Welcome home, fellow Gator.

The Gator Nation's oldest and most active insider community
Join today!

Missouri's governor vows to prosecute a reporter who told the state about a data security risk

Discussion in 'Too Hot for Swamp Gas' started by philnotfil, Oct 15, 2021.

  1. philnotfil

    philnotfil GC Hall of Fame

    15,738
    1,378
    1,318
    Apr 8, 2007
    Shouldn't he just be thanking them for the heads up and fixing the problem?

    Missouri's governor vows to prosecute a reporter who told the state about a data security risk

    Maybe instead of spending $50 million prosecuting the person who pointed out the problem, they could spend a tenth of that on fixing the site?
     
    • Agree Agree x 2
    • Winner Winner x 1
  2. BLING

    BLING GC Hall of Fame

    6,568
    445
    1,358
    Apr 16, 2007
    Same Republican governor that promised to pardon the nutjobs who pointed guns at protestors is “vowing to prosecute” someone who exposed a data vulnerability?

    Sounds about right.
     
    • Like Like x 2
    • Fistbump/Thanks! Fistbump/Thanks! x 1
  3. officelife

    officelife Senior

    296
    106
    308
    Aug 11, 2017
    The reporter found the vulnerability by looking at the HTML source code, which isn’t hacking. To see the source code of any HTML website, your browser has an option for that:)

    The state exposed names and SSN of 10,000 teachers in plain text on their website. How is this anyone else’s fault but theirs? Oh, sorry, these are Republicans, it is never their fault...

    “According to the Post-Dispatch report, it discovered the vulnerability in a web application that allowed the searching of teacher certification and credentials. Social Security numbers were found in the HTML source code in the involved pages.”
     
    • Like Like x 1
    • Winner Winner x 1
    • Informative Informative x 1
  4. ValdostaGatorFan

    ValdostaGatorFan GC Hall of Fame

    2,044
    292
    378
    Aug 21, 2007
    TitleTown, USA
    No sql injection, no fuzzing, just cleartext PII. Yikes.

    They failed on the confidentiality tenant of cybersecurity, but nailed the availability part.. :emoji_joy: :emoji_face_palm:
     
    • Like Like x 1
    • Fistbump/Thanks! Fistbump/Thanks! x 1
  5. BLING

    BLING GC Hall of Fame

    6,568
    445
    1,358
    Apr 16, 2007
    This just makes it all the more idiotic. That’s definitely not a “hack” if it’s right there for anyone to see in the HTML code.

    I’m sure there must be someone in the Missouri GOP political operation that isn’t a complete incompetent turd. More likely the guv gas been advised the story wasn’t based on a hack, but they want to “retaliate” anyway… because politics.
     
    • Agree Agree x 1
    • Fistbump/Thanks! Fistbump/Thanks! x 1
  6. gatorpa

    gatorpa GC Hall of Fame

    8,441
    499
    298
    Sep 5, 2010
    East Coast of FL
    I don't think it would cost $50 million to prosecute, that's what the breach could cost the state if there was a breach.

    Also I think they said they "could" prosecute the person as they actually did hack into the system. (not saying I agree with that stance).
     
    • Like Like x 1
    • Disagree Bacon! Disagree Bacon! x 1
  7. WarDamnGator

    WarDamnGator GC Hall of Fame

    7,145
    657
    1,468
    Apr 8, 2007
    What do you mean "they actually did hack in to the system"?

    I can right click on any page in my browser, click "page source", and view the HTLM code. If they are going to post the SSN in there, even though they are hidden from normal browser viewing, it's still not hacking to view the source code that their servers are voluntary sending to my computer.
     
    • Fistbump/Thanks! Fistbump/Thanks! x 2
    • Winner Winner x 1
  8. gatorpa

    gatorpa GC Hall of Fame

    8,441
    499
    298
    Sep 5, 2010
    East Coast of FL
    Thanks for the clarification, I'm not a computer expert.
    With that said if this info wasn't disseminated, and it's not a hack then there should be no charges(not sure many Governors know what you're talking about however).
     
  9. swampbabe

    swampbabe GC Hall of Fame

    2,298
    591
    548
    Apr 8, 2007
    Viera, FL
    Someone on their staff should know, though.
     
    • Agree Agree x 2