I take Internet security very seriously:
- I see multiple hacked emails each week, that are sending out links to Malware sites to everyone in their contact lists, coming from the accounts of ICI/PRO members and subscribers to our weekly newsletter.
- I've had websites that I personally maintain hacked in the past and sending out SPAM, as if it's coming from me.
- I'm aware of friends and family who's identity was stolen, creating enormous hassles and expenses to clear their good name.
I'm also very aware the many of us spend a great deal of time online - actually it's not many... we all do. The truth is that there are Hackers watching and waiting for an opportunity to steal your identity and have you pay for their trip to Hawaii, or buy them a new 60" flat screen TV.
Most importantly, I'm aware that many of you appreciate learning of these hazards, here from a trusted source.
So when I received this advisory from www.trustedsec.com, advising me that the healthcare.gov has serve security issues, I felt it was important to share this with you - so you can protect yourself and your family.
TrustedSec’s CEO David Kennedy released a written and oral statement for the Congressional meeting with the House Committee on Science, Space and Technology at Capitol Hill today (November 19). The meeting was to discuss the security concerns with the healthcare.gov infrastructure. The purpose was not to point out flaws to negatively show the website in any political view. TrustedSec remains neutral and agnostic to anything political related in regards to the Affordable Health Care Act. The purpose was to show that there are serious security concerns with the website. Our concern always remains the protection and security of the United States and it’s allies.
TrustedSec’s CEO David Kennedy will be presenting to Congress on Tuesday November 19, 2013 at 10:00AM ET on the security concerns around the Affordable Healthcare Act — healthcare.gov website. The website has been under scrutiny lately with not only performance issues but a number of glitches and security flaws that have been identified by TrustedSec as well as other independent security researchers.
David will present both a written and oral presentation to the Congressional committee on the security concerns around the website as well as a live demonstration on how an attacker could use information from the site to attack individuals that have registered.
It really is a big deal. There are people finding the personal information they entered at healthcare.gov, using a Google search, if they are even finding healthcare.gov in the first place 🙁
Our recommendation is to stay clear of healthcare.gov until these these security issues have been addresses and unbiased security experts give the all-clear.
Originally posted 2013-11-19 18:25:22.
John is a member on the AFS (Association of Fitness Studios) Advisory Council.
Holding certifications from; Schwinn, Heart Zones, Team ICG and Life Time Fitness, John's held regularly scheduled cycling classes between 1998 and 2015 when he moved to Florida.
When the weather permits, you'll find him riding and leading outdoor groups by himself or with his Tandem partner (wife) Amy.
- Happy 75th Birthday Ed Hayes! - April 24, 2024
- Eagles pedaling through the air metaphor - April 21, 2024
- ICI Podcast 238 Meet Nerd Fitness Creator Steve Kamb - April 6, 2024
Every time you provide you provide your information to someone, you are putting your information at risk. The problem is not only on-line. There are a number of thing that people do without second thought that may expose them to issues.
As a rule of thumb, never provide more information that you need to get into where you need to be.
For example; there are very few reasons why you should provide you Social Security Number (or SSN for short) to anybody – and that include medical offices.
No Doctor of mine has my SSN. I also don’t allow anybody to make copies of my Driver’s license.
The same caution should be taken when roaming on-line. Keep a junk e-mail account, gmail is great for that, for signing up to websites you do not know or trust. Don’t provide any information you don’t feel is necessary. And if such information is required to get the access you need, complaint to the website operator. Needless to say that you should never provide your SSN to any site just because they are asking for it.
Also, keep in mind that in some phishing sites, some questions are designed to help guessing your passwords and security question answers.
One last thought, “unbiased security experts” are almost always never unbiased and should not be trusted as well. Most of these “unbiased security experts” come with their own agendas, and are usually selling something to someone.
Good points Alan – If you haven’t, I suggest reading their white paper linked above – scary stuff about how poorly everything was constructed.
John,
I have read the document, and, to me, it reads as a fishing expedition. I say that based on the fact that the document states that it has not performed hands-on analysis. Key words such as “has not performed direct “hacking””, “there are clear indicators”, “TrustedSec is confident”, “example of how this may work”, and many more are thrown around. Their white paper is an exercise in speculation based on assumptions. It appears to me that their main goal is publicity.
I will reiterate my previous statement ““unbiased security experts” are almost always never unbiased”.
The question remains, is my information safe at any website? The answer is, most likely not.
And the last thing I should point out is that, even data stored away from the web, say in an internal server, is still vulnerable. There are mitigation practices that can be used, but these are just that, mitigation practices.
The best kept secret is still the one you, and only you, carry in your brain.
Alan I disagree – while nothing is 100% secure, we all have a reasonable expectation that an Internet service provider is offering a high level of security, that follows industry best practices. I’m not sure why you feel we should dismiss these people – there are multiple articles, from other sources, that are all saying the same thing.
http://www.huffingtonpost.com/2013/10/30/health-care-website-security_n_4178218.html
I am not dismissing these people. I am saying that they have not done their homework, because they are doing a superficial analysis, and that they are there, along with many others, to promote their own agenda. A healthy dose of skepticism goes a long way.
I agree that the healthcare website is a fiasco, done in the most incompetent form, by sub-par technology contractors, at a higher than needed cost. I think people should loos their jobs for being involved in this fiasco.