Let him push it he will simply irritate some grays who lean black. Theyll show him
On Mon, Nov 15, 2021, 7:13 PM Bill Prince <part15...@gmail.com> wrote: > Missouri Governor Doesn't Understand Responsible Disclosure > > *[2021.10.18]* > <https://www.schneier.com/blog/archives/2021/10/the-missouri-governor-doesnt-understand-responsible-disclosure.html> > The Missouri governor wants to prosecute > <https://missouriindependent.com/2021/10/14/missouri-governor-vows-criminal-prosecution-of-reporter-who-found-flaw-in-state-website/> > the reporter who discovered a security vulnerability in a state’s website, > and then reported it to the state. > > The newspaper agreed to hold off publishing any story while the department > fixed the problem and protected the private information of teachers around > the state. > > [...] > > According to the Post-Dispatch, one of its reporters discovered the flaw > in a web application allowing the public to search teacher certifications > and credentials. No private information was publicly visible, but teacher > Social Security numbers were contained in HTML source code of the pages. > > The state removed the search tool after being notified of the issue by the > Post-Dispatch. It was unclear how long the Social Security numbers had been > vulnerable. > > [...] > > Chris Vickery, a California-based data security expert, told The > Independent that it appears the department of education was “publishing > data that it shouldn’t have been publishing. > > “That’s not a crime for the journalists discovering it,” he said. “Putting > Social Security numbers within HTML, even if it’s ‘non-display rendering’ > HTML, is a stupid thing for the Missouri website to do and is a type of > boneheaded mistake that has been around since day one of the Internet. No > exploit, hacking or vulnerability is involved here.” > > In explaining how he hopes the reporter and news organization will be > prosecuted, [Gov.] Parson pointed to a state statute defining the crime of > tampering > with computer data > <https://revisor.mo.gov/main/OneSection.aspx?section=569.095>. Vickery > said that statute wouldn’t work in this instance because of a recent > decision by the U.S. Supreme Court in the case of Van Buren v. United > States. > > One hopes that someone will calm the governor down. > > Brian Krebs has more > <https://krebsonsecurity.com/2021/10/missouri-governor-vows-to-prosecute-st-louis-post-dispatch-for-reporting-security-vulnerability/> > . > > -- > bp > <part15sbs{at}gmail{dot}com> > > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
