The Obamacare website is a deadly security hole for anyone that uses it.


Please consider donating to Behind the Black, by giving either a one-time contribution or a regular subscription, as outlined in the tip jar to the right. Your support will allow me to continue covering science and culture as I have for the past twenty years, independent and free from any outside influence.

The Obamacare website is a deadly security hole for anyone that uses it.

On his blog, professional software tester Ben Simo began tinkering with HealthCare.gov shortly after it launched and uncovered security holes almost immediately. At first, the site processed an application that he had begun filling out but did not submit​—​meaning the site took the personal information he had entered and forwarded it to a state agency without his authorization. Next, he tried changing the email address associated with his HealthCare.gov account. With most websites, when you change your email, they send a notice of the change to your old address, so that if your account has been compromised by a hacker who changes the email, you’ll be alerted. Instead, HealthCare.gov sent an email to Simo’s new address about the change​—​a redundant step that provides no security for users. When doing another bit of routine maintenance on his HealthCare.gov account, Simo found that the site was sending information about his username via unsecure HTTP protocols, rather than the encrypted HTTPS. As anyone even passingly acquainted with shopping on the Internet would realize, this is, as Simo put it, “a huge security flaw” because HTTP information can be intercepted by anyone who cares to look for it.

This single paragraph describes just a few of the security problems at the website, which essentially puts your private information in the hands of numerous third parties who really shouldn’t have it.

Now, tell me again: Who wrote this law? Who shut the government down to make sure it would go into effect on time? Who created this failure of a webpage? And who will you vote for next November?

7 comments

  • JWing

    It’s Bush’s fault.

  • Pzatchok

    Its Jena Bush’s fault.

  • Bob W

    Jena Bush is Bush’s fault.

  • According to Dear Leader, it’s not his fault (it never is). Whose ass will he kick now? To paraphrase:”This isn’t some academic exercise. I’m down here talking to people trying to use the website, because they potentially have the best answers. I’m here to find out whose ass to kick. Uhhhh, that would be mine.”

  • D. K. Williams

    I keep waiting for the “you didn’t built that” line from Dear Leader.

  • D. K. Williams

    Not surprising that O doesn’t “write code.” He didn’t write anything as head of Harvard Law Review, nor as a visiting professor at the University of Chicago. Come to think of it, I am not aware of any legislation he wrote either. In fact, his sole pieces of authorship of any “significance” appear to be his autobiographies. And he made up stuff in writing those. I suppose such a great mind can’t be bothered with such mundane tasks.

  • “Remember, if you’re trying to access the website, and you can’t get through, uh, you didn’t build that. Government did.”

Leave a Reply

Your email address will not be published. Required fields are marked *