- Joined
- Oct 22, 2002
- Messages
- 38,843
- Location
- Frozen in Michigan
- Gender
- Old Fart
- Basic Beliefs
- Don't be a dick.
https://www.npr.org/2021/10/14/1046124278/missouri-newspaper-security-flaws-hacking-investigation-gov-mike-parson
The reporter simply used the "View Source" function available on every browser.
Missouri Gov. Mike Parson is vowing to prosecute the staff of the St. Louis Post-Dispatch after the newspaper says it uncovered security vulnerabilities on a state agency website.
The governor is characterizing the paper's actions as a hacking that the state will investigate. He said it could cost taxpayers $50 million.
"Not only are we going to hold this individual accountable, but we will also be holding accountable all those who aided this individual and the media corporation that employs them," Parson said at a news conference on Thursday.
The backstory is a little complicated, so stick with us. It starts with a website maintained by the state's Department of Elementary and Secondary Education (DESE).
The Post-Dispatch said in a story published Wednesday night that an unnamed reporter had discovered flaws on that website that made the Social Security numbers of teachers and other school staff "vulnerable to public exposure."
The issue involved a web application that allowed the public to search teacher certifications and credentials. The newspaper said that no private information was clearly visible or searchable, but teachers' Social Security numbers were contained in the HTML source code of those pages. More than 100,000 Social Security numbers were vulnerable, it added.
Newspaper staff reportedly alerted DESE of the findings and delayed publishing the story to give the agency time to protect teachers' personal information and enable the state to check other websites for similar risks.
The reporter simply used the "View Source" function available on every browser.