Obamacare website is FINALLY working


citizenzen

macrumors 65816
Mar 22, 2010
1,433
11,628
You'd think that if the tax-payers shelled out $174 million for a website it would have some security features in place, instead of being completely vulnerable.
Hyperbolic.

Is this the level of discussion we're going to have here?

Of course it is.

I don't even know why I asked the question.
 

EvilQueen

macrumors 6502
Aug 15, 2013
261
21
In my own world
Depends on what you call working. Instead of getting an error message because the site isn't working, you get a message that the site isn't working and you are put into a cue. Semantics.
 

ChrisWB

macrumors 6502
Dec 28, 2004
253
1,052
Chicago
Depends on what you call working. Instead of getting an error message because the site isn't working, you get a message that the site isn't working and you are put into a cue. Semantics.
I think that you meant queue.

Healthcare.gov is a disaster, and its multitude of problems have undermined our confidence in the government. That's assuming that we had any confidence in the government after congress' performance these past few years.
 

Zombie Acorn

macrumors 65816
Feb 2, 2009
1,301
9,062
Toronto, Ontario
Depends on what you call working. Instead of getting an error message because the site isn't working, you get a message that the site isn't working and you are put into a cue. Semantics.
Did anyone read the article? This is about the site not being built with security in mind. Another words the government is helping you distribute your personal information through their incompetence.
 

obeygiant

macrumors 601
Jan 14, 2002
4,003
3,776
totally cool
Hyperbolic.

Is this the level of discussion we're going to have here?

Of course it is.

I don't even know why I asked the question.
How is anything I said "hyperbolic"?

The security issues are real:

FTA said:
"When you develop a website, you develop it with security in mind. And it doesn't appear to have happened this time," said David Kennedy, a so-called "white hat" hacker who tests online security by breaching websites. He testified on Capitol Hill about the flaws of HealthCare.gov last week.

"It's really hard to go back and fix the security around it because security wasn't built into it," said Kennedy, chief executive of TrustedSec. "We're talking multiple months to over a year to at least address some of the critical-to-high exposures on the website itself."

"When you look at the site itself, it could be really good. It could do really well. They're just not building the security into the site itself," said Kennedy. "Putting your information on there is definitely a risk."
As far as the cost goes if you can find a better number please do. I didn't post the $300-$600 million because I thought that would be exaggerating. That should be a damn nice website...

So either you don't know what "hyperbolic" means or you're just blowing smoke. I don't know which.
 

zioxide

macrumors 603
Dec 11, 2006
5,725
3,711
I think that you meant queue.

Healthcare.gov is a disaster, and its multitude of problems have undermined our confidence in the government. That's assuming that we had any confidence in the government after congress' performance these past few years.
Did anyone read the article? This is about the site not being built with security in mind. Another words the government is helping you distribute your personal information through their incompetence.
Funny because I'm pretty sure the Healthcare.gov website was built by a private contractor. You get what you pay for.

If we would have actually invested enough money in building the website from the start, there wouldn't have been these problems. But since half of Congress is perfectly fine with cutting off their nose to spite their face, we end up with this mess.
 

lannister80

macrumors 6502
Apr 7, 2009
476
17
Chicagoland
Did anyone read the article? This is about the site not being built with security in mind. Another words the government is helping you distribute your personal information through their incompetence.
There is a ton of hand-waving in that article. What kind of vulnerabilities are we talking about? SQL injection? MITM? What exactly?
 

Huntn

macrumors demi-god
May 5, 2008
17,078
16,604
The Misty Mountains
I think that you meant queue.

Healthcare.gov is a disaster, and its multitude of problems have undermined our confidence in the government. That's assuming that we had any confidence in the government after congress' performance these past few years.
You're not a Republican or Tea Party type are you? You forgot to mention "train wreck". :rolleyes:
 

hulugu

macrumors 68000
Aug 13, 2003
1,819
10,237
quae tangit perit Trump
Funny because I'm pretty sure the Healthcare.gov website was built by a private contractor. You get what you pay for.

If we would have actually invested enough money in building the website from the start, there wouldn't have been these problems. But since half of Congress is perfectly fine with cutting off their nose to spite their face, we end up with this mess.
Eh, blaming Congress for nickel and dimming the program ignores HHS's refusal to get a systems integrator to bring all the disparate parts together.

The federal government, especially the Pentagon seem increasingly unreliable when it comes to acquisitions and programs.

There is a ton of hand-waving in that article. What kind of vulnerabilities are we talking about? SQL injection? MITM? What exactly?
This article seems pretty good when it comes to the vulnerabilities that reside in Healthcare.gov.

The biggest problem appears to be the relative ease that attackers may have in creating MITM attacks.
 
Last edited:

citizenzen

macrumors 65816
Mar 22, 2010
1,433
11,628
How is anything I said "hyperbolic"?
It's hyperbolic because you imply that no security was built into the site.

Obviously some security was built in.

You could have talked about the degree and capability of that security, but instead you chose to describe it hyperbolically as "completely vulnerable" as if no security existed at all.
 

bradl

macrumors 601
Jun 16, 2008
4,006
11,823
It's hyperbolic because you imply that no security was built into the site.

Obviously some security was built in.

You could have talked about the degree and capability of that security, but instead you chose to describe it hyperbolically as "completely vulnerable" as if no security existed at all.
Not only would security have to obviously be built in, but would be mandated and required by HIPAA, so it would have had to be there from the start.

BL.
 

Zombie Acorn

macrumors 65816
Feb 2, 2009
1,301
9,062
Toronto, Ontario
Funny because I'm pretty sure the Healthcare.gov website was built by a private contractor. You get what you pay for.

If we would have actually invested enough money in building the website from the start, there wouldn't have been these problems. But since half of Congress is perfectly fine with cutting off their nose to spite their face, we end up with this mess.
Pass the buck, a true sign of leadership.

Plenty of money was invested, where it actually went is another question. It's pretty obvious the millions didn't get spent on technology and development.
 

ChrisWB

macrumors 6502
Dec 28, 2004
253
1,052
Chicago
Funny because I'm pretty sure the Healthcare.gov website was built by a private contractor. You get what you pay for.

If we would have actually invested enough money in building the website from the start, there wouldn't have been these problems. But since half of Congress is perfectly fine with cutting off their nose to spite their face, we end up with this mess.
The administration chose the contractors. It's a government-run website. The government does not get to absolve itself of blame if a contractor that they chose does a poor job.

You're not a Republican or Tea Party type are you? You forgot to mention "train wreck". :rolleyes:
No. I believe that the ACA is a good law (I would prefer single-payer), and I believe that it will have great long-term benefits. However, the website IS a train wreck. Have you used it? My home state (Illinois) utilises the national website, and it only started to function correctly this week (security issues aside).

I believe that the ACA is a positive change, but the implementation of the website was and continues to be terrible. We can't give our elected officials a pass when they deliver poor services simply because we like their politics.

For what it's worth, I believe that the national loss of confidence in congress is due to the lack of statesmanship in the Tea Party and Republican party. They are an embarrassment to conservatives, and they deserve to be called out on it as well.
 

Eraserhead

macrumors G4
Nov 3, 2005
10,300
10,386
UK
This article seems pretty good when it comes to the vulnerabilities that reside in Healthcare.gov.

The biggest problem appears to be the relative ease that attackers may have in creating MITM attacks.
A lot of those issues are pretty bad, but they also aren't that hard to fix to be honest. With clickjacking for example you just need to follow the steps here which are pretty straightforward for any competent developer to implement.
 

MyMac1976

macrumors 6502
Apr 14, 2013
489
1
Yes the privates sector screws just about everything up when they're paid a fixed dollar amount..

The first mistake was having the website built by a contractor and the second was handing millions more people over to private sector insurance companies.
 

rdowns

macrumors Penryn
Jul 11, 2003
27,345
12,409
Not only would security have to obviously be built in, but would be mandated and required by HIPAA, so it would have had to be there from the start.

BL.

I don't think HIPPA comes into play as no medical information is needed to sign up for healthcare.
 

hulugu

macrumors 68000
Aug 13, 2003
1,819
10,237
quae tangit perit Trump
A lot of those issues are pretty bad, but they also aren't that hard to fix to be honest. With clickjacking for example you just need to follow the steps here which are pretty straightforward for any competent developer to implement.
Sure. I'm not really arguing that the system is fatally flawed, but rather the program has flaws serious enough to allow an attacker to steal data.

What's important is how people talk about the flaws ("fundamental" "completely vulnerable") versus a clear-eyed examination of what the flaws are and how the site can be fixed.

The first is a political issue and you'll see partisan hacks flocking to it because that's easy ground to fight from. No one in Congress is capable of discussing "clickjacking," so we'll see big arguments using vague terminology and hyperbole.
 

Eraserhead

macrumors G4
Nov 3, 2005
10,300
10,386
UK
Sure. I'm not really arguing that the system is fatally flawed, but rather the program has flaws serious enough to allow an attacker to steal data.

What's important is how people talk about the flaws ("fundamental" "completely vulnerable") versus a clear-eyed examination of what the flaws are and how the site can be fixed.

The first is a political issue and you'll see partisan hacks flocking to it because that's easy ground to fight from. No one in Congress is capable of discussing "clickjacking," so we'll see big arguments using vague terminology and hyperbole.
I would expect these issues to be resolved by Christmas to be honest. I could probably fix them as a developer in less than a week - but you have to add QA and deployment to that. If those processes are world-class then add a day or so for both. Otherwise maybe 2-3-4 weeks.