Missouri governor threatens to prosecute journalist for sharing web security flaw

0
42
missouri-governor-threatens-to-prosecute-journalist-for-sharing-web-security-flaw

Missouri Governor Mike Parson would possibly need to learn up on the variations between disclosing and exploiting security flaws. According to The Missouri Independent, Parson accused a St. Louis Post-Dispatch reporter of being a “hacker” for having the audacity to… report security holes. The journalist disclosed a Department of Elementary and Secondary Education web app flaw that allow anybody see over 100,000 academics’ Social Security numbers in website supply code, and Parson interpreted this as a “political game” meant to “embarrass the state” — that’s, a malicious hack.

The governor has already referred the case to the Cole County Prosecutor, and even has the Missouri Highway State Patrol investigating. An lawyer for The Post-Dispatch maintained that the reporter “did the responsible thing” by sharing the flaw with the federal government to get it mounted. The lawyer additionally helpfully refreshed Parson on his web lingo. A hacker is somebody who “subverts” security with sinister intent, not a reporter making an attempt to bolster security by sharing publicly out there info.

This flaw wasn’t current, both. University of Missouri-St. Louis professor Shaji Khan informed The Post-Dispatch that this type of vulnerability had been identified for “at least” 10 years, and that it was “mind boggling” the Department would let these issues linger. Audits in 2015 and 2016 had highlighted knowledge assortment points at each the Department and college districts.

No, prosecutors most likely will not file fees. It’s a bit tough to convict somebody whose ‘hack’ successfully amounted to clicking “view page source” of their browser. However, this highlights an all-too-familiar downside with politicians that do not perceive tech. It would not simply lead to embarrassments, reminiscent of letters to long-gone CEOs — it may possibly discourage accountable security disclosures and put hundreds of individuals in danger.

All merchandise advisable by Engadget are chosen by our editorial group, unbiased of our father or mother company. Some of our tales embody affiliate hyperlinks. If you purchase one thing by way of one among these hyperlinks, we could earn an affiliate fee.