Health care site flagged in Heartbleed review

[Zoom-boing]

People who have accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the confounding Heartbleed Internet security flaw.

Officials said the administration was prioritizing its analysis of websites with heavy traffic and the most sensitive user information. A message that will be posted on the health care website starting Saturday reads: "While there's no indication that any personal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consumers' passwords out of an abundance of caution."

The White House has said the federal government was not aware of the Heartbleed vulnerability until it was made public in a private sector cybersecurity report earlier this month. The federal government relies on the encryption technology that is impacted — OpenSSL — to protect the privacy of users of government websites and other online services.

The Homeland Security Department has been leading the review of the government's potential vulnerabilities. The Internal Revenue Service, a widely used website with massive amounts of personal data on Americans, has already said it was not impacted by Heartbleed.

Health care site flagged in Heartbleed review

 

[billyerock1991]

People who have accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the confounding Heartbleed Internet security flaw.

Officials said the administration was prioritizing its analysis of websites with heavy traffic and the most sensitive user information. A message that will be posted on the health care website starting Saturday reads: "While there's no indication that any personal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consumers' passwords out of an abundance of caution."

The White House has said the federal government was not aware of the Heartbleed vulnerability until it was made public in a private sector cybersecurity report earlier this month. The federal government relies on the encryption technology that is impacted — OpenSSL — to protect the privacy of users of government websites and other online services.

The Homeland Security Department has been leading the review of the government's potential vulnerabilities. The Internal Revenue Service, a widely used website with massive amounts of personal data on Americans, has already said it was not impacted by Heartbleed.

Health care site flagged in Heartbleed review

so whats your point ??? they are being cautious ... that's a bad thing with all the hacking that's been going on, you now don't want them to be
cautious ??? they did say they were showing of any kind of hacking going on their web sites ... are you trying to give us another scare, so people won't try to sign up next time ??? I mean 8 million people sign up and they haven't shown andy signs of being hack ... is that what your post is all about ... trying to scare people away from signing??? well then do it by the phone ... case closed...

 

[Zoom-boing]

People who have accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the confounding Heartbleed Internet security flaw.

Officials said the administration was prioritizing its analysis of websites with heavy traffic and the most sensitive user information. A message that will be posted on the health care website starting Saturday reads: "While there's no indication that any personal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consumers' passwords out of an abundance of caution."

The White House has said the federal government was not aware of the Heartbleed vulnerability until it was made public in a private sector cybersecurity report earlier this month. The federal government relies on the encryption technology that is impacted — OpenSSL — to protect the privacy of users of government websites and other online services.

The Homeland Security Department has been leading the review of the government's potential vulnerabilities. The Internal Revenue Service, a widely used website with massive amounts of personal data on Americans, has already said it was not impacted by Heartbleed.

Health care site flagged in Heartbleed review

so whats your point ??? they are being cautious ... that's a bad thing with all the hacking that's been going on, you now don't want them to be
cautious ??? they did say they were showing of any kind of hacking going on their web sites ... are you trying to give us another scare, so people won't try to sign up next time ??? I mean 8 million people sign up and they haven't shown andy signs of being hack ... is that what your post is all about ... trying to scare people away from signing??? well then do it by the phone ... case closed...

What is your problem? I posted this in case anyone signed up and missed this story. Just like I posted the Heartbleed info on my FB page.

Once again, your idiot brain read something that wasn't there. Get a life, moron.

 

[waltky]

Heartbleed found to have additional previously unknown malware...

New Bugs Found in 'Heartbleed' Cyber Threat Software
June 05, 2014 — Security researchers have uncovered new bugs in the Web encryption software that caused the pernicious “Heartbleed” Internet threat that surfaced in April.

Experts said the newly discovered vulnerabilities in OpenSSL, which could allow hackers to spy on communications, do not appear to be as serious a threat as “Heartbleed.” The new bugs were disclosed on Thursday as the group responsible for developing that software released an OpenSSL update that contains seven security fixes.

Experts said that websites and technology firms that use OpenSSL technology should install the update on their systems as quickly as possible. Still, they said that could take several days or weeks because companies need to first test systems to make sure they are compatible with the update. “They are going to have to patch. This will take some time,” said Lee Weiner, senior vice president with cybersecurity software maker Rapid7.

OpenSSL technology is used on about two-thirds of all websites, including ones run by Amazon.com, Facebook, Google and Yahoo. It is also incorporated into thousands of technology products from companies, including Cisco Systems, Hewlett-Packard, IBM, Intel, and Oracle. The widespread “Heartbleed” bug surfaced in April when it was disclosed that the flaw potentially exposed users of those websites and technologies to attack by hackers who could steal large quantities of data without leaving a trace. That prompted fear that attackers may have compromised large numbers of networks without their knowledge.

Security experts said on Thursday that the newly discovered bugs are more difficult to exploit than “Heartbleed,” making those vulnerabilities less of a threat. Still, until users of the technology update their systems, “there is a window of opportunity” for sophisticated hackers to launch attacks and exploit the newly uncovered vulnerabilities, said Tal Klein, vice president of strategy with cloud security firm Adallom.

New Bugs Found in 'Heartbleed' Cyber Threat Software