Hackers Break Into HealthCare.gov

mpicpp is one of many to point out that hackers broke into the HealthCare.gov website in July and uploaded malicious software. "Hackers silently infected a Healthcare.gov computer server this summer. But the malware didn't manage to steal anyone's data, federal officials say. On Thursday, the Health and Human Services Department, which manages the Obamacare website, explained what happened. And officials stressed that personal information was never at risk. "Our review indicates that the server did not contain consumer personal information; data was not transmitted outside the agency, and the website was not specifically targeted," HHS spokesman Kevin Griffis said. But it was a close call, showing just how vulnerable computer systems can be. It all happened because of a series of mistakes. A computer server that routinely tests portions of the website wasn't properly set up. It was never supposed to be connected to the Internet — but someone had accidentally connected it anyway. That left it open to attack, and on July 8, malware slipped past the Obamacare security system, officials said.

Jesus wept, will people never learn?

A computer server that routinely tests portions of the website wasn't properly set up. It was never supposed to be connected to the Internet â" but someone had accidentally connected it anyway.

How, in this day and age, does this kind of stupid shit keep happening? How are network admins not creating L2 & L3 separations in the network, with internal firewalls and IDS? How are operations engineers not building local firewalls on machines, and locking down through security policies?

This isn't 1994 any more people. Hand crafted individual artisanal servers, personally wrapped in cotton wool and hand reared by the friendly neckbeard, are not how things should be done at scale in this day and age.

So that brings the successful login count to....

[erp_consultant]

exactly one :-D