Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
IT Technology

A Newspaper Informed Missouri About a Website Flaw. The Governor Accused it of 'Hacking' (washingtonpost.com) 120

On Thursday, Gov. Michael Parson (R) called a news conference to warn his state's citizens about a nefarious plot against a teachers' database by a reporter from the St. Louis Post-Dispatch. From a report: "Through a multistep process," Parson said with great solemnity, "an individual took the records of at least three educators, decoded the HTML source code and viewed the Social Security number of those specific educators."

[...] The Post-Dispatch report explains what their reporter, Josh Renaud, did to view the Social Security numbers of Missouri teachers on a website run by the state education department. (The website has been taken down; you can view an old version of it at the Internet Archive.) "Though no private information was clearly visible nor searchable on any of the web pages," the Post-Dispatch's report stated, "the newspaper found that teachers' Social Security numbers were contained in the HTML source code of the pages involved." In other words, it seems, a search tool for teacher credentials responded to searches by including a bunch of information, some of which was embedded in the source code of the page but not visible when just reading the page.

This discussion has been archived. No new comments can be posted.

A Newspaper Informed Missouri About a Website Flaw. The Governor Accused it of 'Hacking'

Comments Filter:
  • by nagora ( 177841 ) on Thursday October 14, 2021 @03:42PM (#61892899)

    Surely this retard has proven he is not capable of holding office in the 21st century.

    • by Registered Coward v2 ( 447531 ) on Thursday October 14, 2021 @03:45PM (#61892923)

      Surely this retard has proven he is not capable of holding office in the 21st century.

      BlNah. It seems to be prerequisite for (R)

    • I think people are misunderstanding his intention here.

      All he wants to do, as a reasonable idiot politician, is get his stupidity documented and on the official record.

      Thats it. And we should help him do that.

    • Or he thinks that the best form of defence is attack?
      • I would say the best defense is a good offense, but the Chiefs are skewing the data for me.
      • >Or he thinks that the best form of defence is attack?

        Depending on context, it's considered a valid strategy by image consultants and he may have been advised to say what he said because the average person is likely to believe that kind of spin.

    • by gtall ( 79522 ) on Thursday October 14, 2021 @04:03PM (#61893003)

      It's Missouri, he's eminently qualified given the standard of that state.

    • by taustin ( 171655 ) on Thursday October 14, 2021 @04:50PM (#61893189) Homepage Journal

      You've never been to Missouri, have you?

      This is the state that came within 5 votes of disbanding the Department of Motor Vehicles because some state senator's wife read on the internet that they were "conspiring with the UN to take our guns away." The bill made no provision to transfer DMV functions to any other agency. In other words, they came within 5 votes of making it illegal to drive a car in the state once the current tags expired.

      The governor (a previous one) actually had to veto a bill that would have made it a felony for federal law enforcement to enforce federal gun laws in the state, with every intention of arresting FBI agents doing their job. In a state that didn't secede from the Union in the Civil War because there were federal troops in the chamber when they voted on it.

      Frankly, the governor isn't, by far, the stupidest politician in the state.

      (I went to high school there. It's a great place to be from. And the farther from, the better.)

    • Surely this retard has proven he is not capable of holding office in the 21st century.

      It's sad when cousins marry.

    • Consider.
      Douglas Adams would disagree.

      Irony
      Because the reporter can read
      He can blame a teacher

    • by gnasher719 ( 869701 ) on Friday October 15, 2021 @03:13AM (#61894227)

      Surely this retard has proven he is not capable of holding office in the 21st century.

      I wouldn't say a governor has to be informed about what is hacking and what is informing the government of very open security flaws.

      What I would say is that he has been relying on advice of people who should know what they are talking about, and who he should remove from their positions advising him right now.

      That said, it seems the information they found is something that anybody with a Mac and an unmodified Safari browser would be able to find easily (turn on the "Develop" menu, select "Show Page Source"), and I bet most other browsers allow the same. I would say that anything that anyone with a widely distributed browser clicking on two menu items can do isn't "hacking".

      • That said, it seems the information they found is something that anybody with a Mac and an unmodified Safari browser would be able to find easily (turn on the "Develop" menu, select "Show Page Source"), and I bet most other browsers allow the same. I would say that anything that anyone with a widely distributed browser clicking on two menu items can do isn't "hacking".

        Or just Crtl+U in a browser on any other platform....

        Why are Macs so difficult to use?

    • Don't necessarily blame him. He's just saying what the incompetents who run the DESE website told him in order to cover up their own incompetence. Do you think a state governor has any idea what "the HTML source code" he's talking about actually is? He's just reading from someone else's script. What'll be interesting is his next move once independent sources inform him of what's really going on - if he sticks to the script then he's an idiot, if he says "I've had some proper advice now and we'll be drop
  • Oh piss off. (Score:4, Insightful)

    by nightflameauto ( 6607976 ) on Thursday October 14, 2021 @03:43PM (#61892909)

    If being able to right click and press "read source" is hacking I know some six year olds that are going down.

    WTF? Maybe if somebody doesn't have clue freakin' one about tech they should STFU and ask the experts. And whoever coded that web site is a god damned fool. You don't embed "private" info in HTML that way. There's so many levels to the wrong with this I may have to go take a walk to cool off. Fools coding sites and bigger fools spouting bullshit is a recipe of rage.

    • Re:Oh piss off. (Score:4, Insightful)

      by msauve ( 701917 ) on Thursday October 14, 2021 @03:50PM (#61892945)
      "they should STFU and ask the experts. "

      What makes you think he didn't? He probably asked the "experts" who coded that web page.
    • Show-Me state (Score:4, Insightful)

      by e3m4n ( 947977 ) on Thursday October 14, 2021 @03:53PM (#61892959)
      well Missouri is, after all, the show-me state. So the state complied by showing everyone's SSN; the reporter complied by showing the IT staff of the website the terrible flaw in the design, and the Governor complied by showing the entire world just how retarded he is. This is as much hacking as recognizing the color of a car is tantamount to stealing paint. Its like charging the victim of some pervert flasher with stalking. Maybe everyone should call the governors office and leave a message as to what an idiot he is. When his phone lines get DoS'd from congestion it will likely make news. Then they will have to report the original story of the Governor failing rule #3. You have to be 10% smarter than the equipment you're operating. Maybe the EFF will step in on this one.
  • Fairly typical (Score:4, Interesting)

    by Baconsmoke ( 6186954 ) on Thursday October 14, 2021 @03:43PM (#61892911)
    Attack the people that point out your flaws. This has been business as usual in politics and the corporate world forever. Kind of depressing we haven't found a way to move past that.
    • by gtall ( 79522 )

      He and his political buddies might be just stupid enough to think it is hacking. Certainly if they checked with any of their universities, they'd have been set straight. So now we just don't know if it was mere stupidity or was an attack on the messenger.

  • Failing to teach our children how computers work beyond "point there, click here" is a form of stupidity.

    It's the digital equivalent of teaching agriculture by hyping Brawndo.

    • Not even beyond "point here, click here". Point anywhere, click "View source code". That's being called "hacking" here... It's beyond stupidity, actually.
      • by RightwingNutjob ( 1302813 ) on Thursday October 14, 2021 @07:22PM (#61893621)

        You know, I've lived in the US for almost 30 years but I was raised in an immigrant family. And the thing they keep telling me now that I'm an adult is how taken aback they were with the anti-intellectualism they saw when they came here and sent me to school.

        What tipped them over the edge from awe-struck admiration of the richest, freest nation on Earth to cold self-interested cynism was when little 8-year-old me, after learning English and going to the Philadelphia public school system and watching American broadcast TV and basic cable for a few months, explained to them the distinction between what a "nerd" and a "cool kid" was.

        It absolutely floored them. Perhaps they were sheltered in their social group, perhaps it was rose-colored nostalgia, but they all came up in a time and a place where scientists and mathematicians and doctors and chess players were held up as heroes. Heroes of the Soviet Union, but heroes nonetheless.

        The stuffing nerds into lockers and giving them swirlies thing one sees in 80s movies never happened in the 90s and 2000s. I'm not sure it ever happened irl, tbh, but the aspiration to be an Allen Iverson or a Donovan McNabb or a pre-roids Mark McGwire--because who under 20 had even ever heard of Richard Feynman or Rudolph Kalman or William Shockley?--that was very very real, even in a white collar middle class suburb where 98% of high school graduates went to some kind of college and became lawyers and realtors and accountants and a few doctors and Hollywood screenwriters and scientists too.

        I like to knock the woke "we need representation!" nonsense, but at the core of the nonsense is a little kernel of truth: kids need to see real life scientists and engineers and intellectuals as heroes, not as footnotes to history whose name they might see once by the end of university. If kids (and adults) also have the maturity to see themselves in people who don't necessarily look like themselves, all the better, but anything that doesn't look like everyone planning to be a basketball star even though they're barely average height would be an marked social improvement.

        • The stuffing nerds into lockers and giving them swirlies thing one sees in 80s movies never happened in the 90s and 2000s. I'm not sure it ever happened irl, tbh, *snip*

          As a kid in the seventies and eighties? Oh yeah. All that and more.

          • Heh.

            The nerds with those particular chips on their shoulders went on to do great things and build successful businesses.

            The nerds of my day and later seemed to have taken jobs at these businesses and proceeded to find new and innovative ways to be offended at life.

            Oy.

  • by Revek ( 133289 ) on Thursday October 14, 2021 @03:47PM (#61892935)
    Seriously, how is it not libel to accuse someone of that falsely?
    • by 93 Escort Wagon ( 326346 ) on Thursday October 14, 2021 @04:35PM (#61893129)

      Libel requires that you knowingly make a false claim. This guy is protected by his stupidity.

      • by taustin ( 171655 )

        Not really true. The statement has to be untrue, and cause harm, and the person making it has to either know it's untrue, or should know it's untrue. Given that he has a lot of advisors whose it is specifically to know what BS he's shoveling, stupidity isn't a defense.

        However, I suspect that, as governor, he has personal immunity for actions taken in that capacity.

      • by Yvanhoe ( 564877 )
        I think we should assume that people like governors, who have access to experts and are actually required to run through them before making statements in domains they do not know, are liable when they did not do the job. Assume this person should have known and sue accordingly.
    • Because libel is for written material. What you see here is slander.

  • the GOP cares about education.

  • by Anonymous Crowded ( 6202674 ) on Thursday October 14, 2021 @03:53PM (#61892957)
    You will forever be known as the "decoded the HTML source code" guy.

    Meet your colleagues: Rick Romero, "Wide Stance" guy, and "Series of Tubes guy" If you need someone to show you the ropes around here, I'm sure Al Gore can explain a bunch of stuff to you.
    • He forgot to be accompanied by an average teenager to explain things to him.

    • Don't forget the Jerry Taylor (Tuttle City manager?) "CentOs hacked our server" thing.
    • by HiThere ( 15173 )

      That's unfair to Al Gore. He actually *did* contribute to getting the internet started in the US. True, it was by getting together a committee to vote funds, but that *was* a significant contribution.

      • That's unfair to Al Gore. He actually *did* contribute to getting the internet started in the US. True, it was by getting together a committee to vote funds, but that *was* a significant contribution.

        I needed a 'comedic third' and let's face it, that's the important thing :D

  • In other news, (Score:5, Informative)

    by jenningsthecat ( 1525947 ) on Thursday October 14, 2021 @03:56PM (#61892973)

    someone somewhere in Missouri picked up a lost wallet, looked inside for ID so the wallet could be returned, saw a driver's licence and a social security card, and returned the wallet to its rightful owner. The good Samaritan is now being held by police and faces charges for identity theft.

    • Not many people know this, but you can drop a wallet into any USPS mail box, and they will deliver it to the address on the ID.
  • If they were truly being white-hat hackers, they would have informed the state quietly and discretely so they could fix the problem. If they just went public with this information, then their being obnoxious. If they were discrete and the state did nothing, fair game.

    • by Anonymous Coward

      It was the Governor who went public with this information.

    • by unixcorn ( 120825 ) on Thursday October 14, 2021 @04:22PM (#61893077)

      That's exactly what the reporter did. He told the state there was a problem and agreed to hold off printing his article until they fixed it.

      • by vbdasc ( 146051 )

        agreed to hold off printing his article until they fixed it.

        This sounds like extortion.

    • by I75BJC ( 4590021 ) on Thursday October 14, 2021 @04:47PM (#61893179)
      According to the Missiouri Independent news source, the reporter or newspaper gave this information to the State of Missouri. After the State of Missouri fixed the issue, the newspaper published the story.
      So it appears that the reporter/newspapers were "white hats" and the State was a "white hat" by finally fixing the problem.
      The Governor appears to be nutso, IMHO.
      • by ksw_92 ( 5249207 )

        So, if we're counting hats here I see two "white hats" and one "ass hat"? The ratio sounds a little low for me, given that environment.

    • Man, it's too bad there wasn't a link you could click to read about the story. I guess posting here asking is the best you can do.

    • If they were truly being white-hat hackers, they would have informed the state quietly and discretely so they could fix the problem.

      They were not white-hat hackers. They were not hackers of any sort. They used a menu on their browser. On a Mac with Safari, it's actually two menu items "Show Developer Menu" and then "Show Page Source" in the develop menu. Not hacking.

      • by Anonymous Coward

        considering you are using a Mac with Safari, I don't think you qualify to tell us what hacking is or is not.

  • Comment removed based on user account deletion
    • "Hey so it turns out the locks on your front door aren't that safe and can be easily tampered with/destroyed, allowing a burglar to easily gain access to your home"

      That is actually true. The windows are probably glass, too.

    • Poor Governor, he does try so very hard

      As I believe they say in Missouri, *bless his heart*

    • by mark-t ( 151149 )
      No, it's more like "Actually, I simply noticed that the screws that hold the lock in place are on the exterior of the building, and so anyone with a friggen screwdriver could remove it and gain access" The comparison doesn't work exactly because screws on the outside would be visible to everyone, where this guy happened to see a problem simply because he knew where to look, but the general idea is therre.
      • Closer to "Actually, the screws were already removed and simply touching the doorknob would make it fall off and the door open of its own accord."

  • by WillAffleckUW ( 858324 ) on Thursday October 14, 2021 @04:11PM (#61893033) Homepage Journal

    Oh no, I right clicked on a web page and Viewed Source ... It says the "Governor Is An Idiot And Should Be Replaced".

    He probably tries to push on Pull doors.

  • "decoded the social security numbers from the HTML source code of the pages involved"

    Damn, I have not compiled my web pages, nor put private information in clear text. Thanks Gov. Michael Parson for bringing this to may attention.

  • by nuckfuts ( 690967 ) on Thursday October 14, 2021 @04:15PM (#61893055)
    someone hacked into information at the library by opening the covers of a book and decoding the contents inside.
  • by UnknowingFool ( 672806 ) on Thursday October 14, 2021 @04:16PM (#61893063)
    The "IT" manager of Tuttle, Oklahoma threatened to call the FBI [theregister.com] on CentOs because the city website had been "hacked". The evidence: The city website page had been replaced with the standard Apache/CentOs web server configuration boilerplate page. Clearly those CentOS goons would have gotten away with it if not for that IT manager.
    • City manager, not IT manager, although he did claim 22 years of "computer systems engineering" experience.

  • A Newspaper Informed Missouri About a Website Flaw. The Governor Accused it of 'Hacking'

    What do you expect from a bunch of people who think the internet is a series of tubes that was created by the international communist cabal to censor the right wing?

    #censorsip #victim #crymeariver

  • by oddaddresstrap ( 702574 ) on Thursday October 14, 2021 @04:29PM (#61893107)

    In other words, the reporter knew how to:
    1) right-click
    2) read

    • Lol, no, it's far, FAR more fucking complicated than that!

      You missed the real step #2: Select 'View page source' and left click on it.

      I mean, what you wrote is a very childish understanding of how hard it is to decode the HTML of a webpage. In reality it's 50% more complicated than this.

      • ... it's 50% more complicated than this.

        That's why they missed a step, so there isn't a glut of copy-cat killers, I mean, script-kiddies committing this exact crime.

  • That's one keypress to view source on a page. If that's hacking, then everyone in the world is a potential hacker.
    Some animals too.

  • Freedom of Press and whistleblower protection laws may make get them off the hook for an legal issues

  • Comment removed based on user account deletion
  • by quonset ( 4839537 ) on Thursday October 14, 2021 @04:51PM (#61893191)

    The reporter did their job in notifying them of the flaw, and of course the first thing a Republican would do is demonize them. After all, why do we need a free and open press reporting on the crimes of politicians, or reporting their comments word for word?

    Better to follow the lead of Russia and only have one or two approved sources of news. You know, so only the correct message gets out.

    Considering the Governor of Missouri, like many other Republican governors, is vowed and determined to kill as many people as possible through covid, this reaction should not be unexpected.

  • Look, most people are clueless on technology. 99.9999% of people who use the internet don't know what html is, or "view source", or anything else about web pages.

    The governor was told by someone in his staff that this hack took place and he ran with it. It will all get sorted out eventually.

    • Thanks for one of the dumbest statements I've read on the internet in awhile! Congratuations!

      Do you not know what states and governors are? Are you unaware that they have entire statewide IT departments? Legal council on staff?

      Are you unaware that a governor actually gets to choose the people he surrounds himself with, and he can choose to be surrounded by either experts or fucking morons?

      So either he surrounded himself with fucking morons, or he surrounded himself with experts he won't listen to.

      Your stupi

      • And your "stupid fucking over-reaction" is part of the reason people can't even talk to one another anymore. A non-technical person didn't understand how something technical works, and made a bad decision. Yeah, that never happens in my world.

    • I read the article, and I definitely don't blame the governor -- except for not checking with more than one expert, first. Which, as a rule, one should of course always do. But props for understanding that private information published on public resources can be misused! Being wary of that when you're in a position of public trust is to be highly praised.

      The WaPo article itself takes a similarly gracious stance with the governor, it doesn't condemn, instead it uses it as an opportunity to explain what HTML

  • ... took the records of at least three educators ...

    The problem isn't 'records' were placed where anyone can see, it's someone did see. Technically, it's not even that, like a naked selfie, it's someone showed everyone else. He's complaining it's not his fault when security by obscurity doesn't work.

    • "I put those naked selfies in an unmarked manila folder on the break room table. That person who opened the manila folder to see what it was clearly violated my privacy by seeing the photos before closing the folder quickly!"

  • ssn's are the users id? / in an public facing db that the web engine has access to?

    • 451: Unavailable due to legal reasons

      We recognize you are attempting to access this website from a country belonging to the European Economic Area (EEA) including the EU which enforces the General Data Protection Regulation (GDPR) and therefore access cannot be granted at this time. For any issues, contact sitehelp@stltoday.com or call 314-340-8000.

  • how meny job application sites have the same type of issues?

  • Parson is dumbass

    Please engage self control, or ask someone involved first.

    dumbass
  • I think newspapers are catching up with what techs have learned over the years. Unless they are offering a bounty for finding a flaw or unless it affects you, don't tell them otherwise you will be blamed.

    Since people acted that way when techs were being charitable and doing the right thing - it's their problem.

  • Ironic. Missouri State slogan: https://www.sos.mo.gov/archive... [mo.gov]

    "... However the slogan originated, it has since passed into a different meaning entirely, and is now used to indicate the stalwart, conservative, noncredulous character of Missourians."

  • by evil_aaronm ( 671521 ) on Thursday October 14, 2021 @11:23PM (#61894007)
    We have signs at carnival rides that say, "You must be this tall to ride this ride." For elected positions, why do we not have signs that say, "You must be this smart to hold this position"?
  • I am slightly surprised that he didn't note that this elite hacker was an agent for Russia, China, or both.

  • It's just very very low grade hacking, and was done in a responsible way, with responsible disclosure, and no abuse of accessed data, which means it should not be punished.

  • The CEO who runs a company neither codes for the company's website or any of its associated applications, databases, etc., nor does he know how. When something happens, he asks the people who 'do' those things. When those people have fucked up, they will often spin some bullshit rather than admit their mistake, which that CEO will then often rely on because that is the reason those people were hired in the first place. This is why the jokes behind BOFH stories are funny. I almost feel dumber for having had
    • by catprog ( 849688 )

      In this case it could very well be the explanation they gave was "They viewed the html source code". Then as it went up through the chain at some point someone saw the word code and went to hacking.

If you steal from one author it's plagiarism; if you steal from many it's research. -- Wilson Mizner

Working...