Security hole found in Obamacare website

CNN ^

[Sub-Driver]

Until the Department of Health fixed the security hole last week, anyone could easily reset your Healthcare.gov password........

[Sacajaweau]

bet they have to scrap every piece od data collected

[fella]

Waoooooo! Nobody saw this coming.

[cuban leaf]

I think a lot of us IT guys went on record as saying that if the site was in that bad of shape, you were playing with your life entering any personal data there. It wasn’t just me.

[jsanders2001]

Just imagine being a hacker and gaining administration privileges on a website that contains every citizen’s ID and banking info and possibly ways to monitor them in real-time. I can’t see a problem with that. Can you? If you do you must be a Tea bagger.../s

[Dan(9698)]

They used pegboard for a pattern.

[Zeneta]

From the “full story”

” The glitch was discovered last week by Ben Simo, a software tester in Arizona. Simo found that gaining access to people’s accounts was frighteningly simple. You could have:

guessed an existing user name, and the website would have confirmed it exists.

claimed you forgot your password, and the site would have reset it.

viewed the site’s unencrypted source code in any browser to find the password reset code.

plugged in the user name and reset code, and the website would have displayed a person’s three security questions (your oldest niece’s first name, name of favorite pet, date of wedding anniversary, etc.).

answered the security questions wrong, and the website would have spit out the account owner’s email address — again, unencrypted.”

[PGR88]

I could think of nothing more fitting for Obamacare than if it were to be discovered that Russian hackers made off with the ID’s of every registrant for the last 29 days....

[Zuben Elgenubi]

D*mn. The government SHOULD be shut down over this mess.

[Nachum]

The list, Ping

Let me know if you would like to be on or off the ping list

http://www.nachumlist.com/

[Red Badger]

NO WONDER CONGRESS AND THEBADMINISTRATION DON’T WANT TO USE IT!

[upchuck]

Experts have been saying for weeks (months?) that this was coming. No one should be surprised.

nobama and Sillybus have a real can of worms here.

He-he.

Designed, built and maintained by Incompetence, Inc.

[Jeff Chandler]

viewed the site’s unencrypted source code in any browser to find the password reset code.

Holy crap! That means the password reset is done client side.

[sr4402]

I remember posting a Vanity saying "Don't use the Website" and got poo pood for it. I said it was and ID THEFTS DREAM.

Turns out, I WAS RIGHT!

Progressives, I could have done this website for you for only $50K and been totally secure. Instead we have this ObummerCare which is a Disaster of Epic and Economic proportions.

[MrB]

Obamacare website found amoung massive security holes.

[COBOL2Java]

Who would have thought THIS could happen in a million years???

[upchuck]

Link to the "whole story".

[Jeff Chandler]

Monday brought the latest worrisome disclosure: that the entire Obamacare website operates on a single computer server in Virginia -- without any backup, according to Congressman Rogers

[devolve]

- YOUR CONFIDENTIAL OBAMACARE INFO WAS HACKED IN A FEW MINUTES

READ ON SUCKERS

- IT’S ALL FREEEEEEEEEEE!

- Security hole found in Obamacare website

[TADSLOS]

The NSA could have told them that a year ago.