The State Of Madness By A US Governor On Hacking.
Michael Lynn Parson (born September 17, 1955) is an American politician serving as the 57th governor of Missouri since 2018 and is a member of the Republican Party.
The Missouri governor Mike Parson was threatening to prosecute a journalist, two years ago in October, 2021, for responsibly reporting a serious security lapse in the state’s website.
St. Louis Post-Dispatch journalist Josh Renaud reported that the website for the state’s Department of Elementary and Secondary Education (DESE) was exposing over 100,000 teachers’ Social Security numbers, which is a very serious security data breach and illegal.
All of these SSN were right there in the HTML code, which by default is visible to anyone, who knows how to right-click on a mouse in the browser or hit the F-12 button. This is not hacking and never ever in any sane persons mind could be considered as such, except for these nutjobs.
However, whomever coded that site, must have either been a beginner or using something.
The Post-Dispatch reported the vulnerability to state authorities to patch the website, and delayed publishing a story about the problem to give the state enough time to fix the problem.
The DESE later confirmed that the “educator certification search tool was disabled immediately” and that the vulnerability was fixed.
"DESE’s educator certification search tool was launched in 2011. Since then, OA-ITSD has done a number of vulnerability scans on its web application that contains this information, and those scans did not yield any concerns or potential threats."
The state representative should have been thankful for the discovery, but instead:
Republican Governor Mike Parson described the journalist who uncovered the vulnerability as a “hacker”, and said the newspaper uncovered the flaw in “an attempt to embarrass the state”.
This is typical political behavior amongst non-technical people, that have little to no knowledge of how tech works, let alone what a hacker really is.
I came across this madness in a discussion forum on HN, where FCC Commissioner Nathan Simington posted that he was there to discuss security updates for IoT devices and how you can make a difference by filing comments with the FCC.
Noticing some comments that makes sense and some lobbying for the continued protection of businesses, that creates IoT devices, but don't support for them for very long. One user especially seems to don't want security researchers finding and fixing dangerous bugs in their code. You should read the entire thread.
