Missouri Governor Believes Viewing Website Source Code Is A Crime

Mike Parson, Governor of Missouri, does not understand how websites work. He held a press conference earlier this week in St. Louis to once again reiterate his desire to pursue a St. Louis Post-Expedition reporter for viewing the source code of a state website.

In October 2021, reporter Josh Renaud reported that the source code for the Department of Elementary and Secondary Education website exposed the social security numbers of more than 100,000 teachers, administrators and school counselors. He only released the story after reporting the issue to the state and the vulnerability was addressed.

Parson and DESE were apparently not grateful for the alert and immediately accused Renaud of “hacking” the DESE website. Missouri Education Commissioner Margie Vandeven sent a letter to educators saying “someone took the files of at least three educators, deciphered the source code of the webpage, and looked at the Social Security number (SSN) of these specific educators “.

According to documents obtained by the St. Louis Post-Expedition, the FBI told the state the website was “misconfigured” and Renaud’s actions were “not a true network intrusion.”

The source code has not been encrypted. The source code of a website is generally accessible to anyone using a web browser. While scratching requires some technical knowledge, just watching it is as easy as opening the “Developer Tools” option available in almost all web browsers, including Chrome, Safari, Firefox, and Edge. If you want, you can check out the source code for The Verge right now. By Parson’s and DESE’s logic, anyone who uses developer tools on a website they don’t own is a hacker.

Actually … give me a second … boom, I just hacked Facebook.

While a blatant misunderstanding of how websites work by both a state agency and the state governor can be amusing, Governor Parson’s behavior since the newspaper first published his story has been anything but. . According to public records obtained by the St. Louis Post-Expedition Vandeven had originally planned to thank the newspaper for finding the vulnerability. His tone only became accusatory after meeting with the governor’s office.

The Missouri State Highway Patrol, whose director is appointed by the governor, has launched an investigation into the newspaper’s history. They turned the case over to Cole County District Attorney Locke Thompson on Monday, December 27. Governor Parson then held a press conference on Wednesday, December 29, in which he cited state law relating to computer tampering and repeatedly suggested that Thompson should use it to prosecute. Renaud and the paper.

At the press conference, he compared Renaud’s actions to someone using a hook to enter someone’s home without permission. Which is by no means an appropriate analogy. The websites are intended for the public. They are like public buildings, not houses. A more appropriate analogy would be if a person is in a state-owned building and walks past a locked room, and sees someone posting a bunch of sensitive information in the window for everyone to see. whether or not they have keys.

Personally, I would like someone to knock on the door and report the issue without fear of being chased by an embarrassed man who doesn’t understand how websites work.


Source link

Comments are closed.