Journalist Josh, Gov. Mike Parson of Missouri, discovered and reported that private information about faculty and staff was available unencrypted on a state-controlled website.・Indicates intention to prosecute Mr. Renault.
Last fall, Mr. Renault, who is working as a reporter for the St. Louis Post-Dispatch newspaper, while browsing the site of the Department of Elementary and Secondary Education (DESE), on the source code of the web page Over 100,000 schoolteachers, administrators, and counselors found plain text Social Security numbers, did not publish them, and reported the matter to the state.
Later then waited for all the issues to be resolved and posted this. Thanks to that, there was no direct damage to the state authorities.
However, what did Governor Person think about this action, which should have been given a letter of appreciation from the state, and treated Mr. Renault as a criminal for "hacking the website"? , indicating intent to prosecute. In addition, Maggie Vandeven of the State Board of Education also said in a document distributed to educators, ``A person decrypted the source code of a web page and exfiltrated the records of at least three educators. , viewed its social security number."
In general, the source code of a web page is written in plain text, and anyone can view and view the source code from the browser menu. But the governor's and the school board's reasoning is that if you look at the HTML source (which anyone can see) on a website you don't own, you're considered a malicious hacker. increase.
The St. Louis Post-Dispatch responded to the matter, saying that the FBI had told state officials that the problem was that information was made available through improper settings on the website, and that Renaud's actions were " It is not a network infringement, ”he advised. Official documents obtained by the paper also show that Mr. Vandeven of the Board of Education originally intended to thank Mr. Renault for discovering and preemptively resolving the vulnerability. Mr. Vandeven seems to have changed his mind when he met with the governor.
The governor's insistence on such an outlandish decision apparently stems from a report handed over to prosecutors by the Highway Patrol, a legal oversight agency appointed by the governor, that conducted an investigation into the St. Louis Post-Dispatch article. seems to be based on From the day after the report to the prosecutor's office, the governor insists that the prosecutor should prosecute Mr. Renault and the newspaper company by applying state laws related to computer tampering.
Governor Parson criticized Mr. Renault's behavior at the conference, comparing it to ``the act of picking the door lock of another person's house and entering it without permission''. However, the act of picking (decryption) is not actually performed, so it cannot be said to be an appropriate analogy. Rather, from the beginning, it would be more appropriate to say, ``If you pass in front of a fully open door, there will be something that would be a problem if someone saw it.''
In Mr. Renault's eyes, it would be completely boring if he secretly told a person walking with a fully open zipper that "it's open" and got turned away. Maybe the governor and the board of education should listen more to the (decent) opinions of those around them.
Source: The Verge
Coverage: St. Louis Post-Dispatch
Your privacy settings do not allow this content. Please change your settings here Your privacy settings do not allow this content. Please change your settings here Your privacy settings do not allow this content. Please change your settings here Your privacy settings do not allow this content. Change your settings here