from the don't-even-think-about-editing-the-URL dept.
Confused governor says looking at webpage's HTML is criminal hacking:
Gov. Mike Parson is sick and tired of all these sophisticated, no-good hackers and he's not going to take it any more. It's too bad the Missouri Republican has no idea what he's talking about.
During a Thursday press conference, the confused elected official lashed out at a journalist who reported a vulnerability in an official Department of Elementary and Secondary Education website. The reporter, notably, waited until officials fixed the error before publishing the story. The flaw? The website apparently included teachers' Social Security numbers in the HTML.
"Though no private information was clearly visible nor searchable on any of the web pages, the newspaper found that teachers' Social Security numbers were contained in the HTML source code of the pages involved," reported the St. Louis Post Dispatch.
Parson, who apparently has never heard of "view source," obliquely threatened the Post reporter with prosecution.
"The state is committing to bring to justice anyone who hacked our system and anyone who aided or encouraged them to do so — in accordance with what Missouri law allows AND requires," wrote Parson.
[... - plenty snipped - ...] Parson, in other words, has no idea what he's talking about.
canopic jug augments that with the following other sources:
Governor Mike Parson wishes that ctrl-u or f12 will become illegal. This was actually a breach of personal information, including SSANs, for over 100,000 people.
https://text.npr.org/1046124278
https://www.salon.com/2021/10/14/missouri-governor-threatens-criminal-prosecution-of-reporter-found-security-flaw-in-state-site_partner/
https://itwire.com/security/missouri-goes-after-man-who-looked-at-source-code-on-state-site.html
https://www.rollingstone.com/politics/politics-news/missouri-governor-teacher-data-hacking-1242493/
https://coldstreams.com/2021/10/14/no-it-isnt-missouri-governor-says-viewing-html-source-code-containing-private-data-the-state-published-on-every-page-is-a-crime/
https://abc17news.com/news/missouri/2021/10/14/gov-parson-threatens-legal-action-against-reporter-who-exposed-flaw-on-state-education-departments-website/
https://heavy.com/news/gov-mike-parson-html-source-code-decoded-ssn/
(Score: 4, Insightful) by Anonymous Coward on Monday October 18 2021, @08:47AM (21 children)
(Score: 5, Insightful) by Anonymous Coward on Monday October 18 2021, @10:46AM (19 children)
oh, you mean like the US president who asked about injecting bleach into veins, during a live press conference?
governors gotta governate...
(Score: 0, Troll) by Runaway1956 on Monday October 18 2021, @01:43PM (17 children)
That TDS has eaten your brain away, AC - along with the brain of whoever modded you up.
https://www.dailywire.com/news/fact-check-no-trump-did-not-tell-people-to-inject-themselves-with-disinfectant-or-drink-bleach [dailywire.com]
Abortion is the number one killed of children in the United States.
(Score: 4, Informative) by canopic jug on Monday October 18 2021, @02:07PM (7 children)
He did recommend injection, it's just unclear from his incoherent ramblings whether he meant intravenous injection or else flushing the lungs with it or something else. Either way it doesn't matter.
Money is not free speech. Elections should not be auctions.
(Score: -1, Troll) by Runaway1956 on Monday October 18 2021, @02:23PM (6 children)
"So it would be interesting to check that." is not equivalent to saying "we need to do that". Read the quotes again. You're right that he rambles around in that interview, disjointed and ridiculous sounding. He's trying to keep up with the smarter kids, and too dumb to sit down and shut up. But he DID NOT tell people to inject bleach.
Abortion is the number one killed of children in the United States.
(Score: 1, Troll) by Anonymous Coward on Monday October 18 2021, @03:31PM (2 children)
It's a new language forming. Call it TDS English. Where Trump saying that voters need to know their votes will count turns into "Trump urges Republicans not to vote".
(Score: 1, Troll) by DannyB on Monday October 18 2021, @04:21PM
Here are some facts for you. [businessinsider.com] And some more facts. [yahoo.com]
Here are my predictions:
1. Nobody backs the orange one's big lie about the 2020 election
2. Republicans dutifully sit out the 2022 and 2024 election because
godTrump told them to3. Weeping and
wailingwhaling about how the 2022 and 2024 elections were stolen! Massive conspiracy! Election fraud! Blame the voting machine manufacturers! etc.If you think a fertilized egg is a child but an immigrant child is not, please don't pretend your concerns are religious
(Score: 0) by Anonymous Coward on Tuesday October 19 2021, @12:15PM
I don't understand this Trump Derangement Syndrome. Is it like Projection?
https://en.wikipedia.org/wiki/Psychological_projection [wikipedia.org]
Like when you say the "other side is deranged" while meaning themselves are the ones deranged? The definition is rather plain
I see the TDS everywhere, where the so called "Trump Supporters" cannot act rationally
* vaccines
* the so called "critical race theory" or at least what they are fed it to be
* China
* COVID
* global warming
and the list goes on. Rational thought means you act with FACTS on your back. Nothing from the so called "Trump Supporters" is backed by actual facts but irrational fears and innuendos and talking points of the far-right authoritarians. And if you try to use FACTS, these so called "Trump Supporters" are the first to employ their "Cancel Culture".
https://www.thedailybeast.com/trumpist-lawyers-lin-wood-tell-georgia-republicans-dont-vote-in-the-senate-runoff [thedailybeast.com]
https://www.thedailybeast.com/trump-tells-republicans-not-to-vote-in-2022-or-2024 [thedailybeast.com]
FACTS. Or is english spoken by those deranged by Trump no longer logical? I hear Nazis are still trying to find Hitler tunnels in Antarctica. And of course, he's still alive. Like that type of derangement??
https://www.abc.net.au/radionational/programs/scienceshow/weird-antarctica---the-truth-behind-secret-nazi-bases-and-aliens/12325562 [abc.net.au]
(Score: 0) by Anonymous Coward on Monday October 18 2021, @03:38PM
The horrified look on Brix's face when he asked her that suggests otherwise for the intent of the question.
(Score: 0) by Anonymous Coward on Monday October 18 2021, @08:35PM (1 child)
I am so happy to see further evidence that Runaway1956 does not like ex-impeached President Trump, and did not vote for him, and would only defend him for having said really stupid things by citing the DailyWire rightwing demented website. Yeah, if only there was some way we could inject bleach, or very strong light, or nuclear bombs. Oh, and since Trump is the best-est precendent ever, the election must have been rigged! Such a simple genius! What a maroon!
(Score: 0) by Anonymous Coward on Tuesday October 19 2021, @03:03AM
Republicans have become toddlers. Tantrum throwing reality denying toddlers. Bad news is they can purchase guns. Good news is they don't actually want consequences for their choices so most will not go on murder sprees.
(Score: 4, Insightful) by edIII on Monday October 18 2021, @07:19PM (8 children)
TDS is something that Trump supporters suffer from, because it is the only explanation of why they still defend and support him.
He represents Satan more than he represents Jesus, so Christians are full of shit when they put him up on that pedestal.
You know what he said. You can be upset about it because it makes him look a total fucking uneducated clueless moron, and therefore your choice in supporting him feel judged, but don't deny reality dude.
That's what TDS is, the pervasive denial of reality about what Trump actually is. A selfish uneducated blowhard and bully who only looks out for himself and nobody else. I saw that in 2015, which was why I had to vote for Hillary. I chose the shit sandwich instead of the orange anus :)
We both know that shit sandwich would've at least gone with science instead of political expedience and not been rambling on about insane theories like disinfectant being injected into people.
I don't expect you to see reality though. You know, of course, the Emperor is wearing clothes right? The best clothes of course.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1, Troll) by Runaway1956 on Monday October 18 2021, @10:42PM (7 children)
*yawn*
Read the exchange from which the "quotes" are taken. Read it a couple of times. Trump doesn't say what is attributed to him. Yes, he sounds stupid, he's in over his head, he blabbers, but he simply did not say what liberals claim that he said. But, you know how the Big Lie is - you repeat it often enough, loudly enough, and the sheep all believe it.
Abortion is the number one killed of children in the United States.
(Score: 5, Insightful) by edIII on Monday October 18 2021, @11:25PM (6 children)
Don't need to read it. I watched it on TV and saw the faces on the people that, for whatever reason, were too timid to correct him in real time. Once people called him out on his fucking idiocy, he tries to pivot and claims it was a joke. So everything is either a joke, an immature attempt to trigger the libs, or double-down on something the experts don't support like the malaria/parasite medicines. Remember, he made the whole thing political when it never needed to be. He did. That info is not delivered to me via excerpts or biased reporting, but video recordings of the man speaking for himself.
He doesn't just sound stupid, he IS stupid. If he had a modicum of intelligence, he would surround himself by people smarter than him, and actually listen to them. Instead he has to bad mouth them and compete with them, because he has to be the smartest person in the room otherwise his ego takes to much of a hit for him to be functional. He can't be wrong, somebody else has to be, and he will fight and lie till death before acknowledging that he was wrong.
He's a true piece of shit on so many levels, and that's why Trump supporters suffer from TDS and not the other way around. I'm not a fan of democrats, I'm not a liberal, not a fan of Obama or Hillary, but I'm REALLY not a fan of people like Trump. It wouldn't matter if he labelled himself liberal, libertarian, progressive, green, democrat, he is just a vile piece of shit.
Yet, despite how terrible of a person he is, Republicans have made them the Messiah capable of no wrong.
What concerns me is how many people are unable to see the man for what he is, all politics aside.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1, Informative) by Anonymous Coward on Tuesday October 19 2021, @01:02AM
I want everyone to notice that Runaway just used scare quotes to dismiss the literal words that came out of his mouth. Now literal quotes are not even quotations anymore, just "quotes." But you also have to appreciate how the great teller-of-how-it-is needs people to tell you what he "really meant" because he doesn't actually mean what he literally said.
(Score: 4, Insightful) by deimtee on Tuesday October 19 2021, @01:44AM (4 children)
I watched that speech. My understanding of what he actually meant was "Wouldn't it be nice if we could find something that would kill this virus (inside the lungs) the same way bleach or UV does (outside the lungs)."
A reasonable sentiment, if not the sort of statement you should be making in a supposedly factual press conference.
The TDS is that the media took the absolute worst possible interpretation of what his rambling statement meant and endlessly hyped it without quoting it until people believed that he actually said "you should inject bleach into your veins".
No problem is insoluble, but at Ksp = 2.943×10−25 Mercury Sulphide comes close.
(Score: 2) by Runaway1956 on Tuesday October 19 2021, @10:02AM
Bingo. The man acted stupid in front of the cameras, and his enemies multiplied that stupid by a couple orders of magnitude. This certainly isn't the first time that Trump would have done better just to STFU, and let the adults talk.
Abortion is the number one killed of children in the United States.
(Score: 0) by Anonymous Coward on Tuesday October 19 2021, @12:26PM (1 child)
https://www.youtube.com/watch?v=33QdTOyXz3w [youtube.com]
Do you need a fucking transcript or is your brain not listening to the BULLSHIT he talks about? You wish it was something he didn't say? Here, you can read the wise man's words.
(Score: 2) by deimtee on Tuesday October 19 2021, @01:45PM
The difference is in what is meant by an ambiguous two word phrase in that ramble. "like that"
If he is referring to the disinfectant then he would be an idiot.
If he is referring to the effect of the disinfectant it is a reasonable, if overly hopeful, statement.
If anyone other than Trump said "wouldn't it be great if we could find a medicine that would kill it as fast as bleach does" you would just agree. You might think it was wishful thinking, but you wouldn't accuse them of being worse than Hitler.
No problem is insoluble, but at Ksp = 2.943×10−25 Mercury Sulphide comes close.
(Score: 0) by Anonymous Coward on Tuesday October 19 2021, @01:29PM
your mechanism for understanding things is probably broken.
I watched the same thing, and he was looking at the lady doctor, and he was pretty obviously asking whether a "cleansing" with bleach can be done. He's so incoherent in general that you can claim all kind of misunderstandings if you want to, and I'm pretty sure in that moment he was more concerned with what he looked like on camera and being delighted with how important he was.
but believe whatever you want.
(Score: 0) by Anonymous Coward on Monday October 18 2021, @06:46PM
I mean I hate Trump as much as the next guy, but it can at least be said that he ASKED about it.
The scary thing was that the response was not an immediate, "NO" from everyone in the room that knew how... anything worked.
(Score: 3, Interesting) by Thexalon on Monday October 18 2021, @06:30PM
Or, alternately, the problem is the consistent refusal of political leaders to take responsibility for the mistakes of their subordinates. If your government hired a website development company because the sales guy was somebody's nephew or some politician's major donor, that was your foul-up too.
That's why he's calling it "OMG Hacking!" He wants to put the responsibility on the discoverer of the failure rather than the cause of the failure.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 1, Informative) by Anonymous Coward on Monday October 18 2021, @09:00AM (8 children)
Shouldn't be news. You can always find a politician that will say "View Source" is hacking or thinks their screen is the computer or that webpages use Java. Higher standards, guys!
(Score: 3, Insightful) by isostatic on Monday October 18 2021, @09:44AM (6 children)
I have a lot of old (and not so old) ilos. Webpages still use java -- full blown horrendous applets, not just javaws (which is half-blown horrendous)
(Score: 2, Funny) by nitehawk214 on Monday October 18 2021, @01:57PM (2 children)
I would argue that those are not webpages. Just browser bastardization.
Emphasis on the bastard.
"Don't you ever miss the days when you used to be nostalgic?" -Loiosh
(Score: 2) by Freeman on Monday October 18 2021, @02:14PM (1 child)
Hey, we need applications in the cloud, dude!
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by isostatic on Tuesday October 19 2021, @09:28AM
Ironically cloud based people never touch hardware, or ilos. It's old farts like me that deal with our own equipment.
(Score: 3, Insightful) by DannyB on Monday October 18 2021, @04:25PM (2 children)
There are four bad browser binary extensions that never should have been allowed to happen. Security nightmares all:
If you need a proprietary binary extension to make the browser do what is needed, then the browser standards needed to be extended. And eventually, they were. Making the above items a historical blight that can now be safely forgotten.
If you think a fertilized egg is a child but an immigrant child is not, please don't pretend your concerns are religious
(Score: 2, Interesting) by Anonymous Coward on Monday October 18 2021, @09:41PM
I see you're fine with WASM then? Be careful what you wish for.
Maybe the answer isn't to 'extend' the browser standard and maybe we should take a step back and ask ourselves: "is this really a thing it should do"... The answer, more often than not, is "no, it shouldn't do that"
(Score: 2, Insightful) by Anonymous Coward on Tuesday October 19 2021, @11:56AM
The fact that we try so hard to forget Applets, ActiveX, Flash and Silverlight is why we are now replicating the exact same issue with Javascript: the seamless, transparent execution of random applications by reading what should be mostly inert interlinked documents.
So yes. Do forget the horrors of browser plugins. Then let's all wonder why Javascript is a disaster of biblical proportions today.
(Score: 2) by Joe Desertrat on Thursday October 21 2021, @09:48PM
Shouldn't be news, except these are the sort of politicians that are in control of passing legislation that affects the technology they refer to in their ignorance. It only takes a well thought out wave of popular opinion to help get bad legislation passed.
(Score: 4, Funny) by Runaway1956 on Monday October 18 2021, @09:04AM (1 child)
Missouri will soon be looking for new web page designers, after they arrest the ones they have now. Hey, isn't that a STEM job? LOL
Abortion is the number one killed of children in the United States.
(Score: 3, Insightful) by zocalo on Monday October 18 2021, @09:53AM
UNIX? They're not even circumcised! Savages!
(Score: 4, Insightful) by Barenflimski on Monday October 18 2021, @09:41AM
I wonder where he got that line from. Hacking? Did he spout it off the cuff? Did an advisor tell him to lead with this line? Did some AI "idea bot" offer up an idea to spout this, as it found a correlation in his cloud of contacts? Was he just throwing shit at the wall to see what stuck?
Usually the only 'hacked' thing you find in an HTML page is how hacked together the HTML page was by a 'web designer', who just wanted to make it work.
(Score: 2, Informative) by Anonymous Coward on Monday October 18 2021, @11:06AM (13 children)
SoylentNews Number is leaked for every user in wvery cmment on this site.
isn't the real problem that SSN are used as ID itself in USA. aka a pwd rather than uid it really is.
(Score: 3, Interesting) by Anonymous Coward on Monday October 18 2021, @11:27AM (6 children)
Yes, SSN in the US is used as a personal identifier. Even though the Social Security Administration themselves do not guarantee a unique number per person. Yes, the SSA has issued the same number to different people -- they don't mean to do it, but they sometimes do, and they deal with it by weaseling with the "not guaranteed unique" disclaimer. Sadly this is usually discovered after the effected people have grown up and try to get a job, and then the collision is discovered. Trying to get the SSA to fix a mistake from 20 years ago is a challenge.
As a database designer in my former life, I can't remember how many programmers I had to almost beat down when they wanted to use SSN as the key identifier for a person. Especially in a case that had a rare but well-known exception that required putting a non-American into the system (no, they didn't even have a Fed Tax ID either).
(Score: 3, Informative) by linuxrocks123 on Monday October 18 2021, @09:10PM (5 children)
This is complete and utter bullshit. It is not the case that a valid SSN should ever map to more than one person. The reverse is not true: it is quite possible that one person could have two SSNs. That's not a great thing to have happen, but sometimes it does, and the SSA can deal with it by adding the earnings under one to the earnings under the other. However, it is the case that no SSN will ever map to more than one person, unless one of them is lying and using someone else's SSN (i.e. illegal immigrants). Think about it: how would the SSA figure out what your benefit should be if it can't tell how much money you paid in Social Security tax? And how can the SSA figure out what you paid in tax if all your earnings are commingled with someone else's earnings?
If the SSA messed up and gave the same SSN to two people, they would probably cancel it and assign new numbers to each of the two people affected. If they'd both worked under the messed-up SSN, they'd have to manually go through the work history and copy the appropriate parts of the work history to the newly assigned replacement numbers.
SSNs don't work for what they are designed to do unless each one uniquely identifies a person. So, yes, they do that. That fact is orthogonal to whether they should be used as a key in a database, but don't lie and spread BS to get your way on that argument.
(Score: 0) by Anonymous Coward on Tuesday October 19 2021, @12:28AM (2 children)
When a person is deceased. The pools of available SSNs are not actually sufficient to cover every person in America past, present, or future. That said, normally they are issued out in blocks, geographically and then regionally so nowadays there should not be many duplicates happening. However back in the day thanks to clerical errors it was possible that SSN ranges got reused before one party died, or go double used by two people in adjacent areas (or rarely different states).
So yeah while the SSN was MEANT to be a unique identifier for tax purposes, it has in effect never been a definitively unique identifier.
(Score: 4, Informative) by linuxrocks123 on Tuesday October 19 2021, @01:04AM (1 child)
BULL. SHIT.
https://www.ssa.gov/history/hfaq.html [ssa.gov]
(Score: 2) by Immerman on Tuesday October 19 2021, @03:25AM
I'm not so sure about "generations to come". 9 digits means exactly 1 billion possible SS Numbers (including the invalid ones) , meaning Americans alive *today* are using roughly 1/3 of all possible numbers, While everyone who got a SS number since 1936 and subsequently died has removed numbers from the pool. We've probably got fewer never-used SS numbers available than there are currently-active numbers, and will need to revise the system within a few decades. Aka 1 to 2 generations.
(Score: 2) by Immerman on Tuesday October 19 2021, @03:31AM
Last I heard, 000-00-0000 is still by far the most popular SSN in the country, "belonging" to a huge number of lawfully admitted non-citizens.
Any time you have a required field for a non-required value, you *will* have duplicates. If you're very, very lucky there will only be one, easily identified placeholder value.
It's practically become the CS101 example of why you should *never* assume any user-supplied value is actually unique. Precisely because so many legacy programmers DID make that assumption, much to the occasional aggravation of everyone using their software for ever after.
(Score: 1, Interesting) by Anonymous Coward on Tuesday October 19 2021, @03:20PM
You're a fucking idiot. There, we've exchanged insults.
Sure, you're describing the way the whole SS system is supposed to work. Unfortunately reality is a trifle bit different.
First, the SSA doesn't knowingly issue the same number to more than one person. And yeah, once that mistake is discovered, they'll fix it by giving new numbers. But it takes a looooong fucking time. Until that long fucking time, any system that uses the numbers still has to fucking deal with the fucking problem.
Second, the reason the SSA does not guarantee unique numbers is partly to dodge any legal liability associated with such mixups, and to avoid having to deal with multiple people paying into the system under the same number, which happens all the fucking time due to illegal aliens stealing other people's SSNs.
Look, I worked in a very large state at one of their very large pension systems. We had different people claiming the same SSN all the fucking time. Sometimes it was typos on the forms their employers sent us when signing up. Rarely it was the SSA assigning the same number to different people. Usually it was identity theft. When we detected duplication, all we could do was ask the two (or more) employer agencies to double-check the SSN with the employee. If they both came back claiming that the number was correct, we weren't allowed to do anything sane like report it to the SSA, or call the fucking police, or even notify the poor employees that someone was probably stealing their identity. We tried reporting it to the SSA once, and they told us not to bother them with it. They just want the money flowing in, and they're content to wait until someone actually goes to draw on their Social Security to figure out who gets which payments. After all, if one or both of them die or get deported, then they won't have to fix it, will they?
So, yeah, sure, SSNs should only be one per person. Out in the actual world, they aren't, and real computer systems that actually do real work have to be able to deal with that shit.
(Score: 4, Interesting) by isostatic on Monday October 18 2021, @11:28AM (5 children)
Correct, it's no more secure than your name. It's benefit is to disambiguate people, so "Joe Bloggs" and "Joe Bloggs" aren't mixed up (even then I believe there are edge cases where SSN have been dual-assigned, some people have more than one SSN, etc).
Passport numbers and credit card numbers are also public information -- stay in any hotel in the world and they are taken. Which is fine if it's your username.
To identify yourself in the US you present your SSN (fine, as you aluce to, mine is "isostatic"), and then you convince the person you are who you say you are.
The standard for confirming that the username is yours on this website is a password. Not great, but for the low importance of this site it's adequate.
To log into my bank I need my userid, password, and a 2fa approval, which is better, although the trust is just one-way.
A secure fashion would be to have the SSN and a public key being listed on the blockchain, and you would use your private key to authenticate yourself. The person you're authenticating with could be confirmed by you by checking the public key.
If your key were revoked on the blockchain you'd know about it, if you did that because you lose control of your private key, that's fine. If someone else revokes it you'd know.
Doesn't solve the "my private key was lost without my knowledge" issue, nor the "I lost my private key" issue, but unlike SSN your private key should not even be able to leave the device you're using to authenticate so the first is far less of a problem than the SSN.
(Score: 2) by PiMuNu on Monday October 18 2021, @01:04PM (1 child)
One can generate a private key as a QR code or similar; thus possible to have a paper back up (which is roughly as secure/insecure as a passport).
Nb: I note in Europe all of the covid vaccination certificates hold a QR code that maps to a unique ID in a database somewhere. It functions more like a username than a password, but thought it might be of interest.
(Score: 2) by isostatic on Tuesday October 19 2021, @09:40AM
I had to have a covid passport to get into an event for work in the UK, it was a time limited QR code, which is reasonable for that specific use (you can't use that QR code to pretend to be me so security isn't critical, and it's time limited so damage is limited if it leaks)
It does rely on a central database though, which I guess realistically would be the case with any government ID -- people will lose their private key (either file, printed or on a yubi key), and require a new one, which will require certain levels of protection from the government -- I guess like getting a replacement passport. And as it's people, there will be all sorts of scams where your private key is acquired and copied, through social engineering or just plain theft, possibly without you even knowing. If every transaction was stored on a blockchain you could at least get instant notification when your ID was used (and anyone like a bank using your ID without should be treated as if they haven't seen the ID)
But I'm getting dangerously close to discussing "identity theft" -- https://www.theguardian.com/commentisfree/2018/nov/25/identity-theft-is-daylight-robbery-banks [theguardian.com]
(Score: 3, Insightful) by owl on Monday October 18 2021, @04:53PM (1 child)
The problem in the US is that the SSN has been used as both user-identifier and as password (where knowledge of the SSN authenticated that "you are who you say you are"). And the worst of the lot are the businesses that use it as both user-identifier and password simultaneously. Which has led to the current state of affairs where "release" of the SSN is a "breach".
It was always only ever meant to be a user-identifier, and should never have become a password. Sadly it did become a password, leading to the current mess.
(Score: 2) by isostatic on Tuesday October 19 2021, @09:26AM
Technically it shouldn't even be used as a username (or ID - mine is 365 on this site), as it's not guaranteed to be unique
(Score: 0, Offtopic) by mcgrew on Monday October 18 2021, @06:27PM
Correct, it's no more secure than your name.
I see you've never worked with large databases, or if you did you were ineptly incompetent. Your name alone is the absolutely WORST identifier. Remember when Senator Paul Simon was on SNL with the singer Paul Simon? Unless you live in a tiny state there are a dozen people with the same name as you living in your state. I know from handling databases working for Illinois (retired now).
Carbon, The only element in the known universe to ever gain sentience
(Score: 0) by Anonymous Coward on Monday October 18 2021, @12:37PM (3 children)
Consider an old fashoned paper system where you call in and the state snail mails you the same information.
They print the info on a sheet or paper (The visable web page)
They put the sheet in an envelope. (The HTML)
They hide a braindead tracking number in small print on the envelope (The SSN.)
They put the envelope in a 'security' outer envelope and send it registered mail. (The 'S' im HTTPS/)
A reporter gets a few reports and notices the SSN printed on the inner envelope.
Instead of publishing the situation, he allerts the state and gives them a chance to fix their process.
The Gov goes ballistic ignoring that his folks sent the SSN to the reporter and saying the reporter wasn't supposed to read it because it was in a 'security' envelope.
The judge looks at the situation, laughs, and submits the Gov for a Streisand_effect class.
The reporter publishes a nice article showing how and why to look at web page sources.
(Score: 3, Touché) by Dr Spin on Monday October 18 2021, @01:05PM
The reporter publishes a nice article showing how and why to look at web page sources.
That is the problem right there!
The reporter should have explained how not to look at state web pages
Warning: Opening your mouth may invalidate your brain!
(Score: 2) by mcgrew on Monday October 18 2021, @06:48PM (1 child)
Your post reminded me of something I still chuckle about. This isn't exactly on-topic, but I worked for the Illinois bureau that was trying to scientifically find a way to get people back to work. Most of my co-workers were sociologists, psychologists, and statisticians. I was a methods and procedures something something, I've forgotten the exact title.
Anyway, they had a program called "Project Chance" and wanted to know what the clients (welfare recipients) thought of it. They thought folks would like it. They designed a survey and mailed out 90,000 of the people on the experimental program. 30,000 came back, which they told me was unprecedented for a survey, a far better response than expected. I was tasked with building a small database to hold the survey data. Small compared to the mainframe databases...
The results were not only overwhelmingly negative, they were downright hostile. But what I thought was funny was the document number. It's a bureaucracy thing, where every different state document has to have a document number, so there was a document number on every survey, the exact same number on every survey. People obviously thought it was a tracking number, because they would hide it with a magic marker or tear it off. This was especially with the most hostility laden vulgarities.
Needless to say, the study was buried quickly, but what the clients called "project no chance" didn't stay around long, either. I was amused.
Carbon, The only element in the known universe to ever gain sentience
(Score: 0) by Anonymous Coward on Tuesday October 19 2021, @01:54AM
Humorous yes, but a perfectly reasonable assumption on their part. If the government sends me a form with a twelve digit number on it, I would also assume it is a tracking number until proved otherwise. Especially if the document was in any way personalized.
(Score: 3, Interesting) by bzipitidoo on Monday October 18 2021, @03:27PM (1 child)
Heck, I've been criticized just for searching for someone online. One of my cousins was imprisoned for fraud, some kind of scammy tech startup in which they took investor money, and delivered vaporware. First thing that comes up on a search for him is that story. I've never met the guy and didn't know anything about him beyond the family tie, and was just trying to get some genealogy info, not embarrass anyone. (Mind, if you really don't want to embarrass people, shouldn't do any genealogy at all, as that tends to be a rich source of dirt on those relatives who aren't terribly virtuous, but like to pretend they are.) My aunt was unhappy that I got nosy and "uncovered" that about him.
I recall a story about a school equating F5 with a DoS attack. One of the students refreshed the school website repeatedly, and seems their feeble system couldn't handle the load. It's all too common at bad schools to blame the students for every little broken thing, even when it's clearly not their fault. Hack together some incredibly fragile bandage to hold something together, or just cover up that it's broken, then scream bloody murder when anyone so much as looks in that general direction. This governor would fit right into that kind of school.
(Score: 1, Insightful) by Anonymous Coward on Monday October 18 2021, @08:25PM
Actually if the student was intentionally using F5 to bring down the website then it is a DOS attack.
Don't matter if the target is weak or feeble.
Just like intentionally showing flashing lights to someone to give them an epileptic fit can be a crime.
(Score: 0) by Anonymous Coward on Monday October 18 2021, @04:03PM (1 child)
= jail
(Score: 2) by DannyB on Monday October 18 2021, @04:33PM
Don't attend Control U. Go to a different school such as F12.
If you think a fertilized egg is a child but an immigrant child is not, please don't pretend your concerns are religious
(Score: 3, Interesting) by DannyB on Monday October 18 2021, @04:28PM (1 child)
Long ago. Someone, at an airport, I think, using a laptop with Linux. Lots of fancy command line stuff. Someone notifies the police of someone doing 'hacking'. Police ask a few questions. Then laugh and walk away.
If you think a fertilized egg is a child but an immigrant child is not, please don't pretend your concerns are religious
(Score: 0) by Anonymous Coward on Monday October 18 2021, @08:27PM
(Score: 2) by Opportunist on Monday October 18 2021, @06:02PM
Either get better advisors or get smarter.
I suggest the former, the latter is probably not as easy. And it's harder to get the taxpayer to foot the bill for it.
Otherwise, we'll continue to consider you an illiterate idiot who runs his mouth about stuff he knows jack shit about.