House Intell Chairman: Obamacare Website is not Secure. No Encryption!

[WelfareQueen]

It just keeps getting worse for Obama and his drones. Per Mike Rogers, House Intelligence Chairman, the Obamacare website is not secure and lacks basic encryption technology. Basically, anyone can hack into the system to get any information you put in. Since the site requires SSN, e-mail account, DOB, address, phone number, financial information and will ultimately contain your IRS and Health records...this is very troubling.

Here is the statement from Mike Rodgers.


Rep. Mike Rogers, R-Mich., chair of the House Intelligence Committee, told CNN’s Candy Crowley on Sunday that he is not convinced the Obamacare website is secure enough, saying it may have to be completely redesigned.

“The way the system is designed, it is not secure,” Rogers said.

Rogers explained that every time an agency goes to another agency with a piece of information — called a “boundary” — the data is vulnerable to being compromised because these boundaries are insecure, the Washington Free Beacon reported.

When Crowley asked if the security problems can be fixed by the end of November, Rogers said he was concerned because the site does “not have an overarching solid cyber security plan to prevent the loss of private information.”

“I’m even more concerned today than I was even last week,” Rogers added. “I know that they’ve called in another private entity to try to help with the security of it. The problem is they may have to redesign the entire system. There is no real encryption of data."

And that is in regard to a system that has cost taxpayers upwards to $1 billion dollars, depending on who you ask.


This is a statement from Cyber-security expert John McAfee


McAfee said the fundamental flaw of the website is in the architecture.

“The system was designed such that you have to download a bunch of really poorly written software, do all the inputs and calculations, and then upload it back to the site,” said McAfee. “Apparently the designers assumed that you could save a few trillion CPU cycles by making everyone do the computations on their home computers, but they completely disregarded how much traffic this would push into the pipeline. Anyone with a basic understanding of CPU cycles versus Internet pipelines knows that if you do that, you’re just creating a gigantic denial of service attack on your own system that will not get better unless you throw it out and start over again.”

McAfee said he doesn’t believe the current administration will attempt to re-architect the system.

“They’ll just push it off to the next administration to do,” he said.

Read more at McAfee says he was asked to fix Obamacare - Silicon Valley 411 | SV411

 

[waltky]

Data-scrambling encryption works, and the industry should use more of it...

What the CIA WikiLeaks Dump Tells Us: Encryption Works
March 10, 2017 — If the tech industry is drawing one lesson from the latest WikiLeaks disclosures, it's that data-scrambling encryption works, and the industry should use more of it.

Documents purportedly outlining a massive CIA surveillance program suggest that CIA agents must go to great lengths to circumvent encryption they can't break. In many cases, physical presence is required to carry off these targeted attacks. "We are in a world where if the U.S. government wants to get your data, they can't hope to break the encryption,'' said Nicholas Weaver, who teaches networking and security at the University of California, Berkeley. "They have to resort to targeted attacks, and that is costly, risky and the kind of thing you do only on targets you care about. Seeing the CIA have to do stuff like this should reassure civil libertarians that the situation is better now than it was four years ago.''

More encryption

Four years ago is when former NSA contractor Edward Snowden revealed details of huge and secret U.S. eavesdropping programs. To help thwart spies and snoops, the tech industry began to protectively encrypt email and messaging apps, a process that turns their contents into indecipherable gibberish without the coded "keys'' that can unscramble them.

The NSA revelations shattered earlier assumptions that internet data was nearly impossible to intercept for meaningful surveillance, said Joseph Lorenzo Hall, chief technologist at the Washington-based civil-liberties group Center for Democracy & Technology. That was because any given internet message gets split into a multitude of tiny "packets,'' each of which traces its own unpredictable route across the network to its destination.

The realization that spy agencies had figured out that problem spurred efforts to better shield data as it transits the internet. A few services such as Facebook's WhatsApp followed the earlier example of Apple's iMessage and took the extra step of encrypting data in ways even the companies couldn't unscramble, a method called end-to-end encryption.

Challenges for authorities

See also:

Alleged CIA Hacking Techniques Lay Out Online Vulnerability
March 10, 2017 | WASHINGTON — If this week’s WikiLeaks document dump is genuine, it includes a CIA list of the many and varied ways the electronic device in your hand, in your car, and in your home can be used to hack your life.

It’s simply more proof that, “it’s not a matter of if you’ll get hacked, but when you’ll get hacked.” That may be every security expert’s favorite quote, and unfortunately they say it’s true. The WikiLeaks releases include confidential documents the group says exposes “the entire hacking capacity of the CIA.” The CIA has refused to confirm the authenticity of the documents, which allege the agency has the tools to hack into smartphones and some televisions, allowing it to remotely spy on people through microphones on the devices.

WikiLeaks also claimed the CIA managed to compromise both Apple and Android smartphones, allowing their officers to bypass the encryption on popular services such as Signal, WhatsApp and Telegram. For some of the regular tech users, news of the leaks and the hacking techniques just confirms what they already knew. When we’re wired 24-7, we are vulnerable. “The expectation for privacy has been reduced, I think,” Chris Coletta said, “... in society, with things like WikiLeaks, the Snowden revelations ... I don’t know, maybe I’m cynical and just consider it to be inevitable, but that’s really the direction things are going.”

The internet of things

The problem is becoming even more dangerous as new, wired gadgets find their way into our homes, equipped with microphones and cameras that may always be listening and watching. One of the WikiLeaks documents suggests the microphones in Samsung smart TV’s can be hacked and used to listen in on conversations, even when the TV is turned off. Security experts say it is important to understand that in many cases, the growing number of wired devices in your home may be listening all the time.

“We have sensors in our phones, in our televisions, in Amazon Echo devices, in our vehicles,” said Clifford Neuman, the director of the Center for Computer Systems Security, at the University of Southern California. “And really almost all of these attacks are things that are modifying the software that has access to those sensors, so that the information is directed to other locations. Security practitioners have known that this is a problem for a long time.”

Neuman says hackers are using the things that make our tech so convenient against us. “Certain pieces of software and certain pieces of hardware have been criticized because, for example, microphones might be always on,” he said. “But it is the kind of thing that we’re demanding as consumers, and we just need to be more aware that the information that is collected for one purpose can very easily be redirected for others.”

Tools of the espionage trade