This page has been archived and commenting is disabled.
ObamaCare Hackathon: Healthcare.gov May Expose Social Security Numbers
The Obamacare tech team should add another pressing cyber issue to its to-do list. As Mother Jones reports, web secuirty experts warn that that Healthcare.gov (and various state exchanges), the Obamacare websites, has a security flaw that could make sensitive user information, including Social Security numbers, vulnerable to hackers. The website, reportedly, has a coding problem that could allow hackers to deploy a technique called "clickjacking," where invisible links are planted on a legitimate web page. Using this scheme, hackers could trick users into giving up personal data as they enter it into the web site, potentially placing Americans at risk of identity theft or allowing fraudsters to file bogus health care claims.
...
it's not just the federal exchange that has security problems. Some of the 15 states that have established their own online exchanges aren't using standard encryption throughout their Obamacare websites—leaving user information at risk.
...
Here's the problem: When an American signs up for Obamacare online, they must enter a good deal of personal information to verify identity—including name, Social Security number, phone number, email address, income, and employer—and identifying information for their family members. In the majority of states, Americans will enter this information directly into the Healthcare.gov website.
Kyle Wilhoit, a threat researcher at Trend Micro, a Japanese security software company, studied the Healthcare.gov portal with his security team and found a "moderate risk" for hacking due to an easy-to-fix coding problem that leaves the site vulnerable to clickjacking.
...
"Common clickjacking would be a popular method to attempt to exploit [the site]" says Wilhoit. "Hackers could use this information in the creation of fake identities, fake credit cards, and fake accounts very easily." He adds that it's relatively easy to fix, although the fixed code would need to rolled out on multiple Healthcare.gov pages and potentially state websites as well.
Asked about clickjacking concerns, the Department of Health and Human Services (HHS) referred Mother Jones to this security statement, which says that Americans don't need to worry: "If a security incident occurs, an Incident Response capability would be activated, which allows for the tracking, investigation, and reporting of incidents."
...
Some state Obamacare sites could be significantly more vulnerable than the federal portal. Healthcare.gov site uses a common form of encryption called Secure Sockets Layer (SSL), which prevents information from being intercepted by a hacker after you click "send" (SSL doesn't defend against most clickjacking). But the 15 states currently running their own independent Obamacare websites do not have explicit instructions from the HHS to use SSL.
...
"These state sites...represent more viable targets for direct attack" than the federal data hub, Budd argues. And hackers have been known to target state healthcare programs—last year, over 280,000 Social Security numbers were stolen from Utah's Medicaid server.
...
Many security experts argue that Healthcare.gov's code would quickly improve if it was open source—posted publicly for other programmers to examine, adapt, and improve. In fact, the code for the site was originally supposed to be open source. But HHS removed its code from open-source websites after developers complained they had trouble distinguishing which code belonged to which part of the website. Since then, all of Healthcare.gov's coding mistakes have happened behind closed doors.
So apart from low sign-up rates, inability to handle visitor volumes, FUBAR Account creation, incorrect pricing guidelines, helpline overload, and security holes... Obamacare is a great success so far
»
- 10268 reads
- Printer-friendly version
- Send to friend
- advertisements -
Problems? Dial 1 800 FU....
Anybody know how much Obamacare has cost so far?
Nothing, compared to what it's going to cost everyone in standard of living.
Mother Jones? That shill??
"Hellcare.gov May Expose Social Security Numbers"?
Is that a threat? With the tacit approval of the Social Security Administration?!?
ELEVENTY!11!!!
<<<<< Obamacare is a flesh-eating virus.
<<<<< The ACA is revenue neutral, will lower healhcare costs, and you can keep your same plan and doctor if you want.
Needy up-arrow whore! ;)
+1
..just searching for love anywhere I can get it
MomJo shills for the Left Wing Looney Tunes.
If they are saying something is broken, it must be REALLY broken - on the verge of vaporizartion.
This is an incredibly big disaster - and no one with any sense will even visit the site - let alone try to use it.
-30-
Call me cynical, but I wouldn't be at all surprised if the healthcare.gov site was sabotaged on purpose. Then Obama can act tough, call in the A-Team, get it fixed in about six weeks, and let everyone know once again that he's saved us. For all we know, the beta tests went fine and then they threw in some errors for the initial deployment.
No.
It's fucked.
Hell no, I won't go!
Just sign-up on the Provider's company website. They each have one with the same plans listed on the .gov exchange. Don't forget to set the pricing to "2014".
If you qualify for a subsidy, take a tax credit on your TY2014 form 1040 (if you can afford to wait).
Don't dip your spoon into that steaming bowl of FUBAR.
Exactly.
I read Mother Jones from time to time just to see what smoke the Red Team is blowing up my ass.
When I read stuff in MK that could come from National Review, then Houston we have a problem...
Obamacare could directly cause Cancer, sterility, blindness and poverty - Doesn't matter, because it's the democratically elected psychopath's legacy at stake...Where's your fucking priorites??
Consult a physician if you catass for more than 4 hours while trying to login to the federal exchange website.
..at least Barry does not have to worry about his genuine Connecticuit SSN because he only needs is for posturing.
Re: Anybody know how much Obamacare has cost so far?
The people I know ready to loot it are hoping at it "cost" at least as much as Big-MIC.
It's the government, who cares about cost as long you are personally getting the loot?
"...it "cost" at least as much as Big-MIC."
Rasis.
Healthcare.gov is $680 million with $98 million going to Canadian firm.
It is broken but they got paid.
A Bloomberg study out earlier this week talked about $1Billion+ and all they did was look at "ACA" on contracting bid databases to come up with a number MUCH higher than previous government estimates. Google Bloomberg Obamcare Cost or some-such and you'll find it.
Eric Dubin, Managing Editor, TheNewsDoctors.com
BTW, check this out. It's a really funny video on Obamacare http://thenewsdoctors.com/creepy-uncle-sam-is-back/
Here's the Bloomberg analysis: http://about.bgov.com/2013-10-24/late-it-cash-surge-foreshadowed-health-...
Anybody know how much Obamacare has cost so far?
Cost? In terms of what, exactly? And to WHOM, and WHEN?
Monetary cost to produce it, or cost of the damage it will ultimately cause, or both?
There are sure to be other "costs" as well. Anyone who thinks they know the answer is a fool.
There is probably a number made up by someone somewhere at OMB that purports to answer your question, but, in the immortal words of Hillary, "what difference does it make?!"
The greatest cost will be in terms of liberty and privacy, or the lack thereof.
You'll be protected by the same people who still can't find Rachel from Card Services.
But. Free birth control. Should help lower reproduction in those urban areas full of degenerates. Thanks Obama
Rasis.
when it doesn't do ya think that they are gonna suggest forced sterilization?
YES. (sarc/ off)
Along those lines, what's insane is how liberals will scream and demonstrate to the ends of the earth on abortion, specifically how NOTHING must ever come between a woman and her doctor. But they are perfectly fine in creating the biggest govt bureacracy on earth known as 0zer0care that puts 2 layers between the woman and her doctor (govt and insurance) for EVERY healthcare decision she is going to make for the rest of her life, including her partner's life, and her children's lives. Say that to a liberal and watch their heads explode.
Bush's fault.
I think Barry care is going one place, and one place only...
Straight back up Barry's ass, where it came from..........
obongocare was designed to fail... this is an interim step towards a single payer system that our owners so desire.
"obongocare" - good one John! /sarc
Thats the website 's best feature.Prolly designed in by the NSA.
Makes you wonder if the govt. spying is truly a threat.I'm sure the same level
of total incompetence is prevalent there as well.Maybe moreso seeing there is
no oversight at all.The data center doing frquent impersonations of a TESLA car
does makes you wonder.
The emperor is a lot more naked than people realize. There is perception then reality, they tend to not reside in the same plane. The competence of this shit show called the healthcare exchange website is not an isolated problem but a symptom of something bigger.
Thats fine, most who need to sign up don't have viable SSNs to steal, what FICO of 550 at best.....no new credit lines with that mess.. Now if they can steal EBT numbers???
Bragging rights. Surprised it has taken this long for Anon to get around to exploiting the web-site, perhaps they still blindly worship their O'savior.
$290, 000, 000 to infinity. No surprise. Ultimately, it will be the IRS' party. "Penalties and interest. "
Looks like the Tea Party's attempts to delay Obamacare were doing the Democrats a favor...
The dems screwed up. They could have caved in to the Repukes while they bandaged up this program to role it out a year later.
Yep. Now the Red team is going to beat the Blue team's ass like a drum through the mid-term elections.
OT
Why is gold ramping on a Friday afternoon? Isn't it supposed to be getting crushed right about now?
"Turn that machine back on!"
No SSL? Hundred of millions of dollars? And it still doesn't work?
Are we even sure that cunt Sebelius even knows what a website is or an insurance application is? Or what the internet is? Or what healthcare is?
CLAWBACKS.
Both DHS Management and .GOV contractors.
Re: Both DHS Management and .GOV contractors.
HA! funny one. Feature, not a bug.
It's a cost saving measure.
Do you know how expensive SSL certs are?
The government is trying to save every cent it possibly can!
5 years from now.
Obama: "ACA would have worked, but people are a little screwy sometimes."
O/T, but a great new spy tool for Firefox users. I have it and works well.
Mozilla's Lightbeam tool will expose who is looking over your shoulder on the web - News - Gadgets & Tech - The Independent
Here's the link: Lightbeam for Firefox :: Add-ons for Firefox
Here's how to activate it: how to activate lightbeam | Firefox Support Forum | Mozilla Support
Cool, thanks for the tip.
Thanks for the heads up on lightbeam. This is one of the reasons I read ZH. Well that, and an appreciation for the freakshow that we all get to comment on.
Talk about A Trojan Horse for foreign enemies to take advantage of.
It's been like 5 years, yet not 1 attempt on Barry's life...
America ran out of Allies and Friends more than 5 years ago.
Izweall?
He still has potentially 3 more years and people are only now starting to wake up. If I was him and the way he is pissing off people in the military I wouldn't want to be traveling overseas or outside the US in general.
7 more years.
The constitution is just a piece of paper, right? Amendments be damned!
It would be racist not to elect Obama to a third term.
That rasis hog Hitllary will put an end to any 3rd term plans.
Rasis.
Can you stop with that? It's neither funny nor a contribution to the discussions here.
I don't know jack shit about IT and I believed from the get go that this issue was going to pop up, and will probably be an issue going forward. Just another reason to not sign up.
The real money maker is taking those SSNs and filing fake claims.... There was a medicare fraud going on in florida, the trio made about 100 mill over a decade, filing fake medicare claims from their fake clinic, run out of an empty store front. They got caught when they set up a check cashing company to handle the volume of checks coming in... I appreciate financing their lifestyle, and yet I can't help feeling ripped off a little.
I see Check Cashing stores all over and think "well, it's just a way to make money off of the Obama trash who don't know jack shit about finance" but then lately I've been thinking that those places HAVE to be doing more than just cashing checks if they're able to pay some of the retail office leases in many locations.
They simply have to be laundering money from the dealers and whoever else needs that kind of service. Why else would anyone want to lose aproximately 3% right off the bat just to have a check cashed?
These are people living paycheck to paycheck with no savings and no money management skills. 3% is a lot cheaper than paying overdraft fees on a bunch of bounced checks...
Who coulda knowed, right?
President Obama tried to warn us, but we couldn't be bothered to listen, could we?
For shame.
"Americans don't need to worry: ...."
More precisely, Obama said : "Dooon worry, beee happy, woooo, woo, woo, ....."
Rasis.
This is to US citizenship as lost loan docs & titles are to private property. Its war.
"... site vulnerable to clickjacking."
And if I were you people, I would most certainly avoid this one too :
www.defense.gov/.
It has code errors somewhere, that render the site vulnerable to clickdroning .
+1 for clickdroning
Yet another reason I am glad that when I went to sniff around the Obamacare website, I got to the part that wanted me to input my personal info and I said "fuck this shit" and closed the window.
The phrase the government use is
"THE USER CAN HAVE NO REASONABLE EXPECTATION OF PRIVACY."
Yours,
NSA,DEA etc etc etc.
They should have stated:
THE USER MAY HAVE AN UNREASONABLE EXPECTATION OF PRIVACY
Don't listen to the bloggers! Enroll!
Just imagine what a hoot it will be when any suckers actually manage to sign up and then discover there really aren't any doctors (particularly specialists) available to see them in their "plan". The competent ones either don't accept medicaid or medicare insurance or a taking "early retirement" or are "fully booked". They will need to revise their "plan" to staying healthy and keeping the hell away from any hospital (also known in the medical profession as the center for novel bacteria and virus biogenesis). Unfortunately, they'll still be stuck with the premiums as well as any identify fraud costs.
Exactly. Supposedly if you finally manage to sign on/up, actual health insurance and HEALTH CARE follow. Hahahahaha. We're only experiencing the first layers of how nonfunctional this is. What is really horrible is that people will die as a result of all of these hundreds of thousands of cancelled policies (whose holders now can't get new insurance that actually works).
Obama healthcare.gov was never intended to function as it was sold to American public-it is rigged as a spoof phishing scam to gather data otherwise unattainable under Federal H.I.P.A. now snookering the unsuspecting public the weakest and vunerable into opening up once sealed medical files diverted in the process to Obama's own personal use that of which allowed him to issue directives to FDA to fast track approvals for any bio tech companies working on drugs targeting these illnesses in which teh President's blind investment trust takes insider position the efficacy of drugs being tested never at issue as FDA is not a scientific research org. but an political device as past FDA insiders along with bio tech doctors and scientists have been charge with insider trading over the years only that semblance of a cure be made for a quick buck.
Obama will leave office the wealthiest man on Earth while taxpayers who cant afford insurance fund his exploits.