If you find and report a security breach to a company, you are normally thanked; sometimes you may even receive an award. However, the governor of Missouri takes the opposite approach and threatens to sue a reporter for discovering a serious vulnerability on the state website.
This week, the St. Louis Post-Dispatch reported that the state's Department of Elementary and Secondary Education website potentially exposed the Social Security numbers of over 100,000 teachers.
It seems that the social security numbers were visible via the HTML computer code in plain textt in the website's web pages. This means that anyone can find sensitive personal information simply by right clicking in a browser and clicking "View Page Source " on the applicable web page.
Post-dispatch reported the flaw to state authorities so that they could correct the website immediately. The newspaper even delayed the publication of an article on the issue to give the state enough time to protect the personal data at stake. But rather than thanking the newspaper, Republican Gov. of Missouri, Mike Parson describes the reporter who discovered the vulnerability as a hacker.
"A hacker is someone who obtains unauthorized access to information or content. This person was not allowed to do what they did ", he said in a press conference Thursday. Tweet
"This individual is not a victim," he added. "They were acting against a state agency to compromise a teacher's personal information in an attempt to embarrass the state and sell headlines to their media.
Parson went on to claim that the reporter had to "convert and decode " the computer code of the website to access Social Security numbers. However, the governor's response is causing the IT industry to roll their eyes, as it is also possible to view a website's HTML code by pressing the F12 key on the Chrome browser.
US Senator Ron Wyden even intervened. it's a crime. Neither is cybersecurity research. The real leadersdon't let go of their attack dogs on the press when they expose government failures, they roll up their sleeves and solve the problem, "he wrote in a tweet .
In the meantime, the St. Louis Post-Dispatch dismisses Parson's threat as completely unfounded. "The journalist acted responsibly in reporting his findings to DESE so that the state can act to prevent the 'pulgation and abuse,'" the newspaper 's lawyer, Joseph Martineau, wrote in a statement to post-dispatch. "A hacker is someone who subverts security with malicious or criminal intent. here there was no certainly malicious firewall violation. "
According to Governor Parson, the state may need to spend up to $ 50 million to correct the flaw. Newsletter Security Watch for our besttheir privacy and security stories delivered straight to your inbox. ", " first_published_at ": " 2021-09-30T21: 22: 09.000000Z ", " published_at ": " 2021-09 -30T21: 22: 09.000000Z ", " last_published_at ": " 2021-09-30T21: 22: 03.000000Z ", " created_at ": null, " updated_at ": " 2021-09 -30T21: 22: 09.000000Z "}) " x-show = "showEmailSignUp () " class = "rounded bg-gray-lightest text- md: px-32 md: py-8 p-4 font -brand mt-8 container-xs ">
I like What you are reading?
Sign up for the Security Watch newsletter for our best privacy and security stories delivered straight to your inbox.
Thank you for your inion!
Your inion has been confirmed. Keep an eye on your inbox! Sign for other newsletters