Obamacare site has NO security whatsoever built into system

http://www.cnbc.com/id/101225308

"When you develop a website, you develop it with security in mind. And it doesn't appear to have happened this time," said David Kennedy, a so-called "white hat" hacker who tests online security by breaching websites. He testified on Capitol Hill about the flaws of HealthCare.gov last week"

ALSO:

Another online security expert—who spoke at last week's House hearing and then on CNBC—said the federal Obamacare website needs to be shut down and rebuilt from scratch. Morgan Wright, CEO of Crowd Sourced Investigations said: "There's not a plan to fix this that meets the sniff test of being reasonable."

WTH?


And then this.....the dealbreaker....

But on CNBC, Kennedy disputed those claims, saying vulnerabilities remain on "everything from hacking someone's computer so when you visit the website it actually tries to hack your computer back, all the way to being able to extract email addresses, users names—first name, last name—[and] locations."

That is some scary stuff......do you think people will quit signing up? By the way, I got my new mastercard......it seems somebody broke into their system and hacked numbers......do you think people will quit using credit cards?

2seaoat wrote:That is some scary stuff......do you think people will quit signing up?  By the way, I got my new mastercard......it seems somebody broke into their system and hacked numbers......do you think people will quit using credit cards?

Hard to tell.  They have yet to write the last part of the ObamaCare website.  How you pay.  Yet ObamaCare are counting people who have not paid, as having signed up and are part of ObamaCare.

If I put 10 items in my shopping basket with Amazon.com...are they included in Amazon's sales figures?  Of course not.

Credit card issuers have limited liability and do not send your information to IRS as well as Homeland Security.

Healthcare.Gov does not limit liability to my knowledge and says information will go to IRS as well as Homeland Security.

It's not for the faint of heart, which would include me.

2seaoat wrote:That is some scary stuff......do you think people will quit signing up? By the way, I got my new mastercard......it seems somebody broke into their system and hacked numbers......do you think people will quit using credit cards?

Your analogy is piss poor as usual.

Markle wrote:

2seaoat wrote:That is some scary stuff......do you think people will quit signing up?  By the way, I got my new mastercard......it seems somebody broke into their system and hacked numbers......do you think people will quit using credit cards?

Hard to tell.  They have yet to write the last part of the ObamaCare website.  How you pay.  Yet ObamaCare are counting people who have not paid, as having signed up and are part of ObamaCare.

If I put 10 items in my shopping basket with Amazon.com...are they included in Amazon's sales figures?  Of course not.

You don't pay on the website, you sign up and the carrier sends you a premium notice.

Is it true that the first premium must be paid before 1/1/14 to be in compliance with the law? How many working poor will have that right after xmas? I'm also wondering about the employer benefit of healthcare contribution... are employees being sent to the exchange to receive a comparable subsidy from employers? Will that go to the govt as an intermediary? Go straight to insurance corps? Or simply disappear?

PkrBum wrote:Is it true that the first premium must be paid before 1/1/14 to be in compliance with the law? How many working poor will have that right after xmas? I'm also wondering about the employer benefit of healthcare contribution... are employees being sent to the exchange to receive a comparable subsidy from employers? Will that go to the govt as an intermediary? Go straight to insurance corps? Or simply disappear?

If one want's their plan effective Jan 1 then yes their premium has to be there by Jan 1, although most billing going out says they have to be in by Dec 26th. You are right about the poor that signed up and having money to pay for it because of Christmas. You are non compliant with the law if your policy is effective after March 31st, 2014.

Not completely sure what your next questions means about employer benefit. There is no employer benefit if they drop the group and tell their employee's to see if they qualify for a subsidy and then maybe give their employee's a raise to help subsidize what the employee has to pay. No HRA's are allowed so no tax benefit to the employer. I may not have answered this correctly depending on what you really meant.

ppaca wrote:

PkrBum wrote:Is it true that the first premium must be paid before 1/1/14 to be in compliance with the law? How many working poor will have that right after xmas? I'm also wondering about the employer benefit of healthcare contribution... are employees being sent to the exchange to receive a comparable subsidy from employers? Will that go to the govt as an intermediary? Go straight to insurance corps? Or simply disappear?

If one want's their plan effective Jan 1 then yes their premium has to be there by Jan 1, although most billing going out says they have to be in by Dec 26th. You are right about the poor that signed up and having money to pay for it because of Christmas. You are non compliant with the law if your policy is effective after March 31st, 2014.

Not completely sure what your next questions means about employer benefit. There is no employer benefit if they drop the group and tell their employee's to see if they qualify for a subsidy and then maybe give their employee's a raise to help subsidize what the employee has to pay. No HRA's are allowed so no tax benefit to the employer. I may not have answered this correctly depending on what you really meant.

Since fdr an employer benefit was (& could be) the subsidy of healthcare. I think you did answer in a way though. That benefit/compensation will likely disappear... meaning that though the individual must seek coverage and pay for it... biz will not.

Do you have any information on what the employer mandate will do exactly? I've heard grumblings... but no details. Will it work as a corporate tax/penalty? Is this how that former benefit to employes by corps will be recovered via govt to redistribute?

I'm sorry if I'm not making my questions clear... I'm not sure there's a clear picture yet... fascism gets complicated.

Your analogy is piss poor as usual.


Well, if you understood the levels of encryption required for credit card and banking transactions, you would realize that Master Card sits at the pinnacle of internet transactional security......yet I have spent four weeks getting emails on different subscriptions that my credit card numbers are no longer valid. Your first mistake was not understanding my point. If a credit card company or a government chooses to use the internet, from the get go there is a limited expectation of privacy. Second, what is the nature of the information which is provided. Is it generic in the non protected format, or is the encrypted vpn tunnel hackable. Even the highest levels of encryption have theoretical thresholds of insecurity.

It really becomes a cost benefit analysis. How can government serve the most with the least cost. I renew my hunting and fishing licenses on line. I provide information which is hackable. I have a SS account which has all my information, and it is hackable. I just read a great article on the deep web and bit coins in Time magazine while waiting for shots this morning, and as soon as you think you have the internet figured out.....somebody is finding a backdoor.

The push to scare people about privacy is hilarious....you are having google steal more personal information from you as we speak. Just for kicks Pace.......look up the price of ladders at the Lowes web site after using google.....then see what ads pop up on this site.....and then tell me you are worried about your personal information.

Obamacare=bad juju

PkrBum wrote:

ppaca wrote:

PkrBum wrote:Is it true that the first premium must be paid before 1/1/14 to be in compliance with the law? How many working poor will have that right after xmas? I'm also wondering about the employer benefit of healthcare contribution... are employees being sent to the exchange to receive a comparable subsidy from employers? Will that go to the govt as an intermediary? Go straight to insurance corps? Or simply disappear?

If one want's their plan effective Jan 1 then yes their premium has to be there by Jan 1, although most billing going out says they have to be in by Dec 26th. You are right about the poor that signed up and having money to pay for it because of Christmas. You are non compliant with the law if your policy is effective after March 31st, 2014.

Not completely sure what your next questions means about employer benefit. There is no employer benefit if they drop the group and tell their employee's to see if they qualify for a subsidy and then maybe give their employee's a raise to help subsidize what the employee has to pay. No HRA's are allowed so no tax benefit to the employer. I may not have answered this correctly depending on what you really meant.

Since fdr an employer benefit was (& could be) the subsidy of healthcare. I think you did answer in a way though. That benefit/compensation will likely disappear... meaning that though the individual must seek coverage and pay for it... biz will not.

Do you have any information on what the employer mandate will do exactly? I've heard grumblings... but no details. Will it work as a corporate tax/penalty? Is this how that former benefit to employes by corps will be recovered via govt to redistribute?

I'm sorry if I'm not making my questions clear... I'm not sure there's a clear picture yet... fascism gets complicated.

Well there really isn't a mandate for employer's with under 50 employee's, they do not have to offer coverage and there are no penaltie's. I have a few small group's that I have already written plans for with subsidy's and the employer is giving them money to help pay their part. How the small employer write's this off (if they can) is their business.

The penalty for large group over 50 will go to the govt, a long with every other tax they have imposed to pay for the subsidy's. Most large groups are going to keep group insurance. Hasn't been much coming out on the large employer mandate since they delayed it, who know's that may end up getting scrapped. There are quite a few under 50 that are keeping their groups around here and that can be bad for an employee's spouse and dependents, if the premium is under 9.5% of W-2 wages for the employee the other family member's cannot receive a subsidy even though it may unaffordable for them to be added. But in one case I wrote this was the case but it was cheaper to insure spouse without subsidy, even with the new plans, than it was to put her on spouse's group.

You know what's really funny is when someone calls and says I don't want nothing to do with Obamacare we say ok we will write you a plan with ABC company and see if you can get help to pay for it. Guess what? They are happy as hell as soon as they see that someone will pay part of their premium each month. But not obamacare.  

SO, you're missing the SS # part. Not usually provided when purchasing ladders.

Two cases, specifically I had this year.

1. A man's social was stolen and a third party opened a credit card account with his SS number. He used his own address in the application so that all billings were sent to him which he obviously ignored.

The victim never received notices of hearings or statements and now has a recorded lien on his home despite filing police reports and such once he became aware.

There is nothing we've been able to do to help him other than have the third party arrested. At least we were able to identify him which is not always the case.

2. A woman noticed a $1600 charge on her credit card statement. We questioned it for her and it was immediately credited, a new card issued and she lost nothing.

Both cases involved Discover Card.

I'm very concerned that people are providing social security #'s on a site that is questionable as it's an entirely different exposure.

What would be of grave concern is providing for auto withdrawal of premiums IMHO.

I hope that I'm wrong, but wouldn't be comfortable not mentioning these two recent cases.

stormwatch89 wrote:SO, you're missing the SS # part.  Not usually provided when purchasing ladders.

Two cases, specifically I had this year.

1.  A man's social was stolen and a third party opened a credit card account with his  SS number.  He used his own address in the application so that all billings were sent to him which he obviously ignored.

The victim never received notices of hearings or statements and now has a recorded lien on his home despite filing police reports and such once he became aware.

There is nothing we've been able to do to help him other than have the third party arrested.  At least we were able to identify him which is not always the case.

2.  A woman noticed a $1600 charge on her credit card statement.  We questioned it for her and it was immediately credited, a new card issued and she lost nothing.  

Both cases involved Discover Card.

I'm very concerned that people are providing social security #'s on a site that is questionable as it's an entirely different exposure.

What would be of grave concern is providing for auto withdrawal of premiums IMHO.

I hope that I'm wrong, but wouldn't be comfortable not mentioning these two recent cases.

If you are receiving a subsidy you do not pay or provide any banking or cc info, you will receive a premium notice in the mail.

I don't believe it's any worse that getting your credit care stolen right out of your mailbox, it has happened to me.

ppaca wrote:You know what's really funny is when someone calls and says I don't want nothing to do with Obamacare we say ok we will write you a plan with ABC company and see if you can get help to pay for it. Guess what? They are happy as hell as soon as they see that someone will pay part of their premium each month. But not obamacare.  

Thanks... I'm also interested in what you've heard about the risk corridor. Is it ins corp bailout if needed as it appears?

Hell... can't we wait until things fail as a result of govt interventions/solutions before we pretend that it wasn't the plan?

PkrBum wrote:

ppaca wrote:You know what's really funny is when someone calls and says I don't want nothing to do with Obamacare we say ok we will write you a plan with ABC company and see if you can get help to pay for it. Guess what? They are happy as hell as soon as they see that someone will pay part of their premium each month. But not obamacare.  

Thanks... I'm also interested in what you've heard about the risk corridor. Is it ins corp bailout if needed as it appears?

Hell... can't we wait until things fail as a result of govt interventions/solutions before we pretend that it wasn't the plan?

Yes, from what I've read it is a bail out if the insurance company indeed needs it. Here go here and scroll down to health insurance reform forum, lot's of info there.

http://www.insurance-forums.net/forum/

Stormy,

I could get your social security number using tools available to hack forums and social media. I will not go into those methods, but each of us are at risk when using the internet. My son's identity was stolen from stolen mail, and he purchased life lock, and has been very happy with the same, but even the government social security site is vulnerable, and all your earnings, former employers, social security information, and address are on line right now.

The portals and the illusion of internet security are not going to be perfect whether it is Discovery, Mastercard, or the Affordable Care Act site.

I have told this story before on the PNJ, but I observed somebody At the Circuit City in Pensacola(the store has since closed) using a memory stick to plant code on new computers. He simply acted like he was looking at the software, but I saw him click on my computer, and download the code on the new computer. The person who bought that computer signs onto the internet and instantly he is owned by the guy who just downloaded code.....on new computers I look for dates on files when buying a new computer which was not in a sealed factory box, and unless it is sealed in a box......I trust nothing.

I agree, I was screwing around several years ago after my dad died trying to find out his social and other information, I have no idea how I landed on this site through social security but had page after page of people's name's and social's. Don't know if they were all dead or alive.

ppaca wrote:

PkrBum wrote:

ppaca wrote:You know what's really funny is when someone calls and says I don't want nothing to do with Obamacare we say ok we will write you a plan with ABC company and see if you can get help to pay for it. Guess what? They are happy as hell as soon as they see that someone will pay part of their premium each month. But not obamacare.  

Thanks... I'm also interested in what you've heard about the risk corridor. Is it ins corp bailout if needed as it appears?

Hell... can't we wait until things fail as a result of govt interventions/solutions before we pretend that it wasn't the plan?

Yes, from what I've read it is a bail out if the insurance company indeed needs it. Here go here and scroll down to health insurance reform forum, lot's of info there.

http://www.insurance-forums.net/forum/

Thanks again... I'll check it out. But if the patient demographics play out as I suspect... it may be the govt that needs a bailout. I don't think the young and healthy will subsidize the sick and old in enough numbers to make it work. Then we have the enormous medicaid expansion... which by govt estimates may eclipse all other enrollees. I don't think that model even comes close to flying... I don't think any politician should've either... I won't even go into the huddled masses that bought into it. Bad ideas fail.

PkrBum wrote:

ppaca wrote:

PkrBum wrote:

ppaca wrote:You know what's really funny is when someone calls and says I don't want nothing to do with Obamacare we say ok we will write you a plan with ABC company and see if you can get help to pay for it. Guess what? They are happy as hell as soon as they see that someone will pay part of their premium each month. But not obamacare.  

Thanks... I'm also interested in what you've heard about the risk corridor. Is it ins corp bailout if needed as it appears?

Hell... can't we wait until things fail as a result of govt interventions/solutions before we pretend that it wasn't the plan?

Yes, from what I've read it is a bail out if the insurance company indeed needs it. Here go here and scroll down to health insurance reform forum, lot's of info there.

http://www.insurance-forums.net/forum/

Thanks again... I'll check it out. But if the patient demographics play out as I suspect... it may be the govt that needs a bailout. I don't think the young and healthy will subsidize the sick and old in enough numbers to make it work. Then we have the enormous medicaid expansion... which by govt estimates may eclipse all other enrollees. I don't think that model even comes close to flying... I don't think any politician should've either... I won't even go into the huddled masses that bought into it. Bad ideas fail.

Part of it was a good idea and then they started adding shit to it. My thinking is that obama and gang thought all the state's would embrace the medicaid and with all the taxes on this and that would have paid for it and the subsidy's. How could they not know that since it was pushed through by democrat's that a republican governor would not expand Medicaid? I am not too bright, especially staying in this business, but I almost knew from the beginning it is too flawed to work, but then when HHS, IRS, DOL and homeland security got a hold of page by page and started making final rules I knew this thing would go in the shit hole in about a year. I cannot believe the fools in Washington really thought this would work or maybe they didn't and planned this. Anyway a lot of people who were on the pcip plan and been uninsurable are going to make out until it's changed again.

ppaca wrote:

Markle wrote:

2seaoat wrote:That is some scary stuff......do you think people will quit signing up?  By the way, I got my new mastercard......it seems somebody broke into their system and hacked numbers......do you think people will quit using credit cards?

Hard to tell.  They have yet to write the last part of the ObamaCare website.  How you pay.  Yet ObamaCare are counting people who have not paid, as having signed up and are part of ObamaCare.

If I put 10 items in my shopping basket with Amazon.com...are they included in Amazon's sales figures?  Of course not.

You don't pay on the website, you sign up and the carrier sends you a premium notice.

Sorry, it's the representatives from ObamaCare and the company writing the program who have said the last 1/3 of the program has not been written which includes the payment part.

11/19/2013
Wait . . . WHAT? Healthcare.gov Payment System Not Even Built Yet??
Filed under: General — Patterico @ 6:04 pm
This . . . can’t be right. Can it?

Another day, another big, bad black eye for HealthCare.gov.
A crucial system for making payments to insurers from people who enroll in that federal Obamacare marketplace has yet to be built, a senior government IT official admitted Tuesday.
The official, Henry Chao, visibly stunned Rep. Cory Gardner (R-Colo.) when he said under questioning before a House subcommittee that a significant fraction of HealthCare.gov—30 to 40 percent of it—has yet to be constructed.
“We still need to build the payments system to make the payments [to insurance companies] in January,” testified Chao, deputy chief information officer of the Centers for Medicare and Medicaid Services, the federal agency that operates HealthCare.gov.

Now I guess we know why the federal government released numbers based on people who selected a plan, without regard to whether they had paid for it. If this is really right, then . . . nobody who signed up through Healthcare.gov has paid. (In the sense that insurers have received the money, which as I understand it, is a requirement for enrollment to be considered complete.) Right? Not one single person.

Am I missing something here???

http://patterico.com/2013/11/19/wait-what-healthcare-gov-payment-system-not-even-built-yet/