Moda Health Insecurity

Here is a copy of an email I sent to Moda Health regarding the security of my medical information and online account.

"You have the following sever security problems that should be corrected:

Only short insecure passwords are accepted. This probably means you are storing the passwords instead of hashing them. This is terrible.
You are still supporting SSL2 - This should not be supported.
You support weak key exchanges
You support weak cipher suites.

The bottom 3 will allow a man in the middle to compromise an SSL connection.
You can run the SSL tests yourself and get feedback on how to mitigate at: https://ssllabs.com "

This doesn't seem unusual. I had similar results checking out Kaiser and Providence as well as every doctor's portal I tested.

However, every bank I've tested, as well as Amazon and Google do things properly.

Here's an overview picture from ssllabs from a report on February 18, 2014.

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		Moda Health Insecurity Here is a copy of an email I sent to Moda Health regarding the security of my medical information and online account. "You have the following sever security problems that should be corrected: Only short insecure passwords are accepted. This probably means you are storing the passwords instead of hashing them. This is terrible. You are still supporting SSL2 - This should not be supported. You support weak key exchanges You support weak cipher suites. The bottom 3 will allow a man in the middle to compromise an SSL connection. You can run the SSL tests yourself and get feedback on how to mitigate at: https://ssllabs.com " This doesn't seem unusual. I had similar results checking out Kaiser and Providence as well as every doctor's portal I tested. However, every bank I've tested, as well as Amazon and Google do things properly. Here's an overview picture from ssllabs from a report on February 18, 2014. Further reading: hacking expert David Kennedy Cracks Healthcare.gov in under 4 minutes Date: February 2014 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk

Keeping clients' computers safe and profitable for over 30 years

Moda Health Insecurity

Further reading: