WE’RE IN THE VERY BEST OF HANDS: Enrollment Data Entered Into Healthcare.gov Available in Google Search Results

Some rascal online called it IdentityTheft.gov and that assessment appears to have been validated by a top security research team. The Ohio firm TrustedSec has released a security assessment of Healthcare.gov and the results, even though they were cursory by modern standards, were very grim indeed.

David Kennedy, CEO of the firm, revealed that he withheld many of the vulnerabilities because they were so severe that publishing them could have meant the complete destruction of the site. His executive summary read simply, “based on what I can see … I would say the website is either hacked already or will be soon.”

I perused the entire report (PDF) this evening. In short, the site is not only a complete catastrophe from an operational perspective, it’s also a hacker’s dream.

…The website cost an estimated $ 624 million and consists of over 500 million lines of code. With the number of lines of code, this is one of the most complex applications ever written in the history of applications. To put this in comparison, the Microsoft Windows 8 operating system, which is the latest, has an estimated 50 to 80 million lines of code and has over 25 years of development and maturity. It should be noted that with 80 million lines of code, the Windows operating system has had a significant amount of “exploits” that have hit their product line since it’s early existence…

Microsoft has one of the largest and most sophisticated security development, protection, and remediation processes today. This process has taken years to mature and places security at the forefront. With a website that is over 6 times more complex than the Microsoft operating system and developed in an extremely short period of time, there is and was no foreseeable way to build security into the website…

…there are clear indicators that even basic security was not built into the healthcare.gov website. TrustedSec is confident based on the exposures identified that the website has critical risks associated with it and security concerns should be remediated immediately…

TrustedSec identified multiple severely critical exposures that it is not publishing publicly until they have been addressed.

…One of the more alarming trends is that the actual security testing of the website was deferred due to project delays. The website was launched without formal testing and with known risks around the security of the applications. Even further, there was little to no security built into the website or through the development. With the complexity of the website, this would indicate
that the website will suffer from significant security concerns for a long period of time unless significant action is taken to address the issues and flaws within it.

It appears that individual user accounts and names are indexed via Google and can expose profile information of individuals that sign up on data.healthcare.gov.

Based on what I’ve seen, Healthcare.gov may be the single biggest magnet for identity thieves in world history.

And, come to think of it, that’s another historic Obama first!

Doug Ross @ Journal

France is Israel’s new best friend when it comes to the Iran threat. Here’s why.

French President Hollande is suddenly Israel's new best friend.

French President Hollande is suddenly Israel’s new best friend.

(Jerusalem, Israel) — The French are suddenly Israel’s new best friend.

With P5+1 negotiations with Iran set to begin again on Wednesday, the Israelis are increasingly concerned the Obama administration is going to sell them out, accepting a disastrous deal with Tehran just for the sake of a deal.

That’s why top leaders here were thrilled that French President Francois Hollande arrived in Israel on Sunday and vowed to block any nuclear deal that did not require Iran to give up its capacities to build nuclear weapons. Israeli leaders rolled out the red carpet for the French leader at Ben Gurion International Airport, and publicly thanked Hollande for standing firm against a bad deal with Iran.

Indeed, a curious new alliance is emerging in the Middle East between Israel, the French, and the Arab states in the Gulf — most notably Saudi Arabia — all of whom are determined to stop Iran from getting The Bomb, and all of whom see President Obama as unable or unwilling to do the job.

Relations between France and Israel have been topsy-turvy over the years. Sometimes the French have been staunch allies, but not always, and not consistently. Anti-Semitism inside France is spiking so severely in recent years that many French Jews are emigrating to Israel.

“France favors an interim agreement with Iran over the Islamic Republic’s nuclear program, French President Francois Hollande said Sunday in Israel, but such an agreement would only be signed if Tehran would abandon its ambition to acquire a nuclear weapon,” reports the Times of Israel. “Speaking at a joint press conference after a meeting with Prime Minister Benjamin Netanyahu in Jerusalem, Hollande said that as long as Iran does not prove it has taken serious steps toward curbing its nuclear program, sanctions would not be relieved.”

“Words are not deeds,” the French president stated. “We’re against proliferation, and in Iran there is a will to enrich uranium to weapons-grade level.”

“Hollande went on to lay out four points that his country deemed essential for the signing of an interim agreement,” noted the Times. “France, Hollande said, would demand that all Iranian nuclear facilities be put under international control immediately, that enrichment of uranium to 20 percent be suspended, that existing uranium stockpiles be reduced, and that construction at the Arak heavy water facility be immediately halted.”

“These are essential points that we require for an agreement,” he said. “France requires a serious, stable agreement, verifiable, with all guarantees, and we will stand strong in the face of pressure….”

Last week, “France apparently blocked what its foreign minister, Laurent Fabius, called’“a sucker’s deal,’” noted the Times, although US Secretary of State John Kerry later said it was the Iranians who had chosen not to sign the accord last Saturday. US officials say a deal on the terms presented at Geneva could be signed when the talks resume on Wednesday.”


Joel C. Rosenberg’s Blog

The 25 Best Quotes Explaining the Obamacare “Glitch”

Guest post by Tyler Durden

While some have proclaimed the 36,000 enrollment in The Affordable Care Act "a good start," the online marketplaces that Obamacare has become more infamous for have been plagued with problems in the brief two weeks since launch. Politico provides 25 of the most telling and colorful comments made about the "glitches" the online exchanges have faced…

1. “I hope they are working day and night to get this done. When they get it fixed, I hope they fire some people that were in charge of making sure that this thing was supposed to work.” — former White House press secretary Robert Gibbs on MSNBC’s “Now with Alex Wagner,” Oct. 14

2. “A thousand Social Security numbers being sent to the wrong people is not a glitch!” — CNBC contributor Carol Roth on HBO’s “Real Time with Bill Maher,” Oct. 12

3. “How can we tax people for not buying a product from a website that doesn’t work?” — House Speaker John Boehner, Oct. 10

4. “Despite the widespread belief that the administration was not ready for the health law’s Oct. 1 launch, top officials and lead IT contractors looked us in the eye and assured us all systems were a go. Instead, here we are 10 days later, and delays and technical failures have reached epidemic proportions.” — Rep. Fred Upton (R-Mich.) in a statement, Oct. 10

5. “We’re going to do a challenge. I’m going to try and download every movie ever made and you are going to try to sign up for Obamacare — and we’ll see which happens first.” — Jon Stewart to Secretary Kathleen Sebelius on "The Daily Show," Oct. 7

6. “It’s a new rule: If something doesn’t work, you get rid of it! If the post office is late today, let’s get rid of the post office! If the plane is late an hour, get rid of airplanes! It’s ridiculous!— MSNBC’s Chris Matthews, Oct. 12

7. “There’s so much wrong, you just don’t know what’s broken until you get a lot more of it fixed.” — Aetna CEO Mark Bertolini, Oct. 14

8. “They had three years to get this ready. If they weren’t fully ready, they should accept the advice Republicans are giving them: Delay it for a year, get it ready and make sure it works.” — CNN’s Wolf Blitzer, Oct. 9

9. “I heard that [the website] had over 8 million hits — people that have tried to sign up — and so far they have people in the single digits that have signed up.” — Rep. Buck McKeon (R-Calif.), Oct. 9

10. “The shutdown has completely gotten in the way of the message of Obamacare not working. If there were no government shutdown, Republicans could train all their fire on the failures of the exchanges in a ‘See, I told you so’ approach.” — Republican strategist Ron Bonjean, Oct. 1

11. “The fact that there is any disruption in the website is inexcusable. But I think the attention is being diverted from the slowness of the website to the fact that we’re in this financial crisis.” — Sen. Bill Nelson (D-Fla.), Oct. 10.

12. “Basically, HHS has screwed this whole thing up.” — Rep. Darrell Issa (R-Calif.), Oct. 9

13. “Consider that just a couple of weeks ago, Apple rolled out a new mobile operating system, and within days, they found a glitch, so they fixed it. I don’t remember anybody suggesting Apple should stop selling iPhones or iPads or threatening to shut down the company if they didn’t.”  — President Barack Obama, Oct. 1

14. “If Apple launched a major new product that functioned as badly as Obamacare’s online insurance marketplace, the tech world would be calling for Tim Cook’s head.” — Ezra Klein and Evan Soltas in The Washington Post Wonkblog, Oct. 4

15. “It’s bad enough that Sebelius and Co. produced a terrible taxpayer-funded product. It’s even worse that they didn’t heed the warnings or spot the red flags. They put on a smile, flipped the switch and sat by as it crashed…[T]he first person fired should be Secretary Sebelius.” — RNC Chairman Reince Priebus, Oct. 15

16. “The secretary does have the full confidence of the president. She, like everyone else in this effort, is focused on our No. 1 priority, which is making the implementation of the Affordable Care Act work well. People are working 24/7 to address the problems and isolate them and fix them, when it comes to the website and enrollment issues.”  — Press secretary Jay Carney, Oct. 15

17. “If the problems persist another three or four weeks, those at the back of the line will not have coverage.” — Dan Schuyler,  consultant who helped design a health insurance exchange in Utah, Oct. 11

18. “If we are already running into issues at the user account stage, we’re going to run into a lot more issues when we get to the more complex operations at the [subsidy] eligibility determination.” — Dan Schuyler, consultant who helped design a health insurance exchange in Utah, Oct. 11

19. “The volume obviously is a factor: For the first day or two, it worked. A week and a half later, it’s no longer an adequate explanation.” — Washington and Lee University School of Law professor Tim Jost, Oct. 12

20. “In retrospect, they should have said to the public before Oct. 1, 'This is going to take a while; give us some time and wait.'” — John Rother, president of the National Coalition on Health Care, Oct. 12

21. “It is not unique that when you have a very large, new software program come out that people work to clean it up.” — Treasury Secretary Jack Lew, Oct. 6

22. “[It’s] pretty clear that they’re working on the glitches in Obamacare, and it’s pretty clear that we need a geek squad for the website, not a firing squad for the entire bill.” — Sen. Ed Markey (D-Mass.), Oct. 10

23. “In eight weeks, we will find out what the cause was and work it out with the help of HHS and the Small Business Administration, to make it easier to enroll.— Rep. Rubén Hinojosa (D-Texas), Oct. 10

24. “This week, Sebelius continued wasting taxpayer dollars on advertising and promotional tours. This included failed rallies at NFL stadiums and appearances on comedy shows to promote enrollment while at the same time, Americans were unable to sign up for health care plans as promised. Even Jon Stewart didn’t think it was a laughing matter.— Sen. Pat Roberts (R-Kan.), Oct. 11

25. “[It’s] like trying to repair a car while someone is driving it.” — George Edwards, computer scientist, to FoxNews.com, Oct. 10

We are sure this will all end well with the administration declaring some kind of "victory"… though that last quote seems to ring extremely true of every government plan we have seen in the last decade or 10…

Read more at ZeroHedge

Doug Ross @ Journal