SoylentNews is people
SoylentNews
from the don't-even-think-about-editing-the-URL dept.
Confused governor says looking at webpage's HTML is criminal hacking:
Gov. Mike Parson is sick and tired of all these sophisticated, no-good hackers and he's not going to take it any more. It's too bad the Missouri Republican has no idea what he's talking about.
During a Thursday press conference, the confused elected official lashed out at a journalist who reported a vulnerability in an official Department of Elementary and Secondary Education website. The reporter, notably, waited until officials fixed the error before publishing the story. The flaw? The website apparently included teachers' Social Security numbers in the HTML.
"Though no private information was clearly visible nor searchable on any of the web pages, the newspaper found that teachers' Social Security numbers were contained in the HTML source code of the pages involved," reported the St. Louis Post Dispatch.
Parson, who apparently has never heard of "view source," obliquely threatened the Post reporter with prosecution.
"The state is committing to bring to justice anyone who hacked our system and anyone who aided or encouraged them to do so — in accordance with what Missouri law allows AND requires," wrote Parson.
[... - plenty snipped - ...] Parson, in other words, has no idea what he's talking about.
canopic jug augments that with the following other sources:
Governor Mike Parson wishes that ctrl-u or f12 will become illegal. This was actually a breach of personal information, including SSANs, for over 100,000 people.
https://text.npr.org/1046124278
https://www.salon.com/2021/10/14/missouri-governor-threatens-criminal-prosecution-of-reporter-found-security-flaw-in-state-site_partner/
https://itwire.com/security/missouri-goes-after-man-who-looked-at-source-code-on-state-site.html
https://www.rollingstone.com/politics/politics-news/missouri-governor-teacher-data-hacking-1242493/
https://coldstreams.com/2021/10/14/no-it-isnt-missouri-governor-says-viewing-html-source-code-containing-private-data-the-state-published-on-every-page-is-a-crime/
https://abc17news.com/news/missouri/2021/10/14/gov-parson-threatens-legal-action-against-reporter-who-exposed-flaw-on-state-education-departments-website/
https://heavy.com/news/gov-mike-parson-html-source-code-decoded-ssn/
(Score: 2) by PiMuNu on Monday October 18 2021, @01:04PM (1 child)
One can generate a private key as a QR code or similar; thus possible to have a paper back up (which is roughly as secure/insecure as a passport).
Nb: I note in Europe all of the covid vaccination certificates hold a QR code that maps to a unique ID in a database somewhere. It functions more like a username than a password, but thought it might be of interest.
(Score: 2) by isostatic on Tuesday October 19 2021, @09:40AM
I had to have a covid passport to get into an event for work in the UK, it was a time limited QR code, which is reasonable for that specific use (you can't use that QR code to pretend to be me so security isn't critical, and it's time limited so damage is limited if it leaks)
It does rely on a central database though, which I guess realistically would be the case with any government ID -- people will lose their private key (either file, printed or on a yubi key), and require a new one, which will require certain levels of protection from the government -- I guess like getting a replacement passport. And as it's people, there will be all sorts of scams where your private key is acquired and copied, through social engineering or just plain theft, possibly without you even knowing. If every transaction was stored on a blockchain you could at least get instant notification when your ID was used (and anyone like a bank using your ID without should be treated as if they haven't seen the ID)
But I'm getting dangerously close to discussing "identity theft" -- https://www.theguardian.com/commentisfree/2018/nov/25/identity-theft-is-daylight-robbery-banks [theguardian.com]