Skip to comments.
URGENT: Obamacare Website Compromised - Pricing Info and Personal Info Divulged
healthcare.gov
| 10/22/13
| healthcare.gov
Posted on 10/22/2013 9:19:14 PM PDT by InsidiousMongo
click here to read article
Navigation: use the links below to view more comments.
first previous 1-20 ... 121-140, 141-160, 161-180, 181-191 next last
To: DCBryan1
It’s not valuable for a expose’.
141
posted on
10/23/2013 5:09:53 AM PDT
by
Lazamataz
(Early 2009 to 7/21/2013 - RIP my little girl Cathy. You were the best cat ever. You will be missed.)
To: Lazamataz
Thanks Laz. How would you rate it? Kindergarten coding, standard, high-class, etc? Or can you even rate it?
142
posted on
10/23/2013 5:12:25 AM PDT
by
DCBryan1
(No realli, moose bytes can be quite nasti!!)
To: InsidiousMongo
Why is everyone flipping out about this?
I'm in Federal contracting and I didn't see anything that would violate Fed standards (at least at the first link). No PII was out there. PII is Personally Identifying Information. Simple phone numbers and addresses, without a name of an individual, is not PII. This is not a back door, that I can tell, either.
143
posted on
10/23/2013 5:13:03 AM PDT
by
Lazamataz
(Early 2009 to 7/21/2013 - RIP my little girl Cathy. You were the best cat ever. You will be missed.)
To: All
truth is that they have no idea what they have there. There are probably so many back-doors in this system that it will become a test subject on how not to do a secure website. It was never really live or beta tested so they had no idea what would happen once the switch was flipped.
I’m assume this is the proverbial horse turned giraffe.
144
posted on
10/23/2013 5:13:46 AM PDT
by
newnhdad
(Our new motto: USA, it was fun while it lasted.)
To: DCBryan1
It doesn’t rate. This is instructions to a coder how to send information to the API (Application Portal Interface). Not a violation, and no big deal.
145
posted on
10/23/2013 5:13:54 AM PDT
by
Lazamataz
(Early 2009 to 7/21/2013 - RIP my little girl Cathy. You were the best cat ever. You will be missed.)
To: SE Mom; Windcatcher
Ease off the alarm, folks. I’m in the field; I see nothing to flip out about (so far). There’s probably plenty of real problems, no point in wasting outrage on nothing.
146
posted on
10/23/2013 5:15:33 AM PDT
by
Lazamataz
(Early 2009 to 7/21/2013 - RIP my little girl Cathy. You were the best cat ever. You will be missed.)
To: LucyT
147
posted on
10/23/2013 5:16:43 AM PDT
by
Hotlanta Mike
("Governing a great nation is like cooking a small fish - too much handling will spoil it." Lao Tzu)
To: Lazamataz
K thanks! I knew you were good for
SOMETHING;)
148
posted on
10/23/2013 5:18:51 AM PDT
by
DCBryan1
(No realli, moose bytes can be quite nasti!!)
To: InsidiousMongo; Admin Moderator
I'm going to hit Abuse on the thread, bro. Tell you why: It's my professional opinion (and I do government systems all day long every day) that there is nothing (so far) that I see that's... insidious. LOL
This is normal coding and application activity -- unless somehow I'm missing something. I will circle around back later and double-check it.
In the meantime, I will ask Admin to take this down off of Breaking News (but not to delete the thread).
149
posted on
10/23/2013 5:19:01 AM PDT
by
Lazamataz
(Early 2009 to 7/21/2013 - RIP my little girl Cathy. You were the best cat ever. You will be missed.)
To: DCBryan1
150
posted on
10/23/2013 5:21:46 AM PDT
by
Lazamataz
(Early 2009 to 7/21/2013 - RIP my little girl Cathy. You were the best cat ever. You will be missed.)
To: Sarah Barracuda
Oh yeah...just leave it alone and get the popcorn!
To: unixfox
Thanks for the link.
Sure there's no security for looking up plans, but why should there be? I just downloaded all the data for Virginia, roughly 1000 plans, into a JSON file. Perfect format and informative. Why should it be restricted?
152
posted on
10/23/2013 5:29:00 AM PDT
by
palmer
(Obama = Carter + affirmative action)
To: DCBryan1
The supplied ruby sample code with a URL from their explanatory page allowed me to look up every available plan in Virginia in a minute. It's about 16 lines per plan with about a 16,000 line file. It's in JSON format (a standard data interchange format). Here's a sample of the last one in my list:
{
"premium_child" : "143.64",
"state" : "VA",
"rating_area" : "Rating Area 8",
"premium_family" : "800.76",
"premium_couple" : "578.16",
"premium_older_single" : "403.99",
"premium_single_parent_family" : "544.02",
"display" : "Yes",
"plan_marketing_name" : "Anthem HealthKeepers Silver DirectAccess - cbfs",
"issuer" : "Anthem Blue Cross and Blue Shield",
"county" : "CRAIG",
"metal_level" : "Silver",
"premium_single" : "237.06",
"plan_type" : "HMO"
}
153
posted on
10/23/2013 5:32:36 AM PDT
by
palmer
(Obama = Carter + affirmative action)
To: palmer
Didn’t you have to get a key to do so? Or were you doing this outside of the API (some kind of site scraping or an export function on the site)? I am only asking, because I wanted to do something similar, but have absolutely no intention of applying for a key.
I agree that there isn’t anything wrong here. The API actually looked better than most (many APIs look like they are written by people who want to say that they have an API, but don’t want people to actually use it).
154
posted on
10/23/2013 5:35:16 AM PDT
by
jjsheridan5
(what would efren do?)
To: palmer
Agreed. Thusly why I was trying to calm the FR folks....
155
posted on
10/23/2013 5:37:18 AM PDT
by
Lazamataz
(Early 2009 to 7/21/2013 - RIP my little girl Cathy. You were the best cat ever. You will be missed.)
To: jjsheridan5
It probably would make some sense to ask developers to apply for a secure certificate for two-way HTTPS, but.. hey, okay, I'm not flipping out they didn't, either.
No PII was being exposed... no loss, no foul.
156
posted on
10/23/2013 5:39:08 AM PDT
by
Lazamataz
(Early 2009 to 7/21/2013 - RIP my little girl Cathy. You were the best cat ever. You will be missed.)
To: Lazamataz
Could you put me on the Nevermind Ping List?
157
posted on
10/23/2013 5:39:34 AM PDT
by
BykrBayb
(Somewhere, my flower is there. ~ Þ)
To: palmer
158
posted on
10/23/2013 5:40:03 AM PDT
by
AppyPappy
(Obama: What did I not know and when did I not know it?)
To: Lazamataz
I don’t really even see the need for https, since this is all publicly available information.
159
posted on
10/23/2013 5:44:22 AM PDT
by
jjsheridan5
(what would efren do?)
To: jjsheridan5
No key, no application, no signup, no nothing. But it is essentially public info so I don’t see a problem.
160
posted on
10/23/2013 5:46:02 AM PDT
by
palmer
(Obama = Carter + affirmative action)
Navigation: use the links below to view more comments.
first previous 1-20 ... 121-140, 141-160, 161-180, 181-191 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson