A Newspaper Informed Missouri About a Website Flaw. The Governor Accused it of 'Hacking' (washingtonpost.com) 120
On Thursday, Gov. Michael Parson (R) called a news conference to warn his state's citizens about a nefarious plot against a teachers' database by a reporter from the St. Louis Post-Dispatch. From a report: "Through a multistep process," Parson said with great solemnity, "an individual took the records of at least three educators, decoded the HTML source code and viewed the Social Security number of those specific educators."
[...] The Post-Dispatch report explains what their reporter, Josh Renaud, did to view the Social Security numbers of Missouri teachers on a website run by the state education department. (The website has been taken down; you can view an old version of it at the Internet Archive.) "Though no private information was clearly visible nor searchable on any of the web pages," the Post-Dispatch's report stated, "the newspaper found that teachers' Social Security numbers were contained in the HTML source code of the pages involved." In other words, it seems, a search tool for teacher credentials responded to searches by including a bunch of information, some of which was embedded in the source code of the page but not visible when just reading the page.
[...] The Post-Dispatch report explains what their reporter, Josh Renaud, did to view the Social Security numbers of Missouri teachers on a website run by the state education department. (The website has been taken down; you can view an old version of it at the Internet Archive.) "Though no private information was clearly visible nor searchable on any of the web pages," the Post-Dispatch's report stated, "the newspaper found that teachers' Social Security numbers were contained in the HTML source code of the pages involved." In other words, it seems, a search tool for teacher credentials responded to searches by including a bunch of information, some of which was embedded in the source code of the page but not visible when just reading the page.
Isn't there some law about mental incapacity (Score:5, Insightful)
Surely this retard has proven he is not capable of holding office in the 21st century.
Re:Isn't there some law about mental incapacity (Score:5, Insightful)
Surely this retard has proven he is not capable of holding office in the 21st century.
BlNah. It seems to be prerequisite for (R)
Re: (Score:2, Insightful)
lol it does not matter how many investigations found nothing, or how many hours Hillary was deposed, you will just remember what some fox/rwradio talking head said
I applaud you sir, for being a demonstrable idiot
Re: (Score:1, Informative)
> https://www.cnn.com/2016/07/05... [cnn.com]
So much as dropping a USB with state secrets routinely put enlisted members (of the US Army) in military prison.
The FBI Director declined to prosecute someone he thought would be his boss, shortly.
Your memory is bad, or you're ignorant to how the world works.
> I applaud you sir, for being a demonstrable idiot
Things idiots say to make themselves feel better about their lot. GL kiddo.
Re: Isn't there some law about mental incapacity (Score:1)
No, you're definitely the idiot. If I remember correctly (and I do), Clinton was following the standard procedure of the day. Later, after that procedure was changed, people made a federal case out of her not following the new policy back in the day before the new policy was even written. Apparently, she was supposed to be a psychic or some shit, and she wasn't, and idiots glommed onto it like it was something super nefarious. It wasn't. People just hadn't figured out technology yet.
Oh, except there were th
Re: (Score:2)
The email servers might not have been completely illegal but it circumvented the registration of the emails as governmental documents causing room for deniability where there shouldn't be.
And you never know what kind of mails you'll receive when in a high profile official position.
Re: (Score:2)
Clinton was following the standard procedure of the day.
No, that is extremely and demonstrably false. Running one's own email server was absolutely not the standard. Some others were doing it, but it was not the norm. Clinton started doing it on Colin Powell's advice, specifically on the subject of avoiding discovery [vox.com]. We know that email was deleted from the server deliberately, and for reasons other than spam, so it seems that it was in fact used for this specific purpose.
I am extremely anti-Trump and believe that Clinton would have been a better 45 if only beca
Re: (Score:3)
I think people are misunderstanding his intention here.
All he wants to do, as a reasonable idiot politician, is get his stupidity documented and on the official record.
Thats it. And we should help him do that.
Re: Isn't there some law about mental incapacity (Score:2)
Re: (Score:2)
Re: (Score:2)
>Or he thinks that the best form of defence is attack?
Depending on context, it's considered a valid strategy by image consultants and he may have been advised to say what he said because the average person is likely to believe that kind of spin.
Re:Isn't there some law about mental incapacity (Score:5, Insightful)
It's Missouri, he's eminently qualified given the standard of that state.
Re:Isn't there some law about mental incapacity (Score:5, Informative)
You've never been to Missouri, have you?
This is the state that came within 5 votes of disbanding the Department of Motor Vehicles because some state senator's wife read on the internet that they were "conspiring with the UN to take our guns away." The bill made no provision to transfer DMV functions to any other agency. In other words, they came within 5 votes of making it illegal to drive a car in the state once the current tags expired.
The governor (a previous one) actually had to veto a bill that would have made it a felony for federal law enforcement to enforce federal gun laws in the state, with every intention of arresting FBI agents doing their job. In a state that didn't secede from the Union in the Civil War because there were federal troops in the chamber when they voted on it.
Frankly, the governor isn't, by far, the stupidest politician in the state.
(I went to high school there. It's a great place to be from. And the farther from, the better.)
Re: (Score:2)
The bill made no provision to transfer DMV functions to any other agency. In other words, they came within 5 votes of making it illegal to drive a car in the state once the current tags expired.
Umm, no. That sounds more like they came within 5 votes of making it legal to drive a car in the state without having to deal with the DMV. Damned shame it didn't pass!
The governor (a previous one) actually had to veto a bill that would have made it a felony for federal law enforcement to enforce federal gun laws in the state, with every intention of arresting FBI agents doing their job.
Wow, nice! That state sounds better and better every time you try to denigrate it.
No, they would have abolished the offices for renewing licenses and tags, not the need to do so.
Re: Isn't there some law about mental incapacity (Score:2)
No, they would have abolished the offices for renewing licenses and tags, not the need to do so
Likely not.
If they had actually gone through with it, and been so stupid as to not also repeal the laws in the State requiring that Contract (License) in order to drive, any first year law student could make a case defending anyone ticketed for "Driving without a license/registration" on the basis of the State putting its Citizens in such a clearly Catch-22 position.
Re: (Score:2)
They were removing the ability to get tags without removing the requirement to have them.
They weren't disbanding the highway patrol.
The governor (a previous one) actually had to veto a bill that would have made it a felony for federal law enforcement to enforce federal gun laws in the state, with every intention of arresting FBI agents doing their job.
Wow, nice! That state sounds better and better every time you try to denigrate it.
Tell that to the 600,000 people who died the last time states took up arms against the feds. But I'm certain you're far too chicken to put your ass on the line.
Re: (Score:2)
Surely this retard has proven he is not capable of holding office in the 21st century.
It's sad when cousins marry.
Re: Isn't there some law about mental incapacity (Score:2)
Consider.
Douglas Adams would disagree.
Irony
Because the reporter can read
He can blame a teacher
Re:Isn't there some law about mental incapacity (Score:4, Insightful)
Surely this retard has proven he is not capable of holding office in the 21st century.
I wouldn't say a governor has to be informed about what is hacking and what is informing the government of very open security flaws.
What I would say is that he has been relying on advice of people who should know what they are talking about, and who he should remove from their positions advising him right now.
That said, it seems the information they found is something that anybody with a Mac and an unmodified Safari browser would be able to find easily (turn on the "Develop" menu, select "Show Page Source"), and I bet most other browsers allow the same. I would say that anything that anyone with a widely distributed browser clicking on two menu items can do isn't "hacking".
Re: (Score:2)
That said, it seems the information they found is something that anybody with a Mac and an unmodified Safari browser would be able to find easily (turn on the "Develop" menu, select "Show Page Source"), and I bet most other browsers allow the same. I would say that anything that anyone with a widely distributed browser clicking on two menu items can do isn't "hacking".
Or just Crtl+U in a browser on any other platform....
Why are Macs so difficult to use?
Re: (Score:3)
Oh piss off. (Score:4, Insightful)
If being able to right click and press "read source" is hacking I know some six year olds that are going down.
WTF? Maybe if somebody doesn't have clue freakin' one about tech they should STFU and ask the experts. And whoever coded that web site is a god damned fool. You don't embed "private" info in HTML that way. There's so many levels to the wrong with this I may have to go take a walk to cool off. Fools coding sites and bigger fools spouting bullshit is a recipe of rage.
Re:Oh piss off. (Score:4, Insightful)
What makes you think he didn't? He probably asked the "experts" who coded that web page.
Re:Oh piss off. (Score:4, Insightful)
Being ignorant is a source of pride nowadays. He didn't consult anyone.
Show-Me state (Score:4, Insightful)
Re: Show-Me state (Score:2)
Email him your SSN and charge him with having when he sees it.
Re: Show-Me state (Score:2)
Email him your SSN and charge him with hacking when he sees it.
Re: (Score:2)
Re: (Score:2)
ROT13. Twice. Pre-hacked and you can still technically call it hacking since it was run through "encryption".
I just seriously have my doubts mirroring is something his brain could comprehend.
Fairly typical (Score:4, Interesting)
Re: (Score:3)
He and his political buddies might be just stupid enough to think it is hacking. Certainly if they checked with any of their universities, they'd have been set straight. So now we just don't know if it was mere stupidity or was an attack on the messenger.
Stupidity is a strategic weakness (Score:2)
Failing to teach our children how computers work beyond "point there, click here" is a form of stupidity.
It's the digital equivalent of teaching agriculture by hyping Brawndo.
Re: (Score:3)
Re: Stupidity is a strategic weakness (Score:5, Insightful)
You know, I've lived in the US for almost 30 years but I was raised in an immigrant family. And the thing they keep telling me now that I'm an adult is how taken aback they were with the anti-intellectualism they saw when they came here and sent me to school.
What tipped them over the edge from awe-struck admiration of the richest, freest nation on Earth to cold self-interested cynism was when little 8-year-old me, after learning English and going to the Philadelphia public school system and watching American broadcast TV and basic cable for a few months, explained to them the distinction between what a "nerd" and a "cool kid" was.
It absolutely floored them. Perhaps they were sheltered in their social group, perhaps it was rose-colored nostalgia, but they all came up in a time and a place where scientists and mathematicians and doctors and chess players were held up as heroes. Heroes of the Soviet Union, but heroes nonetheless.
The stuffing nerds into lockers and giving them swirlies thing one sees in 80s movies never happened in the 90s and 2000s. I'm not sure it ever happened irl, tbh, but the aspiration to be an Allen Iverson or a Donovan McNabb or a pre-roids Mark McGwire--because who under 20 had even ever heard of Richard Feynman or Rudolph Kalman or William Shockley?--that was very very real, even in a white collar middle class suburb where 98% of high school graduates went to some kind of college and became lawyers and realtors and accountants and a few doctors and Hollywood screenwriters and scientists too.
I like to knock the woke "we need representation!" nonsense, but at the core of the nonsense is a little kernel of truth: kids need to see real life scientists and engineers and intellectuals as heroes, not as footnotes to history whose name they might see once by the end of university. If kids (and adults) also have the maturity to see themselves in people who don't necessarily look like themselves, all the better, but anything that doesn't look like everyone planning to be a basketball star even though they're barely average height would be an marked social improvement.
Re: (Score:3)
The stuffing nerds into lockers and giving them swirlies thing one sees in 80s movies never happened in the 90s and 2000s. I'm not sure it ever happened irl, tbh, *snip*
As a kid in the seventies and eighties? Oh yeah. All that and more.
Re: Stupidity is a strategic weakness (Score:2)
Heh.
The nerds with those particular chips on their shoulders went on to do great things and build successful businesses.
The nerds of my day and later seemed to have taken jobs at these businesses and proceeded to find new and innovative ways to be offended at life.
Oy.
Sue his office for defamation (Score:5, Interesting)
Re:Sue his office for defamation (Score:5, Informative)
Libel requires that you knowingly make a false claim. This guy is protected by his stupidity.
Re: (Score:2)
Not really true. The statement has to be untrue, and cause harm, and the person making it has to either know it's untrue, or should know it's untrue. Given that he has a lot of advisors whose it is specifically to know what BS he's shoveling, stupidity isn't a defense.
However, I suspect that, as governor, he has personal immunity for actions taken in that capacity.
Re: (Score:2)
Re: (Score:3)
Because libel is for written material. What you see here is slander.
The only time (Score:2)
the GOP cares about education.
Re: (Score:3)
Yes, because they rightly fear it and want to find a way to get rid of education.
Welcome Michael Parson (Score:3)
Meet your colleagues: Rick Romero, "Wide Stance" guy, and "Series of Tubes guy" If you need someone to show you the ropes around here, I'm sure Al Gore can explain a bunch of stuff to you.
Re: (Score:2)
He forgot to be accompanied by an average teenager to explain things to him.
Re: Welcome Michael Parson (Score:1)
Re: (Score:2)
That's unfair to Al Gore. He actually *did* contribute to getting the internet started in the US. True, it was by getting together a committee to vote funds, but that *was* a significant contribution.
Re: (Score:2)
That's unfair to Al Gore. He actually *did* contribute to getting the internet started in the US. True, it was by getting together a committee to vote funds, but that *was* a significant contribution.
I needed a 'comedic third' and let's face it, that's the important thing :D
In other news, (Score:5, Informative)
someone somewhere in Missouri picked up a lost wallet, looked inside for ID so the wallet could be returned, saw a driver's licence and a social security card, and returned the wallet to its rightful owner. The good Samaritan is now being held by police and faces charges for identity theft.
Re: (Score:1)
Did the paper go public with this? (Score:2)
If they were truly being white-hat hackers, they would have informed the state quietly and discretely so they could fix the problem. If they just went public with this information, then their being obnoxious. If they were discrete and the state did nothing, fair game.
Re: (Score:1)
It was the Governor who went public with this information.
Re:Did the paper go public with this? (Score:5, Informative)
That's exactly what the reporter did. He told the state there was a problem and agreed to hold off printing his article until they fixed it.
Re: (Score:2)
agreed to hold off printing his article until they fixed it.
This sounds like extortion.
Re:Did the paper go public with this? (Score:4, Insightful)
So it appears that the reporter/newspapers were "white hats" and the State was a "white hat" by finally fixing the problem.
The Governor appears to be nutso, IMHO.
Re: (Score:2)
So, if we're counting hats here I see two "white hats" and one "ass hat"? The ratio sounds a little low for me, given that environment.
Re: (Score:2)
Man, it's too bad there wasn't a link you could click to read about the story. I guess posting here asking is the best you can do.
Paywall fatigue (Score:2)
I guess some of us are too used to seeing a link to add yet another subscription instead of a link to the article.
Re: (Score:3)
If they were truly being white-hat hackers, they would have informed the state quietly and discretely so they could fix the problem.
They were not white-hat hackers. They were not hackers of any sort. They used a menu on their browser. On a Mac with Safari, it's actually two menu items "Show Developer Menu" and then "Show Page Source" in the develop menu. Not hacking.
Re: (Score:1)
considering you are using a Mac with Safari, I don't think you qualify to tell us what hacking is or is not.
Re: (Score:1)
Re: (Score:2)
"Hey so it turns out the locks on your front door aren't that safe and can be easily tampered with/destroyed, allowing a burglar to easily gain access to your home"
That is actually true. The windows are probably glass, too.
Re: (Score:1)
Poor Governor, he does try so very hard
As I believe they say in Missouri, *bless his heart*
Re: (Score:2)
Re: (Score:2)
Closer to "Actually, the screws were already removed and simply touching the doorknob would make it fall off and the door open of its own accord."
Oh noes I right clicked on a web page (Score:3)
Oh no, I right clicked on a web page and Viewed Source ... It says the "Governor Is An Idiot And Should Be Replaced".
He probably tries to push on Pull doors.
Oh no, I've been doing it wrong! (Score:2)
"decoded the social security numbers from the HTML source code of the pages involved"
Damn, I have not compiled my web pages, nor put private information in clear text. Thanks Gov. Michael Parson for bringing this to may attention.
In a similar incident... (Score:5, Insightful)
Remember Tuttle, Oklahoma? (Score:5, Funny)
Re: (Score:2)
City manager, not IT manager, although he did claim 22 years of "computer systems engineering" experience.
And? (Score:2)
A Newspaper Informed Missouri About a Website Flaw. The Governor Accused it of 'Hacking'
What do you expect from a bunch of people who think the internet is a series of tubes that was created by the international communist cabal to censor the right wing?
#censorsip #victim #crymeariver
"Decoded" the HTML source code... (Score:3)
In other words, the reporter knew how to:
1) right-click
2) read
Re: (Score:3)
Lol, no, it's far, FAR more fucking complicated than that!
You missed the real step #2: Select 'View page source' and left click on it.
I mean, what you wrote is a very childish understanding of how hard it is to decode the HTML of a webpage. In reality it's 50% more complicated than this.
Re: (Score:2)
That's why they missed a step, so there isn't a glut of copy-cat killers, I mean, script-kiddies committing this exact crime.
Good old F12 (Score:1)
That's one keypress to view source on a page. If that's hacking, then everyone in the world is a potential hacker.
Some animals too.
Freedom of Press and whistleblower protectio (Score:2)
Freedom of Press and whistleblower protection laws may make get them off the hook for an legal issues
Re: (Score:2)
Re: (Score:1)
Blame the messenger (Score:3)
The reporter did their job in notifying them of the flaw, and of course the first thing a Republican would do is demonize them. After all, why do we need a free and open press reporting on the crimes of politicians, or reporting their comments word for word?
Better to follow the lead of Russia and only have one or two approved sources of news. You know, so only the correct message gets out.
Considering the Governor of Missouri, like many other Republican governors, is vowed and determined to kill as many people as possible through covid, this reaction should not be unexpected.
I cant read the article, I don't blame the gov (Score:1)
Look, most people are clueless on technology. 99.9999% of people who use the internet don't know what html is, or "view source", or anything else about web pages.
The governor was told by someone in his staff that this hack took place and he ran with it. It will all get sorted out eventually.
Re: (Score:3)
Thanks for one of the dumbest statements I've read on the internet in awhile! Congratuations!
Do you not know what states and governors are? Are you unaware that they have entire statewide IT departments? Legal council on staff?
Are you unaware that a governor actually gets to choose the people he surrounds himself with, and he can choose to be surrounded by either experts or fucking morons?
So either he surrounded himself with fucking morons, or he surrounded himself with experts he won't listen to.
Your stupi
Re: (Score:2)
And your "stupid fucking over-reaction" is part of the reason people can't even talk to one another anymore. A non-technical person didn't understand how something technical works, and made a bad decision. Yeah, that never happens in my world.
Re: (Score:2)
I read the article, and I definitely don't blame the governor -- except for not checking with more than one expert, first. Which, as a rule, one should of course always do. But props for understanding that private information published on public resources can be misused! Being wary of that when you're in a position of public trust is to be highly praised.
The WaPo article itself takes a similarly gracious stance with the governor, it doesn't condemn, instead it uses it as an opportunity to explain what HTML
A naked selfie (Score:2)
The problem isn't 'records' were placed where anyone can see, it's someone did see. Technically, it's not even that, like a naked selfie, it's someone showed everyone else. He's complaining it's not his fault when security by obscurity doesn't work.
Re: (Score:2)
"I put those naked selfies in an unmarked manila folder on the break room table. That person who opened the manila folder to see what it was clearly violated my privacy by seeing the photos before closing the folder quickly!"
ssn's are the users id? / in an public facing db (Score:2)
ssn's are the users id? / in an public facing db that the web engine has access to?
Re: (Score:2)
Most places stopped doing this in the 90s, early 2000s at the latest....
More Info without the Paywall (Score:2)
Re: (Score:2)
451: Unavailable due to legal reasons
We recognize you are attempting to access this website from a country belonging to the European Economic Area (EEA) including the EU which enforces the General Data Protection Regulation (GDPR) and therefore access cannot be granted at this time. For any issues, contact sitehelp@stltoday.com or call 314-340-8000.
how meny job application sites have the same type (Score:2)
how meny job application sites have the same type of issues?
Came here to say.. (Score:2)
Please engage self control, or ask someone involved first.
dumbass
Just Don't (Score:2)
I think newspapers are catching up with what techs have learned over the years. Unless they are offering a bounty for finding a flaw or unless it affects you, don't tell them otherwise you will be blamed.
Since people acted that way when techs were being charitable and doing the right thing - it's their problem.
Missouri is the 'Show Me State" (Score:2)
"... However the slogan originated, it has since passed into a different meaning entirely, and is now used to indicate the stalwart, conservative, noncredulous character of Missourians."
In the interest of safety... (Score:3)
Re: (Score:2)
Elections have never been about intelligence. They're all about popularity and charisma.
Not Russia or China? (Score:2)
I am slightly surprised that he didn't note that this elite hacker was an agent for Russia, China, or both.
Re: (Score:2)
The reporter once ordered Chinese food and since you are what you eat, that makes him a Chinese hacker!
It IS hacking (Score:2)
It's just very very low grade hacking, and was done in a responsible way, with responsible disclosure, and no abuse of accessed data, which means it should not be punished.
How the world works (Score:2)
Re: (Score:2)
In this case it could very well be the explanation they gave was "They viewed the html source code". Then as it went up through the chain at some point someone saw the word code and went to hacking.