Saturday, April 19, 2014

My Bleeding (404Care.gov) Heart

By now, IB readers are presumably fully aware of the dangerous Heartbleed virus (well, major internet security flaw). Some may recall that a week or so ago, the folks in DC assured us that users of the 404Care.gov site weren't at risk there.

But that was then, and this is now:

"Healthcare.gov users told to change passwords following Heartbleed flaw ... People who have accounts on the enrolment website for President Barack Obama's signature healthcare law are being told to change their passwords following an administration-wide review of the government's vulnerability to the confounding Heartbleed internet security flaw."

Actually, this is potentially very bad advice: unless and until a site has been demonstrated to be HB-negative, changing one's password may simply open one up to even more shenanigans:

"If you find that a site is still vulnerable, don’t enter any passwords or data that it doesn’t already have."

To determine whether a particular site will leave you vulnerable, **here's a simple test* you can use.

In the meantime, use extreme caution when visiting the 404Care.gov site (if you must visit it at all).

[Hat Tip: John Hayward]
blog comments powered by Disqus