Heartbleed ... Healthcare.gov affected. (Not political, not partisan)

[Chadeaux]

I received this notice from Healthcare.gov this AM (removed all actual links - use extreme caution, healthcare.gov will infect your computer with tracking software, if you visit, do so using sandboxie or a Virtual Machine for your safety):

We’ve reset your HealthCare.gov password

Recently, you may have heard about a new internet security weakness, known as Heartbleed, which is impacting some websites. HealthCare.gov uses many layers of protections to secure your information and we’ve recently enhanced our systems to add additional protections. While there’s no indication that the Heartbleed vulnerability has been used against HealthCare.gov or that any personal information has ever been at risk, we have reset consumers’ passwords out of abundance of caution.​

​

This means the next time you visit the website, you’ll need to create a new password. We strongly recommend you create a unique password – not one that you’ve already used on other websites.​

​

How to reset your password​

​

1. Use the online Forgot Password Feature
2. Enter your username and click “Send email”
3. Wait for the “Forgot Marketplace Password” email we’ll send you to create a new password for your account

Here are some password tips and information about managing your HealthCare.gov account. For additional information about the Heartbleed vulnerability, please visit HealthCare.gov/heartbleed.
​

​

The HealthCare.gov Team​

​

If you spend $500 million on a website that should cost less than $150k, why in the hell are you skimping on the SSL software and using "Open Source" --- all hackers have access to the source code --- instead of paying a few hundred or a few thousand and getting a REAL solution?
​

​

 

Amazon Forum Fav 👍

Minelab PRO-FIND 35 Waterproof Pinpointer Metal Detector for Experts with Tone ID & Adjustable Sensitivity - Grab it through Amazon!

[Frankn]

I thought Heart bleed used a flaw in the internet system to capture your password, WHEN YOU CHANGED IT!

Frank...

 

[Chadeaux]

Heartbleed is a bit of "bad code" (the author claims it was an "accident") in OpenSSL ... the software that "encrypts" your communication with "secure sites".

You know, you've seen the little padlock in the address of your browser when you're signing in to your email or other online accounts. There are different versions, some cost a pretty penny, but OpenSSL is "Open Sourced" which means that individuals can contribute code and anyone who wishes can see the source code, but best of all, if you're a cheapscate ... as it's open source, there is no charge -- it's released under the GPL (GNU Public License, just like GIMP).

See https://people.gnome.org/~markmc/openssl-and-the-gpl.html

 

[Chadeaux]

I'm Kinda new to the computer area! Virtual machine isn't able to be tracked? I have a split hard drive or whatever you call it! I can pick between operating systems! I have no intention of becoming a hacker, I just want to be invisible!

I'm trying to keep it vague Because I don't want to turn your thread into a how to! I was playing with W S and it wasn't what I was looking for.

No problem.

Think of a virtual machine like a kitty litter box. When it gets a bit of poop in it, you throw the litter away. The virtual machine is like the box you put the litter in.

As far as "invisible on the internet", no such thing. Your ISP PROBABLY has an NSA mirror set up where all instructions sent to your ISP are also sent to the NSA's computer. When you connect, you must identify yourself --- remember the "username and password" you sign on with? Even if you use an "always on" connection, at some point you signed in and your IP (even if it changes) is recorded and it is associated with your account. Therefore the NSA knows who you are and they know what you sent to your aunt Millie 5 years ago.

The only thing you can do is keep the end connection (TreasureNet for example) from knowing where you actually are. The NSA already knows, so if you're a bad boy, and they decide to prosecute ... they already have the information.

Total anonymity is a fantasy.

 

[BC1969]

Must have missed my post on it last week.
I warned folks but somebody said I didn't know what I was talking about.
Since a good 90% of web servers use that version of SSL, people were led to believe by said naysayer it would all be fixed by last weekend..I loled at that.
I'm sure there are millions of servers where whomever is administering them is not even aware of the bug.

Mike

 

[Chadeaux]

Read your post last week, I just thought the fact that the goobers who make money decisions can pay many many times OVER a reasonable cost for a website but skimp on security.

Then almost a month after it happens, they notify their "clients". The patch was issued the same day the problem was exposed.

Can you say "BASSACKWARDS?"