Beyond a glitch: massive security hole found in Obamacare site software

October 29, 2013
"Just a few bugs"

“Just a few bugs”

Yet another reason to feel secure in the knowledge that the government is forcing people into this system under penalty of law:

Until the Department of Health fixed the security hole last week, anyone could easily reset your Healthcare.gov password without your knowledge and potentially hijack your account.

The glitch was discovered last week by Ben Simo, a software tester in Arizona. Simo found that gaining access to people’s accounts was frighteningly simple. You could have:

  • guessed an existing user name, and the website would have confirmed it exists.
  • claimed you forgot your password, and the site would have reset it.
  • viewed the site’s unencrypted source code in any browser to find the password reset code.
  • plugged in the user name and reset code, and the website would have displayed a person’s three security questions (your oldest niece’s first name, name of favorite pet, date of wedding anniversary, etc.).
  • answered the security questions wrong, and the website would have spit out the account owner’s email address — again, unencrypted.

Armed with the account holder’s email address, a person with malicious intent could easily track down their target on social media, where they’d likely discover the answers to those security questions.

It wouldn’t have even taken a skilled hacker. Anyone with bad intentions — and a minimal understanding of how to read a website’s code — could have figured it out. While such an attack might not have yielded your Social Security number or health information, it would have exposed your address and phone number.

But, don’t worry. Rest easy. They’ve fixed that problem… After the site had been operating for three weeks.

Remember, there’s never just one roach.

(Crossposted at Sister Toldjah)

Advertisements

#Obamacare object lesson: supporter sees her insurance skyrocket

October 29, 2013
"Another Obamacare supporter learns the truth."

“Another Obamacare supporter learns the truth.”

And the best part of this is? She’s a former congressional staffer who defended this anti-constitutional monstrosity during it’s passage:

For [Sue] Klinkhamer, 60, President Obama’s oft-repeated words ring in her ears: “If you like your health plan, you will keep it.”

Well, possibly not.

When Klinkhamer lost her congressional job (1), she had to buy an individual policy on the open market.

Three years ago, it was $225 a month with a $2,500 deductible. Each year it went up a little to, as of Sept. 1, $291 with a $3,500 deductible. Then, a few weeks ago, she got a letter.

“Blue Cross,” she said, “stated my current coverage would expire on Dec. 31, and here are my options: I can have a plan with similar benefits for $647.12 [or] I can have a plan with similar [but higher] pricing for $322.32 but with a $6,500 deductible.”

She went on, “Blue Cross also tells me that if I don’t pick one of the options, they will just assume I want the one for $647. … Someone please tell me why my premium in January will be $356 more than in December?”

This may surprise some of you, but I genuinely feel a bit sorry for Sue, in the way I’d feel sorry for a naive child who learns that Santa Claus isn’t real. It can be tough for anyone to have to face reality and finally grow up, especially when they’re sixty and not six. Her apparent naive faith in what the Democratic Party and her boss were then telling her is charming. And Sue was a trooper, defending the legislation in the face of angry and undeniably rude constituents. And yet this is the thanks she gets.

Reality check, Sue: This is exactly what you fought for, whether you know it or not. Maybe you and your boss should have read the bill.

via:

Footnote:
(1) When her boss was defeated for reelection in 2010. You know, the election in which the Democrats lost their House majority because of Obamacare.

(Crossposted at Sister Toldjah)