Results 1 to 6 of 6
Like Tree2Likes

Thread: McAfee: Obamacare Is a ‘Hacker’s Wet Dream’

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

  1. #1
    Super Moderator Newmexican's Avatar
    Join Date
    May 2005
    Location
    Heart of Dixie
    Posts
    36,012

    McAfee: Obamacare Is a ‘Hacker’s Wet Dream’

    McAfee: Obamacare Is a ‘Hacker’s Wet Dream’

    'I predict the loss of income, for the millions of Americans who will lose their identities'



    BY: Washington Free Beacon Staff
    October 2, 2013 8:50 pm

    McAfee Anti Virus Software founder John McAfee criticized the confusing and insecure online apparatus being used by various states to implement Obamacare exchanges Wednesday on Cavuto.

    McAfee said the web aspect of Obamacare is “seriously bad” and “somebody made a grave error” not centralizing the system such that a consumer could go to one page and and see all of the “legitimate” health insurance brokers.

    Instead, McAfee warned, any hacker can create a page posing as a health insurance broker and elicit personal information from unassuming consumers:
    JOHN MCAFEE: Seriously bad, somebody made a grave error, not in designing the program, but in implementing the web aspect. It for example anybody can put up a web pain, and claim — web page and claim to be a broker for this system, there is no central place where I can go, and say, here are all of the legitimate brokers, or examiner for all of the state, and pick and choose one. Instead, any hacker can put a web site up, make it look competitive, and because of the nature of the system, this is health care, they can ask you the most intimate questions, you are freely going to answer them, my social security number? First date. Birth date.

    NEIL CAVUTO: Once you have those two, then you’re off to the races.

    MCAFEE: This is not something to software can solve, who idiot put this system out there and did not create a central depository. There should be one web site run guy the government, you can click on the web site and then it will take you to the agents, this is insane, I predict the loss of income, for the millions of Americans who will lose their identities, you can imagine some retired laid in Utah — retired laid in Utah with $75,000 in the bank saving her whole life, having it wiped out in one day because she signed up for Obamacare, this is going to happen millions of times, this is a hacker’s wet dream, I cannot believe they did this.

    http://freebeacon.com/mcafee-obamaca...ers-wet-dream/


  2. #2
    Senior Member oldguy's Avatar
    Join Date
    Aug 2007
    Location
    Texas
    Posts
    3,208
    This was my first thought it's a security nightmare no information input will be safe so user beware.
    I'm old with many opinions few solutions.

  3. #3
    Super Moderator Newmexican's Avatar
    Join Date
    May 2005
    Location
    Heart of Dixie
    Posts
    36,012
    FAKE OBAMACARE INSURANCE EXCHANGE SITES ALREADY SPOTTED

    by DR. SUSAN BERRY
    4 Oct 2013, 1:45 AM PDT

    Amid numerous reports of ObamaCare exchange difficulties, Internet cloud security company Trend Micro has reported that they have already seen spam targeted to words such as “Medicare,” “enrollment,” and “medical insurance.” The company reports that some of the spam variants appear “professional enough to fool some users into opening the email and clicking the links in these messages.”

    According to SecurityWatch magazine, Trend Micro’s threat communications manager Christopher Budd said “deep problems with the Marketplace websites could make things much worse.”

    Budd wrote last week that due to the way the online registration for ObamaCare will work, and to the type of information people must enter online to obtain health insurance coverage, “there’s a real risk of a perfect storm that can make this process a bonanza for identity thieves and cybercriminals:”


    The root problem is that the Health Insurance Exchange isn’t made up of a single, authoritative site where people can go and register for coverage. In addition to the Federal site, people can apply for coverage at sites run by individual states.

    Then, within each state, there can also be legitimate third-party sites that provide assistance and even broker coverage.
    When a person starts looking through sites to find one, at this time, they’re faced with the challenge that there’s no official marking or labeling that they can look at on a site to know that it’s an officially sanctioned site. A survey of state and third-party sites also shows that official sites aren’t required to provide the ability to verify the site using SSL: many of them don’t provide it for site verification at all, though the Federal site does. As people look for health care exchanges, they’re going to be faced with potentially hundreds or thousands of sites that claim to be legitimate but won’t be able to easily verify that claim.

    Budd said that, in addition, when applying for healthcare coverage, people must submit all of their most sensitive personal data – not only for themselves, but also for their entire family.

    In short, according to Budd, the ObamaCare exchanges create a situation in which people are encouraged to give away critical personal information to what they believe to be legitimate sites, but can’t really be sure the sites are legitimate:

    This is a perfect environment for identity thieves and other criminals to put together bogus sites to get personal information they can use or sell on the digital underground. And this situation also provides an opportunity for old fashioned healthcare scammers to offer bogus coverage and fraudulent billing scams to more unsuspecting people.

    http://www.breitbart.com/Big-Governm...lready-Spotted


  4. #4
    Senior Member vistalad's Avatar
    Join Date
    Jan 2009
    Location
    NorCal
    Posts
    3,036
    IMO the really scary part is that 'Bama will not admit that the system is structurally flawed. People will have to go their elected representatives, to try to get relief.
    ************************************************
    Americans first in this magnificenct country

    American jobs for American workers

    Fair trade, not free trade

  5. #5
    Banned
    Join Date
    Jun 2013
    Posts
    8,546
    Obamascare: Insurance Exchange Accidentally Sends 2,400 Social Security Numbers To Minnesota Man

    October 4, 2013 by Ben Bullard


    PHOTOS.COM

    Critics of the Affordable Care Act have long contended that Obamacare asks too many personal questions of would-be enrollees and is rife with the potential for fraud, abuse and privacy breaches.
    Now those criticisms have been proven correct. A Minnesota insurance broker told the Star Tribune last month that he had received a document in his email that contained a trove of confidential information on more than 2,400 insurance agents, including things like names, Social Security numbers and business addresses.
    The source? An unnamed staffer at MNsure, Minnesota’s new Obamacare health exchange online marketplace. The MNsure employee had accidentally sent the email to the wrong person (although it begs the question — who’s the right person to receive that much info about that many people?).
    The Star Tribune reported:
    An official at MNsure, the state’s new online health insurance exchange, acknowledged it had mishandled private data. A MNsure security manager called the broker, Jim Koester, and walked him and his assistant through a process of deleting the file from their computer hard drives.
    Koester said he willingly complied, but was unnerved.
    “The more I thought about it, the more troubled I was,” he said. “What if this had fallen into the wrong hands? It’s scary. If this is happening now, how can clients of MNsure be confident their data is safe?”
    Good thing the email landed in an honest guy’s inbox, huh?
    Exchange enrollees throughout the Nation are required to provide a lot of personal data, which is run through a Federal database for verification and to sort out candidates who are eligible for Obamacare subsidies from those who aren’t eligible. As everyone by now knows, that information also must be passed along to Obamacare’s enforcement arm: the Internal Revenue Service.
    The hurried rollout of Obamacare for individuals has a slap-shot quality of reckless haste that finance and healthcare experts had cautioned against in testimony before lawmakers.
    University of Minnesota Finance Professor Steve Parente, who this week testified in Washington about the potential pitfalls associated with the needlessly urgent rollout schedule, told the newspaper it’s impossible to implement even basic security and functionality in a system as complex as the healthcare exchanges if the schedule is dictated by political motives.
    “The people who believe in this are so driven that there’s a subcontext of ‘Just let us do our job and get as many people signed up as possible, and we’ll pick up the debris later,’” he said.

    http://personalliberty.com/2013/10/0...minnesota-man/

  6. #6
    Super Moderator Newmexican's Avatar
    Join Date
    May 2005
    Location
    Heart of Dixie
    Posts
    36,012
    Obamacare architecture flawed: Experts

    Reuters | Oct 6, 2013, 11.44 AM IST




    NEW YORK: Days after the launch of the federal government's Obamacare website, millions of Americans looking for information on new health insurance plans were still locked out of the system even though its designers scrambled to add capacity.

    Government officials blame the persistent glitches on an overwhelming crush of users - 8.6 million unique visitors by Friday - trying to visit the HealthCare.gov website this week.

    The U.S. Department of Health and Human Services, which oversaw development of the site, declined to make any of its IT experts available for interviews. CGI Group Inc, the Canadian contractor that built HealthCare.gov, is "declining to comment at this time," said spokeswoman Linda Odorisio.

    Five outside technology experts interviewed by Reuters, however, say they believe flaws in system architecture, not traffic alone, contributed to the problems.

    For instance, when a user tries to create an account on HealthCare.gov, which serves insurance exchanges in 36 states, it prompts the computer to load an unusually large amount of files and software, overwhelming the browser, experts said.

    If they are right, then just bringing more servers online, as officials say they are doing, will not fix the site.

    "Adding capacity sounds great until you realize that if you didn't design it right that won't help," said Bill Curtis, chief scientist at CAST, a software quality analysis firm, and director of the Consortium for IT Software Quality. "The architecture of the software may limit how much you can add on to it. I suspect they'll have to reconfigure a lot of it."

    The online exchanges were launched on October 1 under the 2010 Affordable Care Act, commonly called Obamacare, to offer healthcare insurance plans to millions of uninsured Americans.

    Overload
    One possible cause of the problems is that hitting "apply" on HealthCare.gov causes 92 separate files, plug-ins and other mammoth swarms of data to stream between the user's computer and the servers powering the government website, said Matthew Hancock, an independent expert in website design. He was able to track the files being requested through a feature in the Firefox browser.

    Of the 92 he found, 56 were JavaScript files, including plug-ins that make it easier for code to work on multiple browsers (such as Microsoft Internet Explorer and Google Chrome) and let users upload files to HealthCare.gov.

    It is not clear why the upload function was included.

    "They set up the website in such a way that too many requests to the server arrived at the same time," Hancock said.

    He said because so much traffic was going back and forth between the users' computers and the server hosting the government website, it was as if the system was attacking itself.

    Hancock described the situation as similar to what happens when hackers conduct a distributed denial of service, or DDOS, attack on a website: they get large numbers of computers to simultaneously request information from the server that runs a website, overwhelming it and causing it to crash or otherwise stumble. "The site basically DDOS'd itself," he said.

    In an indication that traffic alone may not be the only problem, a government official with knowledge of the matter said that technicians at HealthCare.gov had not only added more servers but had also "improved system configurations." The official did not elaborate.

    But HHS announced late Friday that it would take down part of HealthCare.gov for part of the weekend, another sign that extra servers alone would not fix the problems.

    Many users experienced problems involving security questions they had to answer in order to create an account on HealthCare.gov. No questions appeared in the boxes, or an error message said they were using the same answers for different questions when they were not.

    The government official blamed the glitch on massive traffic, but outside experts said it likely reflected programming choices as well.

    "It's a bug in the system, a coding problem," said Jyoti Bansal, chief executive of AppDynamics, a San Francisco-based company that builds products that monitor websites and identify problems.

    Hancock's analysis suggested that the security questions were coming from a separate server and that better system architecture would have cached the questions on the main HealthCare.gov server.

    "The more you have to ask another database for information, the more it can get overwhelmed," said Jonathan Wu, a computer scientist and co-founder of ValuePenguin, a data and research website that offers spending-related tools for consumers.



    http://timesofindia.indiatimes.com/t...w/23603870.cms



Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •