Maybe they could have set Brother Where Art Thou in Missouri instead of Mississippi….
From: AF <af-boun...@af.afmug.com> On Behalf Of Chuck McCown via AF Sent: Tuesday, November 16, 2021 5:25 AM To: AnimalFarm Microwave Users Group <af@af.afmug.com> Cc: Chuck McCown <ch...@go-mtc.com> Subject: Re: [AFMUG] OT: Missouri Governor Doesn't Understand Responsible Disclosure Politicians are our brightest and best, right? Sent from my iPhone On Nov 15, 2021, at 6:12 PM, Bill Prince <part15...@gmail.com <mailto:part15...@gmail.com> > wrote: Missouri Governor Doesn't Understand Responsible Disclosure <https://www.schneier.com/blog/archives/2021/10/the-missouri-governor-doesnt-understand-responsible-disclosure.html> [2021.10.18] The Missouri governor wants to prosecute <https://missouriindependent.com/2021/10/14/missouri-governor-vows-criminal-prosecution-of-reporter-who-found-flaw-in-state-website/> the reporter who discovered a security vulnerability in a state’s website, and then reported it to the state. The newspaper agreed to hold off publishing any story while the department fixed the problem and protected the private information of teachers around the state. [...] According to the Post-Dispatch, one of its reporters discovered the flaw in a web application allowing the public to search teacher certifications and credentials. No private information was publicly visible, but teacher Social Security numbers were contained in HTML source code of the pages. The state removed the search tool after being notified of the issue by the Post-Dispatch. It was unclear how long the Social Security numbers had been vulnerable. [...] Chris Vickery, a California-based data security expert, told The Independent that it appears the department of education was “publishing data that it shouldn’t have been publishing. “That’s not a crime for the journalists discovering it,” he said. “Putting Social Security numbers within HTML, even if it’s ‘non-display rendering’ HTML, is a stupid thing for the Missouri website to do and is a type of boneheaded mistake that has been around since day one of the Internet. No exploit, hacking or vulnerability is involved here.” In explaining how he hopes the reporter and news organization will be prosecuted, [Gov.] Parson pointed to a state statute defining the crime of tampering with computer data <https://revisor.mo.gov/main/OneSection.aspx?section=569.095> . Vickery said that statute wouldn’t work in this instance because of a recent decision by the U.S. Supreme Court in the case of Van Buren v. United States. One hopes that someone will calm the governor down. Brian Krebs has more <https://krebsonsecurity.com/2021/10/missouri-governor-vows-to-prosecute-st-louis-post-dispatch-for-reporting-security-vulnerability/> . -- bp <part15sbs{at}gmail{dot}com> -- AF mailing list AF@af.afmug.com <mailto:AF@af.afmug.com> http://af.afmug.com/mailman/listinfo/af_af.afmug.com _____ Total Control Panel Login <https://portal.reflexion.net/login?domain=litewire.net> To: ja...@litewire.net <https://portal.reflexion.net/address-properties?aID=242260993&domain=litewire.net> From: af-boun...@af.afmug.com <mailto:af-boun...@af.afmug.com> You received this message because the domain afmug.com is on your allow list.
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
