Thinking of signing up for Obamacare? Think again, security is a major issue.

If you have finally resigned yourself to signing up for the Affordable Healthcare Act via healthcare.gov, please think twice before you apply. Recent testimony in Congress has clearly pointed out the fact that security testing has either been non-existent or minimal at best. The folks who put this mess together can’t get the basics to work and they have shown little interest in protecting your security.

I have done a little research on this today and these are just a few excerpts from various sources on internet security. Lets start with what John McAfee had to say about healthcare.gov:

“Oh, it’s seriously bad. Somebody made a grave error, not in designing the program but in simply implementing the web aspect of it. For example, anybody can put up a web page and claim to be a broker for this system. There is no central place where I can go and say, OK, here are all the legitimate brokers, the examiners for all of the states, and pick and choose one. Instead, any hacker can put a website up, make it look extremely competitive, and because of the nature of the system — this is health care, after all — they can ask you the most intimate questions, and you’re freely going to answer them. What’s my Social Security number? My birth date? … Here’s the problem. It’s not something software can solve. I mean, what idiot put this system out there and did not create a central depository? There should be one website, run by the government, you go to that website and then you can click on all of the agencies. This is insane. So, I will predict that the loss of income for the millions of Americans who are going to lose their identities… read more.

An article on healthcareitnews.com points out some valid concerns:

“Fred Chang, computer science professor at Southern Methodist University and former national security agency research director, was next to weigh in, emphasizing the fact that we can’t underestimate our cyber adversaries. 

Chang said within the first few weeks of launching HealthCare.gov, more than 700 mimic websites were set up. Hackers and cybercriminals will take advantage of the users who will undoubtedly mistype the website name or find it from a search engine. One of the biggest risks, he said, is from bogus websites. These criminals, he said, “will find seams in the system, will attack you in ways you won’t expect.” …read more.

Has the system already been hacked? It probably has, if not it soon will be. This following is from nakedsecurity.sophos.com:

Hackers have thrown about 16 attacks at the US’s HealthCare.gov website, a top US Department of Homeland Security (DHS) official says.

According to CNN, Acting Assistant Homeland Security Secretary Roberta Stempfley of the Office of Cybersecurity and Communications says that the attacks, now under investigation, all failed.

Ms. Stempfley testified at a hearing of the House Homeland Security (HHS) Committee, saying that the attempts were made between 6 and 8 November, but that none were successful. …read more.

Reason.com also had some information on security issues related to the healthcare.gov website:

The first major issue is the lack of, and inability to conduct, an end to end security test on the production system. The number of contractors and absence of an apparent overall security lead indicates no one was in possession of a comprehensive, top down view of the full security posture. 3For a system dealing with what will be one of the largest collections of PII, and certain to be the target of malicious attacks and intrusions, the lack of a clearly defined and qualified security lead is inconsistent with accepted practices.

This is completely unacceptable from an industry perspective, and is in extreme contravention of security best practices. Only in the government could such a gaping hole be allowed to exist without fear of consequence. This shows a lack of understanding for the consequences to consumers and the protection of also creates massive opportunity for fraud, scams, deceptive trade practices, identity theft and more. Much of this is playing out right now. …read more.

It is ultimately up to you, the consumer to make a decision on your healthcare insurance. But if you value your personal information, the government’s flaming pile of dog excrement known as healthcare.gov is not the place that you should be sharing your personal information. Forget the politics, forget the costs, just concentrate on the fact that the government has built one of the least secure web sites on earth and that in all likelihood you will end up sharing all your information with someone who will not be looking out for your best interests.

You may now return to your regularly scheduled surfing.

Tim

For more good stuff visit my primary website.

Follow Tim on twitter @tl1000rzx2

It’s Sunday, time for a security check.

So here it is another Sunday morning and it is time to do those security log reviews. As usual I found a few folks attempting to do evil upon the server here. The list is about the same as usual. Most of the attacks come from China, but there are a few coming from Kansas and California. Most of these were folks or bots, attempting to run scripts to gain access to the WordPress blog here. A few were just repeated attempts to access the machine itself.

These are not a big deal to me, but they do point out the fact that I run a very small and not well-known server and yet there are still folks trying to break in. So that being said, can you imagine the number of hacks being attempted right now on healthcare.gov? We have heard that their security wasn’t tested and now we must all wonder what information is being compromised on a daily basis. A huge site like that will be a target for scammers looking for email addresses, financial data and information that most folks would rather not have sent out to the world.

Based on what I see looking at my logs on a daily basis, I wouldn’t register, log in to or give any information to the government at this stage. I strongly discourage everyone from signing up, lest they become a victim of what will probably become the biggest security breach in the history of the internet. Most folks don’t review their log files on their PC’s or tablets, mainly because their just isn’t a whole lot of logging on Windows computers and Android tablets. Their are of course firewalls but you can’t simply turn off all connections or the device becomes rather useless. The folks working on the healthcare website can’t even get us statistics on visitors and registrations, so how thorough do you think they are on security? They might get it fixed someday, but until they publish the results of some independent security testing I would suggest avoiding the site entirely.

And now without further interruption, here is the list of bad apples for this week, by IP and location.
36.248.47.164 China
218.6.70.198 China
142.54.184.142 Kansas, USA
220.250.61.231 China
216.99.159.114 Calif, USA
210.245.52.33 Vietnam
192.151.155.114 Kansas, USA
218.6.70.198 China
192.74.250.4 Calif, USA
192.187.109.90 Kansas, USA
110.86.69.79 China
120.37.230.57 China

You may now return to your regularly scheduled surfing,
Tim

For more good stuff visit my primary website.

follow Tim on twitter @tl1000rzx2