Missouri Governor Mike Parson threatened to sue the St. Louis Post reporter on Thursday and seek civil compensation. The reporter discovered a security breach that exposed the social security numbers of teachers and other school employees. He claimed that the reporter was a “hacker” and that the report only It is nothing more than “political vendetta” and “attempts to embarrass the country and sell headlines for their news media.” The Republican governor also vowed to hold Post-Dispatch “responsible” for the alleged crimes that helped the state find and solve problems. Security breach This may hurt teachers.
Although Parson’s description of a safety report that usually does not cause particular controversy is surprising, it seems that Post-Dispatch deals with the problem in a way that prevents harm to school employees, while encouraging the state to shut down what a safety professor said ” Thinking”-Incredible” vulnerability. Josh Renaud is a Post-Dispatch Web developer and also writes articles, he wrote in an article Report released on Wednesday More than 100,000 social security numbers have vulnerabilities in “web applications that allow the public to search for teacher certificates and certificates.” The social security numbers of school administrators and counselors are also vulnerable.
The report stated: “Although there is no clearly visible or searchable private information on any web page, the newspaper found that the teacher’s social security number is contained in the HTML source code of the relevant page.”
Post-Dispatch seems to do something completely ethical Security researcher It is usually done in these situations: give the vulnerable organization time to close the vulnerability before making it public.
The article said: “The newspaper postponed the publication of this report to allow the department time to take measures to protect teachers’ private information, and to allow the state to ensure that other institutions’ web applications do not contain similar loopholes.” The news report was in “the department” The affected page was removed from its website” posted a day later.
At the time of writing, DESE’s Educator Certificate Checker It is “downtime for maintenance.”
Governor: The reporter tried to “harm the Missourians”
Parson described the reporter as a “criminal” who “recorded the records of at least three educators, decoded the HTML source code, and checked the social security numbers of these specific educators”, “in an attempt to steal individuals Information and hurt Missourians”.
Major web browsers include options such as “View Source Code” or “View Page Source Code” to view the HTML of a web page, so anything in that code can be easily obtained.The original Post-Dispatch article did not describe in detail how to obtain the social security number from the HTML source code, but a follow-up Article about Parsons legal threats Said Thursday, “The teacher’s social security number appears in the publicly visible HTML source code of the page involved.” These numbers are not in plain text format, but are easy to convert, Post-Dispatch continued:
Shaji Khan, a professor of network security at the University of Missouri in St. Louis, said that the data on the DESE website is encoded but not encrypted. Louis-This is a key difference. Without a specific decryption key to hide the data, no one can view the encrypted data. But encoding just means that the data is in a different format and can be decoded and viewed relatively easily.
“Anyone who knows about development-and the bad guys are far ahead-can easily decode this data,” Khan said on Thursday.
Governor informs prosecutors of “crimes against teachers”
“Accessing coded data and systems to check other people’s personal information is illegal. We are coordinating state resources to respond to and utilize all available legal methods. My government has notified the Cole County Attorney of this matter. Missouri Highway Patrol The team’s digital forensics department will also investigate all relevant personnel,” he said.