Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Government

Missouri Planned To Thank 'Hacker' Journalist Before Governor Accused Him of Crimes (arstechnica.com) 57

UnknowingFool writes: Two days before Missouri governor Michael Parson (R) accused a newspaper reporter, Josh Renaud, of "hacking" for reporting about a fixed flaw in a state website, the state government of Missouri was planning to publicly thank Renaud for alerting them of the flaw, emails show in a public records request. Two days later, however, the Governor publicly accused Renaud of crimes. Also in the request, emails show that a day before the article was published the state's cybersecurity specialist informed other state officials that "this incident is not an actual network intrusion." [Instead, the state's database was "misconfigured," which "allowed open source tools to be used to query data that should not be public."]

St Louis Dispatch reporter, Josh Renaud, had discovered that the state's website was exposing the Social Security Numbers of teachers and other school employees in the HTML code of the state's site. He informed the state who fixed the flaw, and he delayed publishing the article until after the flaw was fixed. The article was published on October 14. The same day, Governor Parson accused Renaud of cyber crimes. A week later, Parson doubled down after criticism.

This discussion has been archived. No new comments can be posted.

Missouri Planned To Thank 'Hacker' Journalist Before Governor Accused Him of Crimes

Comments Filter:
  • git you in prison?

  • I wonder which database option dumps extra rows out inside an HTML comment...

  • by mark-t ( 151149 ) <markt AT nerdflat DOT com> on Tuesday December 07, 2021 @06:23PM (#62056877) Journal
    Accusing this journalist of hacking for simply reporting a vulnerability is like accusing someone of trying to break into your house when all they do is tell you that the screws to your deadbolt are on the outside of the door and anyone could actually remove the lock.
    • by 140Mandak262Jamuna ( 970587 ) on Tuesday December 07, 2021 @07:55PM (#62057135) Journal
      No. It is more like, you left your door wide open, neighbor calls you tell you you left the door wide open and you call cops on him
      • This is the exact analogy. But in an attack video Gov. Parson described it like this: [youtube.com]

        A reporter has been digging around HTML code on a state website.

        The state technology division said "the hacker took the records of at least three educators, decoded the HTML source code and viewed the social security numbers of those specific educators".

        Governor Parson believes everyone is entitled to their privacy, especially our teachers.

        Exploiting private information is a squalid excuse for journalism. And hiding behind the noble principle of free speech to do it is shameful.

        So to 'Parson-ize' the door analogy:

        A reporter has been looking at open front doors on state buildings

        The state doors division said "the thief looked at least three educators' doors, realised the doors were open and viewed insides of the hallways of those specific educators".

        Governor Parson believes everyone is entitled to their privacy, especially our teachers.

        Exploiting private hallways is a squalid excuse for journalism. And hiding behind the noble principle of free speech to do it is shameful.

        • Your pathetic video is meant for misinformed people who don't know basics of web. Not slashdot crowd. We "technology" people Oh, yeah, tell me about it.

          HTML is not "CODE" that is meant to be private. HTML is public. It is designed to be public. Every student is taught, html is public, do not put any private info in html code. Keep it on the server side scripts, never ever put private info in html. It is a language of communication between computers and you don't need any special tools to view html source

    • by narcc ( 412956 )

      I'd like to know where you found a deadbolt that can be installed that way.

  • by MacMann ( 7518492 ) on Tuesday December 07, 2021 @06:27PM (#62056885)

    The state screwed up on securing data, someone points this out, so they want to punish the person for exposing the flaw. That's a great idea. Now when something like this happens again nobody will speak up out of fear of being put in prison. This is setting the state up for a much more public black eye in the future. They will look around for someone to blame and it will just land on them for creating a culture of bad security practice.

  • by Retired Chemist ( 5039029 ) on Tuesday December 07, 2021 @06:32PM (#62056903)
    I live in Missouri. Our governor is a total embarrassment and a total idiot. This should make him good presidential material, which is probably his ambition.
    • I live in Missouri. Our governor is a total embarrassment and a total idiot.

      He has an "(R)" after his name, what did you expect? :-)
      Buck up though, the people in FL and TX probably have it worse.

    • I believe you misspelled the name of the state. It is the State of Misery.

    • Re:Missouri (Score:4, Interesting)

      by TopherC ( 412335 ) on Tuesday December 07, 2021 @07:30PM (#62057049)

      It's the "doubled-down after criticism" part that gets me. Have you ever worked with someone who does that? I have, and each time it was a disaster. It must be some kind of ultra-self-empowerment ideology, pitched as advice for management: Every problem can be boiled down to an issue of perception, and the self-made man owns all of their problems. Thus being wrong is personal failure, a weakness. I don't know, but something like that anyway. Trump is an archetype of this mentality, but of course it's not just him.

      As a scientist-turned-engineer, I'm wrong a lot. If I'm not making mistakes. identifying, and then correcting them, then I must not be in a productive mode. Doubling-down on my own mistakes would be self-destructive.

      Is this "being wrong is only a problem of perception" BS something taught in ivy league business admin programs, or is it charlatan self-help advice? Where does this come from?

      • Re:Missouri (Score:4, Interesting)

        by RazorSharp ( 1418697 ) on Tuesday December 07, 2021 @08:52PM (#62057245)

        Is this "being wrong is only a problem of perception" BS something taught in ivy league business admin programs, or is it charlatan self-help advice? Where does this come from?

        It's much more simple than that. They have a con artist mentality. "Con" is short for "confidence," meaning that the scheme requires confident bullshit.

        You might be an engineer who designs things to work, but the people responsible for selling whatever it is you design probably have this mentality. I've noticed that people who really enjoy sales want to feel like they just conned someone when the sale is complete, so even when they don't have to they treat the customer like a mark.

        To put it more simply: Why are all car salesmen scumbags? Because scumbags are the type of people who enjoy selling cars.

      • It is the ego thing. They cannot bear to admit they were wrong. It is common in politicians, CEOs. and consultants of all types among others. It is the fear that if you admit you are wrong about something, no one will believe you about anything else. Besides if you do this you will be accused of flip-floping. Apparently in politics it is a sin to change your opinion of something when you get new evidence. I guess that is why scientists are rarely successful at politics. .
      • As a scientist-turned-engineer, I'm wrong a lot. If I'm not making mistakes. identifying, and then correcting them, then I must not be in a productive mode. Doubling-down on my own mistakes would be self-destructive.

        Remember this is politics, not science or engineering. Check your logic at the door. Doubling down in politics, has fuck all to do with being right, and has everything to do with "winning" at any cost, no matter how destructive it is.

        Like you really need to look beyond all of American Politics and the current state of American leadership to find any more factual proof of this.

    • by Coius ( 743781 )

      Come to a Nebraska, we'll fight you for which one has the bigger idiot as the forerunner of the stage. I'm sure our Senator (Ricketts) can help you dig to find his IQ.

      Only one worse around us is Iowa I believe. And it's sad to find a worse person running a state than Ricketts, then Iowa has to upstage us. They always have to upstage us on a race to the bottom.

      • by gtall ( 79522 )

        Hah, he's got nothing on Sen. Inhofe of Oklahoma who brought a snowball to a hearing and thus declared there is no global warming. I always had an image of him as being the Santa's elf that they kept away from all the toys.

      • Well, being in Nebraska, you should know what the letters in IOWA stand for....
    • Agreed. It is ironic what happened in this situation, given Missouri is the "Show Me" state. lol.
  • goes unpunished. Governor is a true idiot.
  • Not too surprising (Score:5, Informative)

    by quonset ( 4839537 ) on Tuesday December 07, 2021 @06:51PM (#62056951)

    Missouri is the same state, with the same governor, who commissioned a study to see if mask mandates work. The study showed yes, wearing a mask does reduce infections [missouriindependent.com]. The governor or Missouri quashed the study, never revealing it to the public.

    To top things off, the AG of Missouri has now ordered schools and health departments to cease all covid orders or face prosecution [missouriindependent.com].

    So yeah, not surprising the right-wing cultists would attack someone who provided them with factual information. Wouldn't want to look bad, now would we?

    • Missouri is the same state, with the same governor, who commissioned a study to see if mask mandates work. The study showed yes, wearing a mask does reduce infections [missouriindependent.com]. The governor or Missouri quashed the study, never revealing it to the public.

      To top things off, the AG of Missouri has now ordered schools and health departments to cease all covid orders or face prosecution [missouriindependent.com].

      So yeah, not surprising the right-wing cultists would attack someone who provided them with factual information. Wouldn't want to look bad, now would we?

      Sorry, but that's a shit analogy. If COVID disappeared from the planet tomorrow, we would still have millions of permanently stupid humans who also happen to be PHBs, and databases will continue to get "hacked".

      The big difference between a virus and stupidity is we often find a cure for viruses.

  • by ItsJustAPseudonym ( 1259172 ) on Tuesday December 07, 2021 @07:19PM (#62057019)
    Not really "The Show-Me State" anymore. Not until you get a better governor, anyway.
  • The reporter needs to sue the governor for liable. What he did, was definitely not hacking.
    • The reporter needs to sue the governor for liable. What he did, was definitely not hacking.

      I suggest you go bail your grammar checker out of jail, since it was clearly being detained when you wrote that.

      Be careful next time. You might find yourself liable for failing to understand what libel means.

Keep up the good work! But please don't ask me to help.

Working...