No Missouri

Started by littleman, October 27, 2021, 12:04:07 AM

Previous topic - Next topic

littleman

Viewing website HTML code is not illegal or "hacking," prof. tells Missouri gov.

The security flaw uncovered is one thing, how they handled it is something else.


ergophobe

#1
Shocking.

I think this has been posted here before:

view-source:https://www.usds.gov/
view-source:https://www.whitehouse.gov/ (specifically line 9, the first comment)

I think I posted here way back that I discovered that if I knew the customer name, I could look up all their past travel on... Jet Blue I think. Their database was fully searchable with a site: search. But releasing SSNs is really next-level. I hope Khan's countersuit is successful and that the state has to pay some sort of civil penalty for the data breach.

rcjordan

Parson doubles down on push to prosecute reporter who found security flaw in state site • Missouri Independent

https://missouriindependent.com/2021/10/21/parson-doubles-down-on-push-to-prosecute-reporter-who-found-security-flaw-in-state-site/

ergophobe

>>The PAC continues to raise and spend large sums of money

Enough said. As Utah Philips said, "The profit motive follows the path of least resistance and following the path of least resistance is what makes a river crooked."

littleman

You know how Nigerian 419 scammers purposely put obvious flaws in their emails to filter out the less gullible? It seems the Missouri GOP is employing a similar strategy here with the Parson's campaign.  If his supporters fail this level of understanding they are with him all the way and anything he says will be gospel as long as it is wrapped in a flag. 

ergophobe

Thank you. Unlike the spammers, I don't think Parsons is that smart to do it on purpose, but I don't think that detracts from your basic observation. That's a useful perspective

rcjordan

Stockholm:
"All information that Öppna Skolplattformen has used is public information that the City of Stockholm voluntarily distributed"

These parents built a school app. Then the city called the cops | Ars Technica
https://arstechnica.com/information-technology/2021/11/these-parents-built-a-school-app-then-the-city-called-the-cops/

rcjordan


rcjordan


rcjordan

SSNs were exposed for TEN years.

website was developed and maintained by the Office of Administration's Information Technology Services Division (ITSD) — which the governor's office controls directly.

Report: Missouri Governor's Office Responsible for Teacher Data Leak – Krebs on Security
https://krebsonsecurity.com/2022/02/report-missouri-governors-office-responsible-for-teacher-data-leak/

Brad

Ironic how if Mike Parson had not opened his mouth this would have blown over fairly quickly.  Now it turns out the Governor's office was the culprit all along.

Nobody will be held to account.