Far-right Missouri governor threatens criminal prosecution of reporter who found 'a serious flaw' in state website
Earlier this week, a reporter for the St. Louis Post-Dispatch notified Missouri's state government that a website maintained by the Missouri Department of Education had a security flaw — one that made the private information of teachers and education administrators, including their Social Security numbers, vulnerable. And the Post-Dispatch agreed to hold off on publishing information about that site's vulnerability while the problem was being addressed. But far-right Missouri Gov. Mike Parson, according to Missouri Independent reporter Jason Hancock, is now railing against the Post-Dispatch, defaming the reporter as a "hacker" and threatening criminal prosecution.
At a press conference, Parson told reporters, "The state does not take this matter lightly…. This administration is standing up against any and all perpetrators who attempt to steal personal information and harm Missourians."
A reporter at @stltoday discovered a flaw in a state website that risked exposure of teacher Social Security numbers. He notified the state of the problem and it was fixed.\n\nToday, @GovParsonMO labeled the reporter a 'hacker' & vowed criminal prosecution.https://missouriindependent.com/2021/10/14/missouri-governor-vows-criminal-prosecution-of-reporter-who-found-flaw-in-state-website/\u00a0\u2026— Jason Hancock (@Jason Hancock) 1634225538
The Missouri Department of Education, according to Hancock, removed the web pages that were problematic after being informed of the problem by the Post-Dispatch.
Hancock reports, "The Post-Dispatch discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials. The Department removed the affected pages from its website Tuesday after being notified of the problem by the Post-Dispatch. Based on state pay records and other data, more than 100,000 Social Security numbers were vulnerable. The newspaper delayed publishing this report to give the Department time to take steps to protect teachers' private information, and to allow the state to ensure no other agencies' web applications contained similar vulnerabilities."
Hancock notes that although "no private information was clearly visible nor searchable on any of the web pages," the Post-Dispatch "found that teachers' Social Security numbers were contained in the HTML source code of the pages involved."
According to Hancock, "The newspaper asked Shaji Khan, a cybersecurity professor at the University of Missouri-St. Louis, to confirm the findings. He called the vulnerability 'a serious flaw.'"
- 'We are going to see a lot of people die': Why Covid cases are rising ... ›
- 'Folks are going to die': Vacationers flocking to Missouri's Lake of ... ›
- Journalist picks the 'worst of the worst' governors for fighting the ... ›
- Professor pushes back against Missouri governor arguing that it is not illegal to view website HTML codes - Alternet.org ›
- Missouri Dept. of Health under fire for ignoring data on effectiveness of mask mandates - Alternet.org ›