Tag: governor | Page 2

Missouri Governor and F12 Hacking, Global Ransomware Meeting, Fake Government Websites

October 25, 2021/in Internet Security

Details on the F12 “hacking” incident of the Missouri state education website and the foolish response from the Missouri governor, Over 30 countries (except China and Russia) meet to fight ransomware globally, and the FBI’s warning about fake unemployment benefit websites.

** Links mentioned on the show **

Gov. Parson promises ‘swift justice’ to person he says hacked Mo. Dept. of Education website
https://krebsonsecurity.com/2021/10/missouri-governor-vows-to-prosecute-st-louis-post-dispatch-for-reporting-security-vulnerability/
https://twitter.com/GovParsonMO/status/1448697768311132160?s=20

Over 30 Countries Pledge to Fight Ransomware Attacks in US-led Global Meeting
https://thehackernews.com/2021/10/over-30-countries-pledge-to-fight.html

FBI warns of fake govt sites used to steal financial, personal data
https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-govt-sites-used-to-steal-financial-personal-data/

** Watch this episode on YouTube **

** Thank you to our sponsors! **

Silent Pocket

Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.

Click Armor

To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity

** Subscribe and follow the show **

Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Contact us: https://sharedsecurity.net/contact

Website: https://sharedsecurity.net

YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Twitter: https://twitter.com/sharedsec

Instagram: https://instagram.com/sharedsecurity

The post Missouri Governor and F12 Hacking, Global Ransomware…

Source…

Missouri governor is calling for criminal charges against a journalist who found social security numbers exposed on a public website

October 16, 2021/in Computer Security

The governor of Missouri is calling for criminal charges against a reporter who found social security numbers exposed online.
The reporter found that the SSNs of over 100,000 teachers were viewable on a government site.
Gov. Mike Parson labeled the reporter a “hacker” and demanded an investigation – which cyber experts say makes no sense.

Missouri Gov. Mike Parson is demanding a criminal investigation into a journalist who found social security numbers exposed on a state website – a reaction that cybersecurity experts say makes no sense.

On Wednesday, St. Louis Post-Dispatch reporter Josh Renaud published a story revealing that the state’s education department website exposed the SSNs of over 100,000 employees including teachers and administrators. All Renaud had to do to view the SSNs was open “inspect element” to view the page’s source code, which anyone can do with two clicks of a mouse.

Renaud first disclosed the exposure to the state on Tuesday and waited until the issue was fixed before publishing his story – a well-established best practice in cybersecurity reporting.

But after the story went live, Parson held a press conference Thursday slamming Renaud as a “hacker” and calling on state prosecutors to conduct a criminal investigation into his report.

“We will not let this crime against Missouri teachers go unpunished,” Parson said. “They were acting against a state agency to compromise teachers’ personal information in an attempt to embarrass the state and sell headlines for their news outlet.”

Parson’s remarks have been met by widespread bewilderment and outrage from cybersecurity experts, who say Renaud disclosed the exposed data responsibly and that using a web browser’s “inspect element” tool does not constitute hacking.

“Hitting F12 in a browser is not hacking,” SocialProof Security CEO Rachel Tobac said in a tweet. “Fix your website.” Another cybersecurity researcher, Matt Blaze, admonished Parson for moving to “call the cops” on someone who “quite responsibly” disclosed the vulnerability.

A day after Parson’s press conference, Cybersecurity and Infrastructure Security Agency director Jen Easterly tweeted that the…

Source…

Missouri governor accuses journalist who warned state about cybersecurity flaw of criminal ‘hacking’

October 14, 2021/in Computer Security

When a St. Louis Post-Dispatch journalist discovered that the Missouri state teachers website allowed anyone to see the Social Security numbers of some 100,000 school employees, he did what any reporter might do. He published a story about the security vulnerability — though not before warning the state and giving it time to remove the affected webpages.

A July 2020 file photo of Missouri Gov. Mike Parson, who called a St. Louis Post-Dispatch reporter a "hacker" after the discovery of a security flaw in a state website.

© Alex Brandon/AP
A July 2020 file photo of Missouri Gov. Mike Parson, who called a St. Louis Post-Dispatch reporter a “hacker” after the discovery of a security flaw in a state website.

Another official might have thanked the newspaper for spotting the flaw and giving a heads-up before publicizing it — or at least downplayed what appears to be an embarrassing government mishap. But Missouri Gov. Mike Parson (R) did the opposite: He called the journalist “a hacker” who may face civil or criminal charges for “decod[ing]” HTML code on the Department of Elementary and Secondary Education website and viewing three Social Security numbers.

Load Error

The journalist was “acting against the state agency to compromise teachers’ personal information in an attempt to embarrass the state and sell headlines for their news outlet,” Parson announced Thursday. He said that he had referred the case to the Cole County prosecutor and the Missouri State Highway Patrol’s Digital Forensic Unit.

The announcement immediately drew appalled reactions from the Post-Dispatch and other journalistic organizations.

“We stand by our reporting and our reporter who did everything right,” Ian Caso, president and publisher of the Post-Dispatch, said in a statement. “It’s regrettable the governor has chosen to deflect blame onto the journalists who uncovered the website’s problem and brought it to DESE’s attention.”

Committee to Protect Journalists’ U.S. and Canada program coordinator Katherine Jacobsen called Parson’s legal threats “absurd.”

“Using journalists as political scapegoats by casting routine research as ‘hacking’ is a poor attempt to divert public attention from the government’s own security failing,” she told The Washington Post in an email.

A spokeswoman for…

Source…

Missouri governor threatens to prosecute journalist for sharing web security flaw

October 14, 2021/in Internet Security

Missouri Governor Mike Parson might want to read up on the differences between disclosing and exploiting security flaws. According to The Missouri Independent, Parson accused a St. Louis Post-Dispatch reporter of being a “hacker” for having the audacity to… report security holes. The journalist disclosed a Department of Elementary and Secondary Education web app flaw that let anyone see over 100,000 teachers’ Social Security numbers in site source code, and Parson interpreted this as a “political game” meant to “embarrass the state” — that is, a malicious hack.

JEFFERSON CITY, MO - MAY 29: Gov. Mike Parson listens to a media question during a press conference to discuss the status of license renewal for the St. Louis Planned Parenthood facility on May 29, 2019 in Jefferson City, Missouri. Parson stated that the facility still had until Friday to comply with the state in order to renew the license. (Photo by Jacob Moscovitch/Getty Images)

© Jacob Moscovitch via Getty Images
JEFFERSON CITY, MO – MAY 29: Gov. Mike Parson listens to a media question during a press conference to discuss the status of license renewal for the St. Louis Planned Parenthood facility on May 29, 2019 in Jefferson City, Missouri. Parson stated that the facility still had until Friday to comply with the state in order to renew the license. (Photo by Jacob Moscovitch/Getty Images)

The governor has already referred the case to the Cole County Prosecutor, and even has the Missouri Highway State Patrol investigating. An attorney for The Post-Dispatch maintained that the reporter “did the responsible thing” by sharing the flaw with the government to get it fixed. The lawyer also helpfully refreshed Parson on his internet lingo. A hacker is someone who “subverts” security with sinister intent, not a reporter trying to bolster security by sharing publicly available information.

Load Error

This flaw wasn’t recent, either. University of Missouri-St. Louis professor Shaji Khan told The Post-Dispatch that this kind of vulnerability had been known for “at least” 10 years, and that it was “mind boggling” the Department would let these problems linger. Audits in 2015 and 2016 had highlighted data collection issues at both the Department and school districts.

No, prosecutors probably won’t file charges. It’s a bit difficult to convict someone whose ‘hack’ effectively amounted to clicking “view page source” in their browser. However, this highlights an all-too-familiar problem with politicians that don’t understand tech. It doesn’t just lead to embarrassments, such as

Source…

Tag Archive for: governor