SoylentNews is people
SoylentNews
from the don't-even-think-about-editing-the-URL dept.
Confused governor says looking at webpage's HTML is criminal hacking:
Gov. Mike Parson is sick and tired of all these sophisticated, no-good hackers and he's not going to take it any more. It's too bad the Missouri Republican has no idea what he's talking about.
During a Thursday press conference, the confused elected official lashed out at a journalist who reported a vulnerability in an official Department of Elementary and Secondary Education website. The reporter, notably, waited until officials fixed the error before publishing the story. The flaw? The website apparently included teachers' Social Security numbers in the HTML.
"Though no private information was clearly visible nor searchable on any of the web pages, the newspaper found that teachers' Social Security numbers were contained in the HTML source code of the pages involved," reported the St. Louis Post Dispatch.
Parson, who apparently has never heard of "view source," obliquely threatened the Post reporter with prosecution.
"The state is committing to bring to justice anyone who hacked our system and anyone who aided or encouraged them to do so — in accordance with what Missouri law allows AND requires," wrote Parson.
[... - plenty snipped - ...] Parson, in other words, has no idea what he's talking about.
canopic jug augments that with the following other sources:
Governor Mike Parson wishes that ctrl-u or f12 will become illegal. This was actually a breach of personal information, including SSANs, for over 100,000 people.
https://text.npr.org/1046124278
https://www.salon.com/2021/10/14/missouri-governor-threatens-criminal-prosecution-of-reporter-found-security-flaw-in-state-site_partner/
https://itwire.com/security/missouri-goes-after-man-who-looked-at-source-code-on-state-site.html
https://www.rollingstone.com/politics/politics-news/missouri-governor-teacher-data-hacking-1242493/
https://coldstreams.com/2021/10/14/no-it-isnt-missouri-governor-says-viewing-html-source-code-containing-private-data-the-state-published-on-every-page-is-a-crime/
https://abc17news.com/news/missouri/2021/10/14/gov-parson-threatens-legal-action-against-reporter-who-exposed-flaw-on-state-education-departments-website/
https://heavy.com/news/gov-mike-parson-html-source-code-decoded-ssn/
(Score: 1, Interesting) by Anonymous Coward on Tuesday October 19 2021, @03:20PM
You're a fucking idiot. There, we've exchanged insults.
Sure, you're describing the way the whole SS system is supposed to work. Unfortunately reality is a trifle bit different.
First, the SSA doesn't knowingly issue the same number to more than one person. And yeah, once that mistake is discovered, they'll fix it by giving new numbers. But it takes a looooong fucking time. Until that long fucking time, any system that uses the numbers still has to fucking deal with the fucking problem.
Second, the reason the SSA does not guarantee unique numbers is partly to dodge any legal liability associated with such mixups, and to avoid having to deal with multiple people paying into the system under the same number, which happens all the fucking time due to illegal aliens stealing other people's SSNs.
Look, I worked in a very large state at one of their very large pension systems. We had different people claiming the same SSN all the fucking time. Sometimes it was typos on the forms their employers sent us when signing up. Rarely it was the SSA assigning the same number to different people. Usually it was identity theft. When we detected duplication, all we could do was ask the two (or more) employer agencies to double-check the SSN with the employee. If they both came back claiming that the number was correct, we weren't allowed to do anything sane like report it to the SSA, or call the fucking police, or even notify the poor employees that someone was probably stealing their identity. We tried reporting it to the SSA once, and they told us not to bother them with it. They just want the money flowing in, and they're content to wait until someone actually goes to draw on their Social Security to figure out who gets which payments. After all, if one or both of them die or get deported, then they won't have to fix it, will they?
So, yeah, sure, SSNs should only be one per person. Out in the actual world, they aren't, and real computer systems that actually do real work have to be able to deal with that shit.