Slashdot Mirror
Hackers Break Into HealthCare.gov
mpicpp is one of many to point out that hackers broke into the HealthCare.gov website in July and uploaded malicious software. "Hackers silently infected a Healthcare.gov computer server this summer. But the malware didn't manage to steal anyone's data, federal officials say. On Thursday, the Health and Human Services Department, which manages the Obamacare website, explained what happened. And officials stressed that personal information was never at risk. "Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted," HHS spokesman Kevin Griffis said. But it was a close call, showing just how vulnerable computer systems can be. It all happened because of a series of mistakes. A computer server that routinely tests portions of the website wasn't properly set up. It was never supposed to be connected to the Internet — but someone had accidentally connected it anyway. That left it open to attack, and on July 8, malware slipped past the Obamacare security system, officials said.
Yes I'm sure this has never happened to a private company or multiple major financial institutions, or academic institutions, or security companies or IT companies.
Oh wait.
How, in this day and age, does this kind of stupid shit keep happening? How are network admins not creating L2 & L3 separations in the network, with internal firewalls and IDS? How are operations engineers not building local firewalls on machines, and locking down through security policies?
This isn't 1994 any more people. Hand crafted individual artisanal servers, personally wrapped in cotton wool and hand reared by the friendly neckbeard, are not how things should be done at scale in this day and age.
FTFA: "Our review indicates that the server did not contain consumer personal information..."
So we're consumers to government services now?
It was bad enough when the corporations changed from using customers to consumers, but no way in hell should the government use that term in reference to its citizens.
--- Keep the choice with the user..
healthcare.gov was better protected then sony? homedepot? target?
Not too bad.
The Kruger Dunning explains most post on
> Yep. The country's in the very best of hands.
Damn straight, this is Obama's fault.
Some low level govt. employee accidentally connected a computer to the Internet and exposed it to malware. If that isn't the reason to impeach Obama then I don't know what is.
Confession: I just actually RTFA. Don't ban me.
Evidence the attack hadn't proceeded? That the 'attack tools' were sitting there, waiting for the command.
So someone broke in and left a bunch of 'hacker tools' laying around a directory and listening on a port as a service?
Wouldn't the last step of a successful attack be to clean up all traces, run defrag then perhaps install a fresh copy of BO. Just incase someone changes the password before you come back.
How would you know the difference between a successful raid and an aborted one? Could you give a quick answer? If you needed to search logs to even start answering but the PHB was breathing down your neck what would you say? What other servers would you even start on? What OSs are they using? What skeletons have they already hidden? Database? Read only? Did anybody 'SELECT * FROM *' lately?
Just how good can the logging/intrusion detection be? They let a local login loose.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
> Yep. The country's in the very best of hands.
Damn straight, this is Obama's fault.
Some low level govt. employee accidentally connected a computer to the Internet and exposed it to malware. If that isn't the reason to impeach Obama then I don't know what is.
Fox News reports that 8 out of 10 Republicans believe this unbelievably incompetent security breach has replaced BENGHAZI! as the worst thing that ever happened in American History.
The other two are too busy trying to find a loophole in Ted Cruz's ability to run for president. They think it will work out if we declare war on Canada.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
The difference is people voluntarily give data to these companies where as you are forced to give information to Healthcare.gov. It would be the same as if the IRS was hacked.
I love Jesus, except for his foreign policy.
Federal government isn't spending your money either. Federal government is not revenue constrained.
"Taxes for revenue is obsolete."
Yes I'm sure this has never happened to a private company or multiple major financial institutions, or academic institutions, or security companies or IT companies.
Major financial institutions, academic institutions, security companies, and IT companies don't force us under penalty of law to use their wares and put our personal confidential information at risk. Furthermore, few if any of them have managed to create something of such colossal expense, enormous failure, corruption, and risk we see now.
much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
Why does people who do not like the idea of the government collecting and storing personal data (under threat of law in most cases) that until recently was private and confidential on servers accessible by the internet have to be trolls for the Koch brothers?
And why would that be bad?
Here is the problem that maybe you simply do not get. Storing all your information on the internet is not a good thing. We have fought tooth and nail forever trying to get people to understand that and now the government decides it is best practice. So yes, completely make fools of fools might very well be warranted here. Maybe then it would cause people like you to wake up.