My Heartbleeds for Obamacare

Good day all. I’m not certain if you have been following the new about the Heartbleed ((The Heartbleed Bug)) security hole in OpenSSL or not. Suffice to say it’s a major issue. Every web site that uses it is in the process of patching their systems and getting new security certificates.

One of the sites that is affected by this is healthcare.gov, also known as the Obamacare web site. Now I’ve written in the past about the security issues regarding Obama404Care as have many others. To put it bluntly, the Department of Health and Human Services, under the incompetent leadership of Kathleen Sebelius, didn’t even consider security when they put this disaster together. Now, with Heartbleed, along with all the other issues with this site, it is almost a certainty that anyone who has loaded their personal information into it has probably had it stolen.

Now with Heartbleed, I can’t actually blame Sebelius and Obama for it. This was one that no one knew about, and the fix is fairly simple if painful. There are rumors that the NSA, (National Security Agency)), has known about this security hole for some time and done nothing to report it to the OpenSSL community for repairs. You would think that they would at least make sure that our own government systems were locked down tight. Oh wait, silly me. Then the NSA wouldn’t be able to spy on American citizens in violation of the Constitution. In any case, here are a few details from Myway.com on the latest Obama404care screwup:

People who have accounts on the enrollment website for President Barack Obama’s signature health care law are being told to change their passwords following an administration-wide review of the government’s vulnerability to the confounding Heartbleed Internet security flaw.

Does that mean they will actually be able to login now?

Senior administration officials said there is no indication that the HealthCare.gov site has been compromised and the action is being taken out of an abundance of caution. The government’s Heartbleed review is ongoing, the officials said, and users of other websites may also be told to change their passwords in the coming days, including those with accounts on the popular WhiteHouse.gov petitions page.

The fact that there is no indication that the site has been compromised leads me to believe that it was compromised. From what I understand, this bug was not known ((Security through Obscurity)) to the hacker community. However, once it got out, security sites saw a sudden increase in scanning for this particular hole where previously there had been nothing.

The Heartbleed programming flaw has caused major security concerns across the Internet and affected a widely used encryption technology that was designed to protect online accounts. Major Internet services have been working to insulate themselves against the problem and are also recommending that users change their website passwords.

While we don’t use OpenSSL, if you are registered on the Disqus comments system I would recommend that you change your passwords as soon as possible. The same goes for registering on this site. Better safe than sorry I say. Getting back to the debacle Obamacare web site:

Officials said the administration was prioritizing its analysis of websites with heavy traffic and the most sensitive user information. A message that will be posted on the health care website starting Saturday reads: “While there’s no indication that any personal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consumers’ passwords out of an abundance of caution.”

In other words, some hackers in Russia are now saying to themselves, with regards to Obamacare, “All your data are belong to us!” This is just another nail in the coffin of the most hated government program in decades. I wonder what Obama’s excuses will be when people start noticing their bank accounts being emptied, credit card numbers stolen and their identities stolen and it’s determined that it was due to Obamacare? Do you think they will make good and help people restore their credit ratings and recover their money? Have you seen any flying pigs of late?

Change all your passwords everywhere. I also recommend using LastPass. It was recommended to my by the Angry Systems Administrator. We’re actually looking into a corporate account with them.

Thatisall

~The Angry Webmaster~

(No Ratings Yet)

Loading...