Wednesday, October 30, 2013

Security Hole Found in Obamacare Website

By Jose Pagliery

The Obamacare website has more than annoying bugs. A cybersecurity expert found a way to hack into users' accounts.

Until the Department of Health fixed the security hole last week, anyone could easily reset your Healthcare.gov password without your knowledge and potentially hijack your account.

The glitch was discovered last week by Ben Simo, a software tester in Arizona. Simo found that gaining access to people's accounts was frighteningly simple. You could have:

  • guessed an existing user name, and the website would have confirmed it exists.
  • claimed you forgot your password, and the site would have reset it.
  • viewed the site's unencrypted source code in any browser to find the password reset code.
  • plugged in the user name and reset code, and the website would have displayed a person's three security questions (your oldest niece's first name, name of favorite pet, date of wedding anniversary, etc.).
  • answered the security questions wrong, and the website would have spit out the account owner's email address -- again, unencrypted.
  • Armed with the account holder's email address, a person with malicious intent could easily track down their target on social media, where they'd likely discover the answers to those security questions.

Read the rest here.
at 11:46:00 AM

5 comments:

  1. Brother ThomasOctober 30, 2013 at 12:07 PM

    Things are moving from tragedy to farce. So go the great plans of the arrogant.

    ReplyDelete
    Replies
    1. MikeOctober 30, 2013 at 12:19 PM

      Fixed:

      "Things are moving from tragedy to farce. So go the great plans of government."

      Delete
  2. CharlesOctober 30, 2013 at 12:35 PM

    This, of course, is the "Security Leak" that would be predicted to be found (and was...) which will be Closed Real Soon Like.

    Wanna get one of the NSA types on the witness stand and demand to know if there are any "Backdoors" placed in the Code that will be used for version 0.99? They (Plural) will be in there and will only be a matter of time before a "Leak" of private information will be made to some trashy tabloid (NYT) a week before an important election.
    It's about Power. It always was and it always will be.

    We are Lost.

    CW

    ReplyDelete
    Replies
    1. AnonymousOctober 30, 2013 at 1:46 PM

      Precisely. Whenever the controlled opposition complains of the possibility that NSA programs might be "abused," my answer is that abuse is the central purpose of these programs. They are meant to be utilized for blackmail and oppression. The "security" excuse is just for public consumption.

      And anyway, "national security" is just another name for "state security," as in the East German Stasi. It has nothing to do with the protection of the individual — on the contrary, the two are antithetical. National security entails violating the security described in, for example, the Fourth Amendment. The state fears the free-minded individual, and must violate his rights to allay this fear.

      Delete
  3. AnonymousOctober 30, 2013 at 2:29 PM

    Can I use Bitcoin on it yet?

    ReplyDelete

Subscribe to: Post Comments (Atom)