' Hammer Top Top Tens Democratic Forays into Erotica New Shows On Gore's DNC/MTV Network Nicknames for Potatoes, By People Who Really Hate Potatoes Star Wars Euphemisms for Self-Abuse Signs You're at an Iraqi "Wedding Party" Signs Your Clown Has Gone Bad Signs That You, Geroge Michael, Should Probably Just Give It Up Signs of Hip-Hop Influence on John Kerry NYT Headlines Spinning Bush's Jobs Boom Things People Are More Likely to Say Than "Did You Hear What Al Franken Said Yesterday?" Signs that Paul Krugman Has Lost His Frickin' Mind All-Time Best NBA Players, According to Senator Robert Byrd Other Bad Things About the Jews, According to the Koran Signs That David Letterman Just Doesn't Care Anymore Examples of Bob Kerrey's Insufferable Racial Jackassery Signs Andy Rooney Is Going Senile Other Judgments Dick Clarke Made About Condi Rice Based on Her Appearance Collective Names for Groups of People John Kerry's Other Vietnam Super-Pets Cool Things About the XM8 Assault Rifle Media-Approved Facts About the Democrat Spy Changes to Make Christianity More "Inclusive" Secret John Kerry Senatorial Accomplishments John Edwards Campaign Excuses John Kerry Pick-Up Lines Changes Liberal Senator George Michell Will Make at Disney Torments in Dog-Hell Greatest Hitjobs The Ace of Spades HQ Sex-for-Money Skankathon A D&D Guide to the Democratic Candidates Margaret Cho: Just Not Funny More Margaret Cho Abuse Margaret Cho: Still Not Funny Iraqi Prisoner Claims He Was Raped... By Woman Wonkette Announces "Morning Zoo" Format John Kerry's "Plan" Causes Surrender of Moqtada al-Sadr's Militia World Muslim Leaders Apologize for Nick Berg's Beheading Michael Moore Goes on Lunchtime Manhattan Death-Spree Milestone: Oliver Willis Posts 400th "Fake News Article" Referencing Britney Spears Liberal Economists Rue a "New Decade of Greed" Artificial Insouciance: Maureen Dowd's Word Processor Revolts Against Her Numbing Imbecility Intelligence Officials Eye Blogs for Tips They Done Found Us Out, Cletus: Intrepid Internet Detective Figures Out Our Master Plan Shock: Josh Marshall Almost Mentions Sarin Discovery in Iraq Leather-Clad Biker Freaks Terrorize Australian Town When Clinton Was President, Torture Was Cool What Wonkette Means When She Explains What Tina Brown Means Wonkette's Stand-Up Act Wankette HQ Gay-Rumors Du Jour Here's What's Bugging Me: Goose and Slider My Own Micah Wright Style Confession of Dishonesty Outraged "Conservatives" React to the FMA An On-Line Impression of Dennis Miller Having Sex with a Kodiak Bear The Story the Rightwing Media Refuses to Report! Our Lunch with David "Glengarry Glen Ross" Mamet The House of Love: Paul Krugman A Michael Moore Mystery (TM) The Dowd-O-Matic! Liberal Consistency and Other Myths Kepler's Laws of Liberal Media Bias John Kerry-- The Splunge! Candidate "Divisive" Politics & "Attacks on Patriotism" (very long) The Donkey ("The Raven" parody) Syndicate this site (XML) Powered by Movable Type 2.64