TECHNOLOGY

Missouri has threatened to sue a reporter who identified a security flaw


Missouri Governor Mike Parsons on Thursday threatened to sue a St. Louis Post-Dispatch journalist and seek civil damages, which identified a security flaw that revealed the social security numbers of teachers and other school staff, claiming the journalist was a “hacker” and newspaper reporting it was a There was nothing but “political revenge” and “trying to embarrass the state and sell their newspaper headlines”. The Republican governor promised the state to conduct post-dispatch “accountability” for alleged crimes to find security vulnerabilities and address issues that could harm teachers.

Despite a surprising description of Parsons in a security report that would not normally be particularly controversial, the post-dispatch issue appears to have managed in a way that prevents harm to school staff while encouraging the state to have a security professor called a “mind” -buggling “weakness.” Dispatch web developer Josh Reynaud, who also wrote the article, wrote in a report released Wednesday that more than 100,000 social security numbers were vulnerable “in a web application that allows the public to search for teacher certificates and credentials.”

The report said, “Although no personal information was clearly visible or searchable on any web page, the magazine found that teachers’ social security numbers were in the HTML source code of the relevant pages.”

Post-Dispatch Ethical safety researchers usually seem to fix what they usually do in this situation: Give the organization time to close the hole before exposing it with vulnerabilities.

The article said, “The publication of this report of the newspaper has been delayed in order to give the department time to take steps to protect the personal information of teachers and to allow the state to ensure that no other organization’s web application has similar vulnerabilities.” “The news report came a day after the department removed the damaged pages from its website.”

As of this writing, the DESE Academic-Certificate Examiner was “down for maintenance.”

GOVERNOR: The journalist tried to ‘harm the Missourians’

Person described the journalist as a “criminal” who “took the records of at least three teachers, decoded the HTML source code, and viewed the social security numbers of certain educators” in an attempt to steal personal information and harm Missourians.

Major web browsers include options such as “view source” or “view page source” for viewing webpage HTML, so anything in that code is easily accessible. The initial post-submission article did not elaborate on how the social security numbers were obtained from the HTML source code, but a follow-up article on Parson’s legal threat on Thursday stated that the “teachers’ social security numbers were publicly visible” page’s visible HTML source code. “Numbers were not available in plain text but were easily converted, post-sending continued:

Shazi Khan, a cybersecurity professor at Missouri-St. University, said the DESE website was encoded but not encrypted. Louis – and that’s a key difference. No one can see the encrypted data without the specific decryption key used to hide the data. But encoding means just data in a different format and is relatively easy to decode and view.

“Anyone who knows something about development – and the bad guys are ahead – can easily decode that data,” Khan said Thursday.

The governor has informed the prosecutor of the ‘crime against teachers’

Parsons spoke at a news conference about the “video conference” on Thursday [the] Data vulnerabilities and [the] The state plans to hold criminals accountable, ”and he posted a condensed version of his comments on Facebook.

“The digital forensic unit of Illegal Petrol, which has access to encoded data and systems to check other people’s personal information, will also investigate everyone involved,” he said.



Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button