Missouri's governor still doesn't know how websites work
Missouri's governor still doesn't know how websites work
Missouri Governor Mike Parson doesn't understand how websites work. He once again held a press conference in St. Louis earlier this week to reiterate his desire to prosecute a St. Louis Post-Dispatch journalist for viewing the government website's source code.
In October 2021, reporter Josh Renaud reported that early and secondary education website source code had exposed the Social Security numbers of more than 100,000 school teachers, administrators and counselors. They published the story only after the state reported the problem and the vulnerability was resolved.
Parsons and DESE were apparently not grateful for the alert and immediately accused Renaud of "hacking" the DESE website. Missouri Education Commissioner Margie Vandeven sent a letter to teachers stating that "one person took the records of at least three teachers, unencrypted the source code from the webpage, and obtained the Social Security numbers (SSNs) of those specific teachers." " saw."
Louis Post-Dispatch, the FBI told the state that the website was "misconfigured" and that Renaud's action was "not an actual network intrusion".
The source code was not encrypted. The source code of a website is usually available to anyone using a web browser. While scraping it requires some technical knowledge, just viewing it is as simple as opening the "Developer Tools" option available in almost every web browser, including Chrome, Safari, Firefox, and Edge. If you'd like, you can check out The Verge's source code right now. According to Parson and Deese's argument, anyone who uses developer tools on a website that doesn't have them is a hacker.
Actually...give a second....boom, I just hacked Facebook.
While the gross misunderstanding of how websites work by both a state agency and the governor of said state may be funny, Governor Parson's behavior since the paper was first published is nothing. According to public records obtained by the St. Louis Post-Dispatch, VanDeven initially planned to thank the paper for discovering the vulnerability. It was only after meeting the Governor's office that his tone became one of accusation and counter-accusation.
The Missouri State Highway Patrol, whose superintendent is appointed by the governor, began an investigation into the newspaper story. He handed the case to Cole County prosecuting attorney Locke Thompson on Monday, December 27. Governor Parson held a press conference on Wednesday, December 29, where he cited a state statute related to computer tampering and repeatedly suggested Thompson should use it to prosecute. , Renaud and Pepper.
At the press conference, he compared Renaud's actions to a man who uses a lock pick to enter a person's home without permission. Which is by no means a fair analogy. Websites are public-facing. They are like public buildings, not houses. A more appropriate analogy would be that someone is in a state-owned building and walks through a locked room, and someone posts a bunch of sensitive information in a window for them to see, whether they have the keys or not. ,
Personally, I want someone to knock on the door and point out the problem without the fear of being sued by a stoic person who doesn't know how a website works.
No comments