Kansas City

Missouri governor vows criminal prosecution of reporter who found flaw in state website – Kansas City, Missouri

Kansas City, Missouri 2021-10-15 19:21:25 –

Missouri Governor Mike Parson during a press conference on February 5, 2021. // Provided by the Missouri Governor’s Office

St. Louis Post-Dispatch reporter on Tuesday Warned state that school teachers and managers’ social security numbers are vulnerable to public disclosure This is due to a flaw in the website maintained by the Missouri Ministry of Education.

The newspaper agreed to postpone the publication of the article while the department fixed the issue and protected the personal information of teachers in the state.

But by Thursday, Governor Mike Parson had named the post-dispatched reporter a “hacker” and vowed to seek criminal charges.

“The state hasn’t downplayed the issue,” Parson said in a rushed press conference Thursday. He then refused to ask any questions.

Mr Parson said he referred the case to the Cole County Prosecutor and asked the Missouri Highway Patrol to investigate.

“This administration is confronting any perpetrator who steals personal information and tries to harm the Mizurians,” he said.

According to post-dispatch, one of the reporters discovered a flaw in a web application that allowed the general public to search for teacher qualifications and qualifications. The personal information was not clearly visible, but the teacher’s social security number was included in the HTML source code of the page.

The state removed the search tool after being notified of the issue by post dispatch. It was unknown how long the Social Security number was vulnerable.

In a press release on Wednesday, the Department of Information Technology Services of the Department of Internal Affairs and Communications said, “Hackers keep records of at least three educators, decode HTML source code, and provide social security numbers for specific educators through a multi-step process. I confirmed it. ” educator. “

The state is unaware of the misuse of personal information or even improper access to information outside of this isolated incident.

Mr Parson said Thursday that he didn’t know why the reporter had access to the information. He claimed it was part of a “political game by what appears to be one of Missouri’s press.”

“The state promises to bring those who have hacked our system, and those who have helped and beaten us, to trial,” Parson said. “The state has confused the state. I’m trying to market the headlines of the press. ”

Republican Rep. Tony Lovasco has been involved in the deployment and maintenance of software, according to his legislative background. There is a fundamental misunderstanding in the governor’s office Both web technology and industry standard procedures for reporting security vulnerabilities.

“It’s not a criminal hack for journalists to responsibly warn of data privacy,” he said.

Chris Vickery, a California-based data security expert, told The Independent that the Ministry of Education “seems to publish data that shouldn’t be published.”

“It’s not a crime for journalists to discover it,” he said. “Putting a Social Security number in HTML, even if it’s” hidden rendered “HTML, is stupid for Missouri websites and is a kind of pain that has been happening since day one of the internet. That’s wrong. Exploits, hacks and vulnerabilities are not involved here. “

In explaining how he wants reporters and the press to be prosecuted, the person Falsification of computer data.. Vickery said the legislation would not work in this case because of a recent Supreme Court ruling in the case of Van Buren v. United States.

In that case, who is the court Accessing off-limits files and other information violates the law.. In Missouri, the state “publishes HTML sources to the public Internet, and because there are no passwords or other required forms of authentication challenge hurdles, the general public has the right to view its content for the following purposes: It can be reasonably assumed that there is a law related to crimes in the form of “computer breach”. “

After the dispatch, a statement was issued in response to a lawyer, who said, “We were responsible for reporting his findings to the Department of Elementary and Secondary Education so that the state could act to prevent disclosure and misuse. ..

“A hacker is someone who breaks the security of your computer with malicious or criminal intent,” the statement continued. “There was no firewall or security breach here, and no malicious intent. There is no reason for DESE to divert failure by calling it a” hack. ” Thankfully, these failures have been discovered. “

House minority leader Crystal Quad, D-Springfield, said he deserved praise for discovering problems rather than threats after the dispatch.

“The Governor should be angry that the state government is unable to keep its technology safe and up-to-date and work to resolve the issue,” she said.

Missouri Independence Is part of the States Newsroom, a network of news stations supported by grants and 501c (3) a coalition of donors as a public charity. Missouri Independence maintains editorial independence. For questions, please contact the editor Jason Hancock: info@missouriindependent.com.Follow Missouri Facebook When twitter..

Missouri governor vows criminal prosecution of reporter who found flaw in state website Source link Missouri governor vows criminal prosecution of reporter who found flaw in state website

Back to top button