Tag Archive for: Calling

Missouri governor is calling for criminal charges against a journalist who found social security numbers exposed on a public website

/in


missouri gov mike parson

Missouri Gov. Mike Parson Jeff Roberson/AP

  • The governor of Missouri is calling for criminal charges against a reporter who found social security numbers exposed online.

  • The reporter found that the SSNs of over 100,000 teachers were viewable on a government site.

  • Gov. Mike Parson labeled the reporter a “hacker” and demanded an investigation – which cyber experts say makes no sense.

Missouri Gov. Mike Parson is demanding a criminal investigation into a journalist who found social security numbers exposed on a state website – a reaction that cybersecurity experts say makes no sense.

On Wednesday, St. Louis Post-Dispatch reporter Josh Renaud published a story revealing that the state’s education department website exposed the SSNs of over 100,000 employees including teachers and administrators. All Renaud had to do to view the SSNs was open “inspect element” to view the page’s source code, which anyone can do with two clicks of a mouse.

Renaud first disclosed the exposure to the state on Tuesday and waited until the issue was fixed before publishing his story – a well-established best practice in cybersecurity reporting.

But after the story went live, Parson held a press conference Thursday slamming Renaud as a “hacker” and calling on state prosecutors to conduct a criminal investigation into his report.

“We will not let this crime against Missouri teachers go unpunished,” Parson said. “They were acting against a state agency to compromise teachers’ personal information in an attempt to embarrass the state and sell headlines for their news outlet.”

Parson’s remarks have been met by widespread bewilderment and outrage from cybersecurity experts, who say Renaud disclosed the exposed data responsibly and that using a web browser’s “inspect element” tool does not constitute hacking.

“Hitting F12 in a browser is not hacking,” SocialProof Security CEO Rachel Tobac said in a tweet. “Fix your website.” Another cybersecurity researcher, Matt Blaze, admonished Parson for moving to “call the cops” on someone who “quite responsibly” disclosed the vulnerability.

A day after Parson’s press conference, Cybersecurity and Infrastructure Security Agency director Jen Easterly tweeted that the…

Source…

Messenger: Missouri has an award-winning cybersecurity team. Why is Parson calling such work a crime? | Tony Messenger

/in


That’s what the news release with the dead link says. I copied and pasted the link into an internet site called the “Wayback Machine,” which captures websites in real time, so that when future links go dead, for whatever reason, the information is still archived. Here’s what it says about why state workers looked at publicly available HTML code at government and private business sites:

“The program identifies high-risk systems that, if left insecure, could lead to disruptions within critical infrastructure or significant data loss, and contacts the owners of the impacted systems to mitigate risks. … The primary business goal of this program is to protect the critical infrastructure belonging to governments, businesses, utilities, and academic institutions across the State of Missouri. Critical infrastructure provides the foundation of many life sustaining services such as healthcare, government, public safety, energy, transportation, communication, food/agriculture, and manufacturing. Keeping these services available around the clock are critical to today’s way of life. A secondary business goal is to safeguard the data belonging to Missouri citizens, students, and customers. Our data lives online as much as we do, and to safeguard it has become essential to prevent identify theft, financial loss, and brand reputation impact.”

This is the same sort of motivation that drives data journalists to check state websites, and, when they find something that could lead to citizens’ personal information being insecure, letting government officials know of the potential weakness. That’s what Renaud found out. He discovered the state’s Department of Elementary and Secondary Education was storing social security numbers of teachers in publicly available HTML code. Then he told the state about it so they could fix the problem.

Source…

T-Mobile customers are left feeling frustrated as hacker comes forward, calling the company’s security ‘awful’

/in




a man standing in front of a sign: Drew Angerer/Getty Images

© Provided by Business Insider
Drew Angerer/Getty Images

  • An American man living in Turkey claims to be the hacker behind a massive T-Mobile breach, the Wall Street Journal reported.
  • T-Mobile customers are left feeling frustrated by their wireless carrier over security concerns.
  • Customers are experiencing fraudulent charges on debit cards and spam calls and text messages after the breach.
  • See more stories on Insider’s business page.

T-Mobile customers are dealing with the fallout of a security breach that exposed the personal information of more than 53 million people, with some telling Insider they’ve recently experienced fraudulent charges on debit cards and spam calls and text messages.

Loading...

Load Error

Customers also expressed frustration that the man who took responsibility for the attack said it was easy.

“Their security is awful,” John Binns, a 21-year-old American who now lives in Turkey, told The Wall Street Journal on Friday, claiming to be the hacker behind the breach.

Binns gained access to the servers after discovering an unprotected router by scanning T-Mobile’s internet address for weak spots, The Journal reported. Over 53 million people had personal information compromised in the hack such as names, addresses, dates of births, phone numbers, Social Security numbers, and driver’s license information.

Many customers are now dealing with the repercussions of the hack and feel as though T-Mobile is not doing enough to protect them as some information hits the dark web.

Eddie Richards, a T-Mobile customer from Elizabethtown, Kentucky, told Insider he did not know about the hack until it reached the news. Richards is part of T-Mobile’s family plan, and while only the primary account holder was notified of the data breach by the company, he believes that all customers should have been made aware.

“It just frustrates me, honestly,” Richards said. “If our data is a priority for you guys to keep safe, how come I haven’t gotten a notification or anything like that?”

Gallery: If You Hear This When You Answer the Phone, Hang Up Immediately (Best Life)

a woman sitting at a table using a laptop computer: In the era of overactive group texts and social media overload, getting a phone call from a friend or loved one with good news has become something of a special event again. Unfortunately, it's also become next to impossible to figure out which incoming calls are from someone you actually want to speak to and not just another annoying robocall. And even though those anonymous spam calls might seem they're just a nuisance, they can actually be targeted scams that can put your personal information at risk. Thankfully, officials at the Federal Communications Commission (FCC) say there are a few simple tricks that can tell you when you should hang up the phone immediately—and others that can help cut back on unwanted calls altogether. Read on to see how you can spare yourself from having to cut the cord.RELATED: If You Use This Popular Cell Service, Your Phone May Not Work Soon.

The telecom company has previously said that no financial information was compromised in the breach, but…

Source…

Senators Cite Colonial Pipeline Hack in Calling for Cyber Response and Recovery Fund

/in


The cyberattack that has shut down a major supply line for energy to much of the East Coast is the kind of event that would have triggered a release of funding outlined in legislation to help the government respond to such incidents, key senators said in a hearing Wednesday.

“I know we’re here today to focus on federal cybersecurity. But I think it’s important to discuss the attack that we have just recently seen on Colonial Pipeline, one of the largest attacks on critical infrastructure in our history,” Sen. Gary Peters, D-Mich., said. “Last month, Ranking Member, [Rob] Portman [R-Ohio] and I introduced the Cyber Response and Recovery Act which would give the Secretary of Homeland Security the authority to declare a significant incident and use [the] Cyber Response and Recovery Fund after events like this.”

Peters, chairman of the Senate Homeland Security and Government Affairs Committee, was leading a hearing on the federal government’s efforts to improve its cybersecurity following the SolarWinds hack, which was part of a campaign that compromised scores of organizations, including nine federal agencies.

The chair and ranking member touted their legislation while drawing attention to what they said were lapses in both public and private entities’ communications with the government.

The Cyber Response and Recovery Fund that the legislation creates would keep $20 million available for DHS’ Cybersecurity and Infrastructure Security Agency to reimburse other departments they need to call in to help respond to cyberattacks and to get information out to related entities to mitigate the impact of such events.

But in Colonial’s case, Brandon Wales, CISA’s acting director, told Portman that the company did not contact CISA after they were targeted by ransomware criminals. CISA was engaged only after the FBI brought them in and still does not possess the technical details that would help them to advise other critical infrastructure entities, Wales said.

Wales said this is understandable since it’s still early in the response, and that CISA has a good relationship with Colonial, but Portman did not accept that argument.  

“It seems to me we also have to worry about these…

Source…