That no one cares to mention
She wasn’t very good
But she had good intentions
—Lyle Lovett, ‘Good Intentions’
Confirmed by experts to the more-than-mainstream Christian Science Monitor are the layers of insecurity completely feasible on the current Healthcare.gov website–and the 14 state (plus DC) websites feeding into the Federal health insurance exchange and up into the mysterious hub linked to other Federal agencies. Healthcare.gov is supposed to adhere to NIST standards but these are no guarantee–and the state sites are not required to. ‘Red flags’ cited by experts (aside from ‘Wildman’ John McAfee) make for interesting reading:
- Cross-site request forgery
- ‘Clickjacking’–an invisible layer over the legitimate website
- Cookie theft, and not by the Cookie Monster
- Problematic verification from state to Federal, from legitimate third-party assistance, from brokers and so on
- Log in fraud–the happy hunting ground of hackers and DDOS attacks
Warnings were apparent as early as 2 October [TTA 8 Oct]. And as our later coverage has explained, undoing all of this is near-impossible even with funding, in the less-than-a-month window till the crash time deadline in mid-November and then early January. Obamacare website security called ‘outrageous’: How safe is it? (+video)
Our 11-14 October compilation is a narrative and summary of major articles on the failure of the Healthcare.gov website and its consequences like none you will see elsewhere.
Most Recent Comments