Creating a Password
Sorry the password must be more that 8 characters
Sorry the password must contain 1 numerical space
1 bird house
Sorry the password cannot have blank spaces
Sorry the password must contain at least one upper case character
Sorry the password can not use more that one upper case character consecutively
Sorry the password can not use more that 2 numbers consecutively
Sorry the password cannot contain punctuation
Sorry the password can not use words in the Dictionary
Sorry that password is already in use and now you need to wait 24 hour to change your password
Officials are telling that the Healthcare.gov website account holders to reset their passwords, following revelations of a bug that could allow hackers to steal data.
Officials earlier said the site HealthCare.gov, were safe from the risks surrounding Heartbleed — faulty code recently found in a widely-used encryption tool.
But, this weekend, the homepage directs users to change their login information.
“While there’s no indication that any personal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consumers’ passwords out of an abundance of caution,” HealthCare.gov states.
This is what the Site says to do
Recently, you may have heard about a new internet security weakness, known as Heartbleed, which is impacting some websites. HealthCare.gov uses many layers of protections to secure your information. While there’s no indication that any personal information has ever been at risk, we have taken steps to address Heartbleed issues and reset consumers’ passwords out of an abundance of caution. This means the next time you visit the website, you’ll need to create a new password. We strongly recommend you create a unique password – not one that you’ve already used on other websites.
How to reset your password
- Use the online Forgot Password feature
- Enter your username and click “Send email”
- Wait for the “Forgot Marketplace Password” email we’ll send you to create a new password for your account
- Follow the link in the email and answer the 3 security questions you chose when you first created your account
- Create and confirm your new password
- Click “Reset Password”
- Wait for the message that your password was successfully reset
- Log in with your new password
If you get a message that we couldn’t process your password reset request, you’ll need to try again. Click on “Return to log in page” and select the “Forgot your password?” link to get a new email with a new link to try again. If this doesn’t work, call the Marketplace call center at 1-800-318-2596 for help.
Is my information at risk?
There’s no indication that Heartbleed has been used against HealthCare.gov or that any personal information has ever been at risk. However, we’re resetting current passwords out of an abundance of caution, to ensure the protection of your information.
Additional password tips and information about managing your HealthCare.gov account is located at https://www.healthcare.gov/help/i-am-having-trouble-logging-in-to-my-marketplace-account/.
Original release date: April 08, 2014
- OpenSSL 1.0.1 through 1.0.1f
- OpenSSL 1.0.2-beta
A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension.
OpenSSL versions 1.0.1 through 1.0.1f contain a flaw in its implementation of the TLS/DTLS heartbeat functionality. This flaw allows an attacker to retrieve private memory of an application that uses the vulnerable OpenSSL library in chunks of 64k at a time. Note that an attacker can repeatedly leverage the vulnerability to retrieve as many 64k chunks of memory as are necessary to retrieve the intended secrets. The sensitive information that may be retrieved using this vulnerability include:
- Primary key material (secret keys)
- Secondary key material (user names and passwords used by vulnerable services)
- Protected content (sensitive data used by vulnerable services)
- Collateral (memory addresses and content that can be leveraged to bypass exploit mitigations)
Exploit code is publicly available for this vulnerability. Additional details may be found in CERT/CC Vulnerability Note VU#720951.
This flaw allows a remote attacker to retrieve private memory of an application that uses the vulnerable OpenSSL library in chunks of 64k at a time.
OpenSSL 1.0.1g has been released to address this vulnerability. Any keys generated with a vulnerable version of OpenSSL should be considered compromised and regenerated and deployed after the patch has been applied.
US-CERT recommends system administrators consider implementing Perfect Forward Secrecy to mitigate the damage that may be caused by future private key disclosures.
This is copied from the DHS Site as a public service
Introducing Microsoft SQL Server 2014
In this book, the authors explain how SQL Server 2014 incorporates in-memory technology to boost performance in online transactional processing (OLTP) and data-warehouse solutions. They also describe how it eases the transition from on-premises solutions to the cloud with added support for hybrid environments.
Download the PDF