SoylentNews

Confused Governor Says Looking at Webpage's HTML is Criminal Hacking

posted by FatPhil on Monday October 18 2021, @08:42AM   
from the don't-even-think-about-editing-the-URL dept.

upstart writes:

Confused governor says looking at webpage's HTML is criminal hacking:

Gov. Mike Parson is sick and tired of all these sophisticated, no-good hackers and he's not going to take it any more. It's too bad the Missouri Republican has no idea what he's talking about.

During a Thursday press conference, the confused elected official lashed out at a journalist who reported a vulnerability in an official Department of Elementary and Secondary Education website. The reporter, notably, waited until officials fixed the error before publishing the story. The flaw? The website apparently included teachers' Social Security numbers in the HTML.

"Though no private information was clearly visible nor searchable on any of the web pages, the newspaper found that teachers' Social Security numbers were contained in the HTML source code of the pages involved," reported the St. Louis Post Dispatch.

Parson, who apparently has never heard of "view source," obliquely threatened the Post reporter with prosecution.

"The state is committing to bring to justice anyone who hacked our system and anyone who aided or encouraged them to do so — in accordance with what Missouri law allows AND requires," wrote Parson.

[... - plenty snipped - ...] Parson, in other words, has no idea what he's talking about.

canopic jug augments that with the following other sources:

Governor Mike Parson wishes that ctrl-u or f12 will become illegal. This was actually a breach of personal information, including SSANs, for over 100,000 people.

https://text.npr.org/1046124278
https://www.salon.com/2021/10/14/missouri-governor-threatens-criminal-prosecution-of-reporter-found-security-flaw-in-state-site_partner/
https://itwire.com/security/missouri-goes-after-man-who-looked-at-source-code-on-state-site.html
https://www.rollingstone.com/politics/politics-news/missouri-governor-teacher-data-hacking-1242493/
https://coldstreams.com/2021/10/14/no-it-isnt-missouri-governor-says-viewing-html-source-code-containing-private-data-the-state-published-on-every-page-is-a-crime/
https://abc17news.com/news/missouri/2021/10/14/gov-parson-threatens-legal-action-against-reporter-who-exposed-flaw-on-state-education-departments-website/
https://heavy.com/news/gov-mike-parson-html-source-code-decoded-ssn/

---

Original Submission

• Re:snn published Re:snn published (Score: 3, Insightful) by owl on Monday October 18 2021, @04:53PM (1 child)

  by owl (15206) on Monday October 18 2021, @04:53PM (#1188085)

  To identify yourself in the US you present your SSN (fine, as you aluce to, mine is "isostatic"), and then you convince the person you are who you say you are.

  The problem in the US is that the SSN has been used as both user-identifier and as password (where knowledge of the SSN authenticated that "you are who you say you are"). And the worst of the lot are the businesses that use it as both user-identifier and password simultaneously. Which has led to the current state of affairs where "release" of the SSN is a "breach".

  It was always only ever meant to be a user-identifier, and should never have become a password. Sadly it did become a password, leading to the current mess.

  Parent

  Starting Score:	1		point
  Moderation		+1
  Insightful=1, Total=1
  Extra 'Insightful' Modifier		0
  Karma-Bonus Modifier		+1
  Total Score:		3

• Re:snn published (Score: 2) by isostatic on Tuesday October 19 2021, @09:26AM

  by isostatic (365) on Tuesday October 19 2021, @09:26AM (#1188355) Journal

  Technically it shouldn't even be used as a username (or ID - mine is 365 on this site), as it's not guaranteed to be unique

  Parent