Healthcare.Gov Users Told To Change Passwords After Government's Heartbleed Probe
Source: Associated Press
By JULIE PACE | Associated Press | Apr 18, 2014 11:11 PM CDT in Politics, Money, Technology
WASHINGTON (AP) People who have accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the confounding Heartbleed computer virus.
Senior administration officials said there is no indication that the HealthCare.gov site has been compromised and the action is being taken out of an abundance of caution. The government's Heartbleed review is ongoing, the officials said, and users of other websites may also be told to change their passwords in the coming days, including those with accounts on the popular WhiteHouse.gov petitions page.
The Heartbleed computer bug has caused major security concerns across the Internet and affected a widely used encryption technology that was designed to protect online accounts. Major Internet services have been working to insulate themselves against the bug and are also recommending that users change their website passwords.
Officials said the administration was prioritizing its analysis of websites with heavy traffic and the most sensitive user information. A message that will be posted on the health care website starting Saturday reads: "While there's no indication that any personal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consumers' passwords out of an abundance of caution."
Read more: http://www.newser.com/article/de75efe030e44a3f9ac36b12f7b4e647/healthcaregov-users-told-to-change-passwords-after-governments-heartbleed-probe.html
tofuandbeer
(1,314 posts)maybe it was their idea.
Before I get jumped here, let me add that I have absolutely no concrete reason for saying that, other than what everyone knows of their reputations.
tofuandbeer
(1,314 posts)progressoid
(49,961 posts)cynzke
(1,254 posts)at Faux news are going to have orgasms over this.
groundloop
(11,517 posts)The AP is making it sound like healthcare.gov has some kind of unique problem. Every single business or financial website on the internet is in the same boat.
William Seger
(10,778 posts)"Only" the 60% or so that are using OpenSSL. (Fortunately, my bank, my 401k, and PayPal were all in the other 40%.)
It shouldn't have taken much of a "probe" to determine if healthcare.gov uses OpenSSL, so I don't know why they waited this long to make this announcement.
PoliticAverse
(26,366 posts)PSPS
(13,583 posts)Very few, if any, major websites use OpenSSL. It may be true that "2/3 of the internet" is hosted on resold or shared servers (i.e., GoDaddy and their ilk,) and OpenSSL is a standard part of those. But major websites like banks and large retailers aren't hosted on such machines, and most websites that are, like DU, don't use SSL anyway.
Besides, Heartbleed's "OMG!!11!!" operation is this: The content of a mere 16K of random memory might get tacked onto the end of the keep-alive response. It isn't like a table or spreadsheet. It's just 16K of unlabeled bytes. WOW!!11!1!!
The media has just gone crazy and ridiculous with this, but fear sells their advertiser's (and "expert consultant's" products.
Skidmore
(37,364 posts)anger directed toward the faceless hackers who commit these acts. When viruses are introduced, all become vulnerable.
steve2470
(37,457 posts)jwirr
(39,215 posts)Direct Express bank account and that is all. If they hack into that they are hacking into the bank account of Social Security. Is this thing bad enough that I should be worried?
PSPS
(13,583 posts)All of these silly "sky is falling" stories in the media always happen to have an "expert" they interview who, not only fulfills the requisite fear factor necessary for any media frenzy, also just happens to sell the "ideal product" to "protect" you lest you further soil the floor under your bed with more urine.
jwirr
(39,215 posts)of that Social Security site also.
PSPS
(13,583 posts)Nobody in their right mind would ever use OpenSSL on such a site.
truthisfreedom
(23,141 posts)Response to Purveyor (Original post)
Name removed Message auto-removed