missouri, technology, mike parson, security vulnerability, cybersecurity

Missouri Governor Mike Parson has threatened legal action against a report and a newspaper that found a vulnerability in a state website.

The St. Louis Post-Dispatch reporter disclosed a website's security vulnerability that led to social security numbers of teachers and educational staff members easily accessible by anyone who knew how.

Due to the vulnerability, anyone could have had access to the social security numbers by simply right-clicking and then choosing Inspect Element or View Source.

Governor Parson, in return, called the St. Louis Post-Dispatch reporter a "hacker" whose actions were described as "decoding the HTML source code," according to a report.

Missouri Governor Threatens Legal Action Against Report

Missouri Governor Mike Parson has threatened legal action against the St. Louis Post-Dispatch and its reporter, who disclosed a security vulnerability in a state website.

According to a report by The Verge, the St. Louis Post-Dispatch "notified the Missouri Department of Elementary and Secondary Education (DESE) that one of its tools was returning HTML pages that contained employee SSNs, potentially putting the information of over 100,000 employees at risk."

"While the reporter followed standard protocols for disclosing and reporting on the vulnerability, the governor is treating him as if he attacked the site or was trying to access the teacher's private information for nefarious purposes," The Verge added.

For his efforts, the reporter had been called a "hacker" by Governor Parson, who also said the county prosecutor and investigators would be involved.

Governor Parson also said, per The Verge report, that the whole incident could cost the state and its taxpayers $50 million. The report, however, notes that it would have been more expensive for the government had a hacker actually accessed the social security numbers available due to the security vulnerability.

Security Vulnerability in DESE Site

Per the report of the St. Louis Post-Dispatch that was cited by The Verge, the tool that contained the vulnerability "was designed to let the public see teachers' credentials."

The vulnerability in the tool meant that the page also included the social security number of the person whose credentials are being viewed, which could be accessed by anyone who knows how to right-click and then choose Inspect Element or View Source.

Governor Parson insisted that the DESE's website does not give users permission to access social security numbers of teachers and staff members, but The Verge report notes that "it was being freely provided."

There have been multiple instances in the past wherein a security vulnerability could have or has actually led to private data being accessed by hackers. A recent example of which is the Microsoft Azure security vulnerability called OMIGOD.

Missouri DESE Comments on Incident

The Verge has noted in its report that it has reached out to the Missouri DESE for comment. However, the Missouri DESE did not have much to say due to the ongoing investigation.

The Missouri DESE only said that the data in question is now already protected.

Written by Isabella James

Internet Explorer Channel Network


LATEST NEWS

NEWS RELATED

India and Cybersecurity: Are we safe?

Indian saw three times more cyber attacks in 2020, compared to 2019 The recent cyberattack on the Iranian gas stations all over the country showed how vulnerable our IT infrastructure can be. The attack rendered state issued electronic cards useless and caused many long queues at gas stations. The fact…

Read more: India and Cybersecurity: Are we safe?

Fastest VPN 2021

Three top VPNs battle it out to see which takes the privacy and speed crown.

Read more: Fastest VPN 2021

India in final stages of clearing national cybersecurity strategy, says national coordinator

India is in the final stages to clear a National Cybersecurity Strategy in the wake of growing cyber attacks and threats from nation-state actors against the country, national cyber security coordinator Lt. Gen. (retd) Rajesh Pant has stressed.There are about 4 million malware that are detected every day and India…

Read more: India in final stages of clearing national cybersecurity strategy, says national coordinator

China updates rules on real-name registration online in crackdown on schemes to revive banned user accounts

China’s internet watchdog is updating regulations on how users of domestic online platforms identify themselves, making it harder for censored social media accounts to be revived, as Beijing intensifies efforts to clean up the nation’s cyberspace. The draft of the updated rules was published on Tuesday by the Cyberspace Administration…

Read more: China updates rules on real-name registration online in crackdown on schemes to revive banned user accounts

Ex-NSA hacker says a supply chain cyberattack is one of the things that keeps him up at night

A former Marine who conducted cyber missions for the U.S. military and the National Security Agency told CNBC on Monday the threat of a cyberattack on the U.S. chain supply keeps him awake at night. David Kennedy, also the founder of cybersecurity companies TrustedSec and Binary Defense, told “Power Lunch”…

Read more: Ex-NSA hacker says a supply chain cyberattack is one of the things that keeps him up at night

Solarwinds hackers are targeting the global IT supply chain, Microsoft says

Annette Riedl | Picture Alliance | Getty Images The Russian-linked hacking group that's been blamed for an attack on the U.S. government and a significant number of private U.S. companies last year is targeting key players in the global technology supply chain, according to cybersecurity experts at Microsoft. Nobelium, as…

Read more: Solarwinds hackers are targeting the global IT supply chain, Microsoft says

The Facebook Papers: Documents reveal internal fury and dissent over site's policies

Facebook Chairman and CEO Mark Zuckerberg testifies at a House Financial Services Committee hearing in Washington, October 23, 2019.Erin Scott | Reuters Hours after the Jan. 6 assault on the U.S. Capitol, Mike Schroepfer, Facebook's chief technology officer, posted on the company's internal message board. “Hang in there everyone,” he…

Read more: The Facebook Papers: Documents reveal internal fury and dissent over site's policies

China is pushing to develop its own chips — but the country can't do without foreign tech

A technologist inspects a computer chip.Sefa Ozel | E+ | Getty Images GUANGZHOU, China — China's technology giants have been pushing to develop their own semiconductors or chips, a move seen as progress toward China's goal to become self-reliant in the critical technology. In reality, China is still a long…

Read more: China is pushing to develop its own chips — but the country can't do without foreign tech

6 ways to delete yourself from the internet: Getting off the grid isn't as easy as it seems

Delete yourself from the internet: 6 ways to remove personal information from the web

Tencent, Huawei, other major Shenzhen firms to bolster user data safeguards ahead of roll-out of new personal information law

America must protect these 5 technologies if it wants to remain a superpower, intelligence officials warn

Tencent fixes WeChat bug that exposed some social media content to Google, other external search engines

Edward Snowden warns weakening encryption would have dire consequences: 'Privacy is power'

Governments target ransomware gang REvil in cyberattack, pushing it offline, sources say

Cybersecurity Demands Proactive Design Thinking

OTHER NEWS