Missouri Planned To Thank 'Hacker' Journalist Before Governor Accused Him of Crimes (arstechnica.com) 57
UnknowingFool writes: Two days before Missouri governor Michael Parson (R) accused a newspaper reporter, Josh Renaud, of "hacking" for reporting about a fixed flaw in a state website, the state government of Missouri was planning to publicly thank Renaud for alerting them of the flaw, emails show in a public records request. Two days later, however, the Governor publicly accused Renaud of crimes. Also in the request, emails show that a day before the article was published the state's cybersecurity specialist informed other state officials that "this incident is not an actual network intrusion." [Instead, the state's database was "misconfigured," which "allowed open source tools to be used to query data that should not be public."]
St Louis Dispatch reporter, Josh Renaud, had discovered that the state's website was exposing the Social Security Numbers of teachers and other school employees in the HTML code of the state's site. He informed the state who fixed the flaw, and he delayed publishing the article until after the flaw was fixed. The article was published on October 14. The same day, Governor Parson accused Renaud of cyber crimes. A week later, Parson doubled down after criticism.
St Louis Dispatch reporter, Josh Renaud, had discovered that the state's website was exposing the Social Security Numbers of teachers and other school employees in the HTML code of the state's site. He informed the state who fixed the flaw, and he delayed publishing the article until after the flaw was fixed. The article was published on October 14. The same day, Governor Parson accused Renaud of cyber crimes. A week later, Parson doubled down after criticism.
Re: (Score:1)
On a related note...
I'm not sure you actually know what that word means.
So Control U will (Score:1)
git you in prison?
Re: (Score:1)
Perl git parses and runs anything. [mcmillen.dev]
"Database Misconfiguration" (Score:2)
I wonder which database option dumps extra rows out inside an HTML comment...
Re:"Database Misconfiguration" (Score:4, Insightful)
I wonder which database option dumps extra rows out inside an HTML comment...
The one where you grant "SELECT" on sensitive data to an idiot.
Re: (Score:2)
Accenture.
ASP.net WebForms (Score:3)
See this comment that explains exactly what happened: https://arstechnica.com/tech-p... [arstechnica.com]
The governor is a complete moron (Score:5, Insightful)
Re:The governor is a complete moron (Score:5, Informative)
Re: (Score:2)
A reporter has been digging around HTML code on a state website.
The state technology division said "the hacker took the records of at least three educators, decoded the HTML source code and viewed the social security numbers of those specific educators".
Governor Parson believes everyone is entitled to their privacy, especially our teachers.
Exploiting private information is a squalid excuse for journalism. And hiding behind the noble principle of free speech to do it is shameful.
So to 'Parson-ize' the door analogy:
A reporter has been looking at open front doors on state buildings
The state doors division said "the thief looked at least three educators' doors, realised the doors were open and viewed insides of the hallways of those specific educators".
Governor Parson believes everyone is entitled to their privacy, especially our teachers.
Exploiting private hallways is a squalid excuse for journalism. And hiding behind the noble principle of free speech to do it is shameful.
Re: (Score:2)
HTML is not "CODE" that is meant to be private. HTML is public. It is designed to be public. Every student is taught, html is public, do not put any private info in html code. Keep it on the server side scripts, never ever put private info in html. It is a language of communication between computers and you don't need any special tools to view html source
Re: (Score:2)
I'd like to know where you found a deadbolt that can be installed that way.
Re: (Score:2)
Lowes, Home Depot, any random hardware store.
Re: (Score:2)
Nonsense.
Re: The governor is a complete moron (Score:1)
Re: (Score:2)
That would put the latch on the outside. The screws would be the least of your worries.
Re: (Score:2)
I'd like to know where you found a deadbolt that can be installed that way.
To your point, exposed hinges would have likely been a more accurate claim.
That said, the shitware you buy at BigBoxStore can barely be called a "lock" because the inherent security is so pathetic, so the parents analogy stands.
Re: (Score:2)
Killing the messenger is not a good tactic. (Score:5, Insightful)
The state screwed up on securing data, someone points this out, so they want to punish the person for exposing the flaw. That's a great idea. Now when something like this happens again nobody will speak up out of fear of being put in prison. This is setting the state up for a much more public black eye in the future. They will look around for someone to blame and it will just land on them for creating a culture of bad security practice.
Re: (Score:2)
Re:Killing the messenger is not a good tactic. (Score:5, Interesting)
Doing intrusion detection on my systems, I often realize that some servers not belonging to us in my own city have been hijacked. I also find obviously hacked email accounts and other stuff.
I never report anything since I am afraid that what happened to that guy might happen to me. I realize this is sad but I'd rather be safe than sorry.
Re: (Score:1)
Missouri (Score:3)
Re: (Score:1)
I live in Missouri. Our governor is a total embarrassment and a total idiot.
He has an "(R)" after his name, what did you expect? :-)
Buck up though, the people in FL and TX probably have it worse.
Re: (Score:1)
Errr. . .the entire planet was laughing at Dear Leader, all except his minders in Moscow. Check out his U.N. address.
Re: (Score:2)
I believe you misspelled the name of the state. It is the State of Misery.
Re:Missouri (Score:4, Interesting)
It's the "doubled-down after criticism" part that gets me. Have you ever worked with someone who does that? I have, and each time it was a disaster. It must be some kind of ultra-self-empowerment ideology, pitched as advice for management: Every problem can be boiled down to an issue of perception, and the self-made man owns all of their problems. Thus being wrong is personal failure, a weakness. I don't know, but something like that anyway. Trump is an archetype of this mentality, but of course it's not just him.
As a scientist-turned-engineer, I'm wrong a lot. If I'm not making mistakes. identifying, and then correcting them, then I must not be in a productive mode. Doubling-down on my own mistakes would be self-destructive.
Is this "being wrong is only a problem of perception" BS something taught in ivy league business admin programs, or is it charlatan self-help advice? Where does this come from?
Re:Missouri (Score:4, Interesting)
Is this "being wrong is only a problem of perception" BS something taught in ivy league business admin programs, or is it charlatan self-help advice? Where does this come from?
It's much more simple than that. They have a con artist mentality. "Con" is short for "confidence," meaning that the scheme requires confident bullshit.
You might be an engineer who designs things to work, but the people responsible for selling whatever it is you design probably have this mentality. I've noticed that people who really enjoy sales want to feel like they just conned someone when the sale is complete, so even when they don't have to they treat the customer like a mark.
To put it more simply: Why are all car salesmen scumbags? Because scumbags are the type of people who enjoy selling cars.
Re: (Score:3)
Re: (Score:2)
I'm 100% certain that you pulled this directly from your ass.
Ironically that is exactly what state Rep. Peter Merideth said about Gov. Mike Parson's cost of fixing the website flaw. Parson claimed the flaw would cost $50 million [missouriindependent.com] to fix.
The House Budget Committee and state Rep. Peter Merideth said, the estimate is not a very good one.
“He pulled it straight out of his ass,” Merideth said in an interview with The Independent Tuesday.
Re: (Score:2)
I'm 100% certain that you pulled this directly from your ass.
It was a question, not an assertion. Maybe a bit of a leading question, but still a question. Did you misread it?
Re: (Score:2)
As a scientist-turned-engineer, I'm wrong a lot. If I'm not making mistakes. identifying, and then correcting them, then I must not be in a productive mode. Doubling-down on my own mistakes would be self-destructive.
Remember this is politics, not science or engineering. Check your logic at the door. Doubling down in politics, has fuck all to do with being right, and has everything to do with "winning" at any cost, no matter how destructive it is.
Like you really need to look beyond all of American Politics and the current state of American leadership to find any more factual proof of this.
Re: (Score:1)
Come to a Nebraska, we'll fight you for which one has the bigger idiot as the forerunner of the stage. I'm sure our Senator (Ricketts) can help you dig to find his IQ.
Only one worse around us is Iowa I believe. And it's sad to find a worse person running a state than Ricketts, then Iowa has to upstage us. They always have to upstage us on a race to the bottom.
Re: (Score:2)
Hah, he's got nothing on Sen. Inhofe of Oklahoma who brought a snowball to a hearing and thus declared there is no global warming. I always had an image of him as being the Santa's elf that they kept away from all the toys.
Re: (Score:1)
Re: (Score:1)
No Good Deed (Score:1)
Not too surprising (Score:5, Informative)
Missouri is the same state, with the same governor, who commissioned a study to see if mask mandates work. The study showed yes, wearing a mask does reduce infections [missouriindependent.com]. The governor or Missouri quashed the study, never revealing it to the public.
To top things off, the AG of Missouri has now ordered schools and health departments to cease all covid orders or face prosecution [missouriindependent.com].
So yeah, not surprising the right-wing cultists would attack someone who provided them with factual information. Wouldn't want to look bad, now would we?
Re: (Score:2)
The mandates came from the correct arms of the governments, they relied upon the science. You are simply whining about being told to wear a mask because you only care about yourself and your "freedom" to infect others.
Re: (Score:3)
If you want to talk about people "looking bad" over COVID related decision-making, it might be wise to ask why they're refusing to release information on the COVID vaccine research, made via Freedom of Information requests -- arguing it needs to be kept confidential for 55 years?
You have been given inaccurate information. The government did not argue it needed to be kept confidential for 55 years. What they said is, due to resources available to respond to all FOIA requests, as well as the time it takes to redact information they are legally required to redact, they wanted to move to rolling releases of data. Due to the incredible volume of data which was requested, releasing the data each month (I want to say 500 pages a month, but that may be inaccurate) would result in the infor
Re: (Score:3)
Missouri is the same state, with the same governor, who commissioned a study to see if mask mandates work. The study showed yes, wearing a mask does reduce infections [missouriindependent.com]. The governor or Missouri quashed the study, never revealing it to the public.
To top things off, the AG of Missouri has now ordered schools and health departments to cease all covid orders or face prosecution [missouriindependent.com].
So yeah, not surprising the right-wing cultists would attack someone who provided them with factual information. Wouldn't want to look bad, now would we?
Sorry, but that's a shit analogy. If COVID disappeared from the planet tomorrow, we would still have millions of permanently stupid humans who also happen to be PHBs, and databases will continue to get "hacked".
The big difference between a virus and stupidity is we often find a cure for viruses.
There goes your nickname, Missouri (Score:4, Funny)
Sue for liable (Score:2)
Re: (Score:2)
The reporter needs to sue the governor for liable. What he did, was definitely not hacking.
I suggest you go bail your grammar checker out of jail, since it was clearly being detained when you wrote that.
Be careful next time. You might find yourself liable for failing to understand what libel means.
Re: (Score:2)