Tag Archive for: Missouri

Missouri offers credit monitoring to teachers affected by DESE data vulnerability 

/in


  

Missouri is offering 12 months of free credit and identity theft monitoring to educators whose personal information could be at risk due to a vulnerability in a state website discovered last month

At least three teachers’ Social Security numbers became vulnerable last month after data was accessed on the Department of Elementary and Secondary Education (DESE)’s website — which compiles teacher information that can be accessed by local school districts when verifying an educator’s certification. The last four digits of a person’s Social Security number can be used to identify an educator. 

No misuse of information nor access to information outside of last month’s incident has been reported, according to DESE, but the option will be extended to approximately 620,000 current and former teachers whose data was included on the department’s website. 

The services are expected to cost the state $800,000.  

DESE and the Office of Administration Technology Services Division (OA-ITSD) will notify teachers whose information may have been at risk in the coming days.

“Educators have enough on their plates right now, and I want to apologize to them for this incident and the additional inconvenience it may cause them,” DESE Commissioner Margie Vandeven said. “It is unacceptable. The security of the data we collect is of the utmost importance to our agency. Rest assured that we are working closely with OA-ITSD to resolve this situation.”

Gov. Mike Parson said the information was accessed through a “multistep process” that decoded and converted the data. The Cole County prosecutor was notified, and the Missouri State Highway Patrol’s Digital Forensic Unit will conduct an investigation “of all of those involved.” 

In a story, the St. Louis Post-Dispatch said one of its employees had “discovered the vulnerability in a web application” and notified DESE. 

“The reporter did the responsible thing by reporting his findings to DESE so that the state could act to prevent disclosure and misuse. A hacker is someone who subverts computer security with malicious or criminal intent. Here, there was no breach of any firewall or security and certainly no…

Source…

Missouri Governor and F12 Hacking, Global Ransomware Meeting, Fake Government Websites

/in


Details on the F12 “hacking” incident of the Missouri state education website and the foolish response from the Missouri governor, Over 30 countries (except China and Russia) meet to fight ransomware globally, and the FBI’s warning about fake unemployment benefit websites.

** Links mentioned on the show **

DevOps Experience

Gov. Parson promises ‘swift justice’ to person he says hacked Mo. Dept. of Education website
https://krebsonsecurity.com/2021/10/missouri-governor-vows-to-prosecute-st-louis-post-dispatch-for-reporting-security-vulnerability/
https://twitter.com/GovParsonMO/status/1448697768311132160?s=20

Over 30 Countries Pledge to Fight Ransomware Attacks in US-led Global Meeting
https://thehackernews.com/2021/10/over-30-countries-pledge-to-fight.html

FBI warns of fake govt sites used to steal financial, personal data
https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-govt-sites-used-to-steal-financial-personal-data/

** Watch this episode on YouTube **

** Thank you to our sponsors! **

Silent Pocket

Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.

Click Armor

To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity

** Subscribe and follow the show **

Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Contact us: https://sharedsecurity.net/contact

Website: https://sharedsecurity.net

YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Twitter: https://twitter.com/sharedsec

Instagram: https://instagram.com/sharedsecurity

The post Missouri Governor and F12 Hacking, Global Ransomware…

Source…

Missouri state government wrestles with massive computer shortcomings

/in


By Kurt Erickson

Click here for updates on this story

    JEFFERSON CITY, Missouri (St. Louis Post-Dispatch) — Key computer systems used by the state of Missouri are so outdated officials are worried some of the only programmers who know how to work with the antiquated technology will retire.

Without their knowledge of a programming language that is rarely used anymore, they say, no one will know how to keep critical functions, such as tax reporting, payroll processing and budgeting, from failing.

The problems span across the sprawling operation of state government, touching people when they purchase a car, apply for Medicaid or cash their state tax refund.

But for years, Gov. Mike Parson and legislators have taken few steps to address what is an increasingly expensive problem.

The latest flaw was exposed this month when the Post-Dispatch reported that the Social Security numbers of school teachers, administrators and counselors across Missouri were vulnerable to public exposure due to programming shortcomings on a website maintained by the state’s Department of Elementary and Secondary Education.

The vulnerability was discovered in a web application that allowed the public to search teacher certifications and credentials. The department removed the affected pages from its website Tuesday after being notified of the problem by the Post-Dispatch.

Parson called the newspaper’s work “hacking” and called for a criminal investigation and a possible civil lawsuit.

His tirade put a spotlight on what members of his own administration have been saying for years: The state’s aging fleet of computers is due for an upgrade.

According to budget officials, a true overhaul of the state’s systems will cost an estimated $83.5 million. That cost would also finance a new portal for residents to access various state services.

Rep. Doug Richey, R-Excelsior Springs, is championing the use of $2.8 billion in federal relief funds to pay for the information technology upgrades, which could take as long as six years.

“We don’t have time to waste,” Richey told members of a House committee in July.

Personnel moves The focus on the state’s…

Source…

Missouri governor is calling for criminal charges against a journalist who found social security numbers exposed on a public website

/in


missouri gov mike parson

Missouri Gov. Mike Parson Jeff Roberson/AP

  • The governor of Missouri is calling for criminal charges against a reporter who found social security numbers exposed online.

  • The reporter found that the SSNs of over 100,000 teachers were viewable on a government site.

  • Gov. Mike Parson labeled the reporter a “hacker” and demanded an investigation – which cyber experts say makes no sense.

Missouri Gov. Mike Parson is demanding a criminal investigation into a journalist who found social security numbers exposed on a state website – a reaction that cybersecurity experts say makes no sense.

On Wednesday, St. Louis Post-Dispatch reporter Josh Renaud published a story revealing that the state’s education department website exposed the SSNs of over 100,000 employees including teachers and administrators. All Renaud had to do to view the SSNs was open “inspect element” to view the page’s source code, which anyone can do with two clicks of a mouse.

Renaud first disclosed the exposure to the state on Tuesday and waited until the issue was fixed before publishing his story – a well-established best practice in cybersecurity reporting.

But after the story went live, Parson held a press conference Thursday slamming Renaud as a “hacker” and calling on state prosecutors to conduct a criminal investigation into his report.

“We will not let this crime against Missouri teachers go unpunished,” Parson said. “They were acting against a state agency to compromise teachers’ personal information in an attempt to embarrass the state and sell headlines for their news outlet.”

Parson’s remarks have been met by widespread bewilderment and outrage from cybersecurity experts, who say Renaud disclosed the exposed data responsibly and that using a web browser’s “inspect element” tool does not constitute hacking.

“Hitting F12 in a browser is not hacking,” SocialProof Security CEO Rachel Tobac said in a tweet. “Fix your website.” Another cybersecurity researcher, Matt Blaze, admonished Parson for moving to “call the cops” on someone who “quite responsibly” disclosed the vulnerability.

A day after Parson’s press conference, Cybersecurity and Infrastructure Security Agency director Jen Easterly tweeted that the…

Source…