Missouri Governor Doubles Down On 'View Source' Hacking Claim; PAC Now Fundraising Over This Bizarrely Stupid Claim
from the wtf-missouri dept
Hey Missouri: stop electing technically illiterate dipshits. First you had Claire McCaskill, one of the key sponsors of FOSTA (who is still defending it years later). You got rid of her, but replaced her with Josh Hawley, who seems to think his main job in the Senate (besides whipping up support for insurrectionists and planning his run for the Presidency) is to destroy the internet and reshape it according to his own personal vision.
And then there's your governor. We wrote about him a few years ago when he claimed (ridiculously) that the 1st Amendment meant he could withhold public records (which is not how any of this works). But, of course, last week, his tech ignorance broke into prime time after the St. Louis Post-Dispatch ethically disclosed that the state's Department of Elementary and Secondary Education (DESE) website was including teacher & administrator social security numbers in the HTML. DESE pulled down the pages, but not before calling the journalists "hackers." Parson then doubled down and called for the journalists to be prosecuted. And then kept insisting that viewing HTML source code was hacking.
For the past week people on Twitter have been repeatedly mocking Parson for this, but he just won't give up, and neither will the United Missouri PAC that is a huge Parson supporter and was even fined last year by the Missouri Ethics Commission over improper contributions and failure to report the contributions to Parson.
Earlier this week, United Missouri seemed to think that Parson's blatant technical illiteracy was worth doubling down on and turning into a culture war against "the fake news." It produced a video that is so embarrassing and cringeworthy it feels like a parody.
I mean, the transcript is so stupid that it makes me wonder about the quality of education in Missouri that someone could be this clueless.
The latest from the Missouri "fake news factory" is from the St. Louis Post-Dispatch, where a reporter has been digging around HTML code on a state website. The state technology division said the hacker took the records of at least 3 educators, decoded the HTML source code and viewed the social security numbers from the state website.
I mean, holy shit. HTML code is public. That's what "view source" is there for. There's no "digging around." And, incredibly, here United Missouri/Parson are admitting that the social security numbers were in HTML! THAT IS THE PROBLEM! No one should ever be putting SSNs in HTML. The fact that DESE put SSNs in HTML is the very problem that the reporters were highlighting. And if it wasn't actually a problem, why did DESE pull down the website in the first place? It's not hacking. It's showing that Parson's administration is incompetent.
And then, the video takes Parson's own failure to protect teachers and administrators in the state... and blames it on the reporters who (ethically) disclosed this negligent coding?
Governor Parson believes everyone is entitled to their privacy. Especially our teachers.
THEN WHY DID YOUR ADMINISTRATION REVEAL THEIR SOCIAL SECURITY NUMBERS IN HTML, YOU TECHNICALLY IGNORANT FOOLS? No one should ever be putting SSNs in HTML. The fact that they were there is the problem. Not the fact that these reporters alerted the state to their own coding (and data handling) error. The privacy breach is the state's fault, not the reporters. The reporters disclosed all of this in the most ethical manner possible: alerting the state and not publishing anything until after the leaked data was removed from the web.
Governor Parson is standing up to the fake news media and is committed to bringing to justice anyone who obtained private information. The St. Louis Post-Dispatch is purely playing politics. Exploiting private information is a squalid excuse for journalism. And hiding behind the noble principle of free speech to do it is shameful.
Note that they keep calling the St. Louis Post-Dispatch "fake news" but don't dispute a single thing they reported. So it's fake news, but also a crime? Furthermore, the only one who should be "brought to justice" is the state for putting social security numbers in HTML in the first place. And the only one "purely playing politics" appears to be Governor Mike Parson and his corrupt PAC.
And, of course, everyone with even the most basic understanding of HTML know that it's Parson who's full of shit here, as is clear from all the comments on the video:
I get that, these days, the Trumpian populists politicians think they can just make shit up and lie constantly and their ignorant base will lap it up, but this takes all that to new levels of stupid. You don't have to be a genius computer science grad to understand that you never ever put SSNs in HTML and that whoever did that is at fault here.
Filed Under: data breach, ethical disclosure, hacking, html, journalism, mike parson, missouri, view source
Companies: united missouri
Criminal, right?
Re: Criminal, right?
It probably was some script generating HTML on the fly that dumped the database ID numbers for the viewable entries.
Unfortunately many db admins look at things like SSNs as the perfect primary key for a user / person in a db, and fail to realize what will happen when some poor web developer uses the "personID" field in the database as a reference in their HTML widget code....
In short, it probably wasn't an intentional act by the site maintainers, let alone the state administration. But you've got to love the anal retentiveness of the state governor and the carelessness of the db admins mixing to create a dangerous "never report anything" mentality among the general public. The law of unintended consequences gets them every time.
At least that's what I hope is going on here. Otherwise this governor is practically inviting a massive hack against his state in a few years by effectively telling people to never report a cybersecurity issue to anyone under threat of lawsuits and jail time as official state policy.
"decode"
Is the ability to read so rare in Missouri that it gets called "decoding"?
Stop the insanity
Suppose someone posted confidential info like SSNs on a wall of a public building, which anyone could view from the alley. Guess what, geniuses - that's what they did on the Internet. No hacking involved. I normally believe in Hanlon's razor - "never attribute to malice that which is adequately explained by stupidity". However, I wouldn't put it past Republicans to use this to score points in the culture war.
Question...
Was it St. Louis Post-Dispatch that broke the news about the PAC breaking the law?
Re:
https://missouriindependent.com/2021/10/21/cybersecurity-expert-demands-apology-from-missouri-govern or-over-hacking-claims/
@ ALL
The Decode was likely Base64 encoded data in JSON.
Data that should never have been in the HTML.
Viewing file sent to him
He was viewing a file on his own computer that was sent to him by the web site. I don't think that's "hacking."
Re: Viewing file sent to him
Hacking is when you do anything with technology that tech unsavvy people don't understand.
No "decoding" required
HTML is mostly plain text.
Re: No "decoding" required
The "decoding" bit is translating it from text to something these people can understand - video.
The government of the state of Missouri disagrees, apparently.
HTML for Dummies?
Maybe the state officials wouldn't have made such a careless mistake if they had just learned to "nerd harder"!
Note to Missouri
A state motto is not a privacy policy.
GQP: The Professional Victim.
Decoder Ring output: those who A-typically screw-up, and refuse to take accountability for their OWN actions. Rather like how they were raised,.. ya think?
Re:
Yep - perpetual victimhood. Nothing will ever be right.
I am sad to report that this doesn't push the boundary ...
... of the nonsense politicians pull when they yell "fake news." Thugs assaulting the US capitol? Patriots! Tourists! Other thugs roughing up school boards? Concerned parents! Idiots who deny the existence of communicable disease? Guardians of religious freedom! Those were comparatively heavy lifts of nonsense.
At least understanding that, having stumbled upon a security leak immediately telling the leaky site and then only later publishing news about is a good thing and is pro-security is very difficult. Wait, sorry, it is not very difficult.
"You don't have to be a genius computer science grad to understand that you never ever put SSNs in HTML and that whoever did that is at fault here."
However, you do have to have a passing knowledge of both technology and verifiable reality to know this - and that is not the target audience. This is a play to keep angry morons angry enough to vote in 2022, then 2024 and to pretend that the reason they're failing is not due to their own actions but because of the "deep state" and "liberals".
There's no way anyone with any knowledge will fall for this - but the targets are not people with knowledge.
Re: This person should be fired for saying this is hacking
Yeah, so much for “protection”
Isn't this an example of public indecency? Or is mooning people like that allowed in public in Missouri? (Maybe it's protected by 1A?)
No one should ever be putting SSNs in HTML
That statement (subject) is nonsense.
if you put ssn nos in html text on a website you should be fired , if hacking is looking at html code then anyone who has a pc with a browser
could be a hacker, they should be grateful the problem was pointed out to them.but republican politicans seem to in a competition to pass bills that break the internet, take away users right to privacy and free speech by eroding section 230 , hacking is doing something that takes some knowledge and skill in technology that the average user would not be able to do .
Denial and deflection it is
Admitting that it's the government's fault for exposing the SSN's would require admitting fault and since that's clearly off the table it seems they've decided to triple-down on their blunder and exploit it by pandering to the gullible fools who still support them.
On TV.
Ever watch a series Called SOAP? How About BENSON?
Why do we keep hiring Idiots?
Re: On TV.
Ah, yes, Benson DuBois (Robert Guillaume). He was a very quick-witted actor with a great sense of timing in delivering the sting. Thanks for the memories.
Missouri gov. shows us its #1 security technique: "hide in plain text." It was derived from the well-known "hide in plain sight" technique, which works 100% of the time in Missouri (The Show Me State) but none of the time everywhere else... till now.
Imagine if site owner that disables right click tries to 1201...
full title (due to character limit): Imagine if site owner that disables right click tries to 1201 claim the web inspector.
So much for “effective technical protection measures”
Repeat after Mike:
You apparently do have to not be Missouri Governor Mike Parson.
Diary of a Missouri Governor
With respects to some A-OL.
July 18 --; I just tried to connect to Missouri Online. I've heard it is the best online service I can get. They even included a free disk! I'd better hold onto it in case they don't ever send me anther one! I can't connect. I don't know what is wrong.
July 19 --; Some guy at the tech support center says my computer needs a modem. I don't see why. He's just trying to cheat me. How dumb does he think I am?
July 22 --; I bought the modem. I couldn't figure out where it goes. It wouldn't fit in the monitor or the printer. I'm confused.
July 23 --; I finally got the modem in and hooked up. That nine year old next door did it for me. But it still don't work. I cant get online.
July 25 --; That nine year old kid next door hooked me up to Missouri Online for me. He's so smart. I told the kid he was a prodigy. But he says that's just another service. What a modest kid. He's so smart and he does these services for people. Anyway he's smarter than the jerks who sold me the modem. They didn't even tell me about communications software. Bet they didn't know. And why do they put two telephone jack holes in the back of a modem when you only need one? And why do they have one labeled phone when you are not suppose to hook it to the phone jack on the wall? I thought the dial tone sounded funny! Boy, are modem makers dumb! But the kid figured it out by the sound.
July 26 --; What's the internet? I thought I was on Missouri Online. Not this internet thing. I'm confused.
July 27 --; The nine year old kid next door showed me how to use this Missouri Online stuff. I told him he must be a genius. He says that he is compared to me. Maybe he's not so modest after all.
July 28 --; I tried to use chat today. I tried to talk into my computer but nothing happened. Maybe I need to buy a microphone.
July 29 --; I found this thing called usenet. I got out of it because I'm connected to Missouri Online not usenet.
July 30 --; These people in this usenet thing keep using capital letters. How do they do that? I never figured out how to type capital letters. Maybe they have a different type of keyboard.
JULY 31 --; I CALLED THE COMPUTER MAKER I BOUGHT IT FROM TO COMPLAIN ABOUT NOT HAVING A CAPITAL LETTER KEY. THE TECH SUPPORT GUY SAID IT WAS THIS CAPS LOCK KEY. WHY DIDN'T THEY SPELL IT OUT? I TOLD HIM I GOT A CHEAP KEYBOARD AND WANTED A BETTER ONE. AND ONE OF MY SHIFT KEYS ISN'T THE SAME SIZE AS THE OTHER. HE SAID THAT'S A STANDARD. I TOLD HIM I DIDN'T WANT A STANDARD KEYBOARD BUT ANOTHER BRAND. I MUST HAVE HAD AN IMPORTANT COMPLAINT BECAUSE I HEARD HIM TELL THE OTHER SUPPORT GUYS TO LISTEN IN ON OUR CONVERSATION.
AUGUST 1 --; I FOUND THIS THING CALLED THE USENET ORACLE. IT SAYS THAT IT CAN ANSWER ANY QUESTIONS I ASK IT. I SENT IT 44 SEPARATE QUESTIONS ABOUT THE INTERNET. I HOPE IT RESPONDS SOON.
AUGUST 2 --; I FOUND A GROUP CALLED REC.HUMOR. I DECIDED TO POST THIS JOKE ABOUT THE CHICKEN THAT CROSSED THE ROAD. TO GET TO THE OTHER SIDE! HA! HA! I WASNT SURE I POSTED IT RIGHT SO I POSTED IT 56 MORE TIMES.
AUGUST 3 --; I KEEP HEARING ABOUT THE WORLD WIDE WEB. I DON'T NOW SPIDERS GREW THAT LARGE.
AUGUST 4 --; THE ORACLE RESPONDED TO MY QUESTIONS TODAY. GEEZ IT WAS RUDE. I WAS SO ANGRY THAT I POSTED AN ANGRY MESSAGE ABOUT IT TO REC.HUMOR.ORACLE. I WASNT SURE IF I POSTED RIGHT SO I POSTED IT 22 MORE TIMES.
AUGUST 5 --; SOMEONE TOLD ME TO READ THE FAQ. GEEZ THEY DIDN'T HAVE TO USE PROFANITY.
AUGUST 6 --; SOMEONE ELSE TOLD ME TO STOP SHOUTING IN ALL MY MESSAGES. WHAT A STUPID JERK. I'M NOT SHOUTING! I'M NOT EVEN TALKING! JUST TYPING! HOW CAN THEY LET THESE RUDE JERKS GO ON THE INTERNET?
August 7 --; Why have a Caps Lock key if you're not suppose to use it? It's probably an extra feature that costs more money.
August 8 --; I just read this post called make money fast. I'm so excited. I'm going to make lots of money. I followed his instructions and posted it to every newsgroup I could find.
August 9 --; I just made my signature file. Its only 6 pages long. I will have to work on it some more.
August 10 --; I just looked at a group called alt.umpac.sucks. I read a few posts and I really believe that umpac should be wiped off the face of the earth. I wonder what an umpac is.
August 11 --; I was asking where to find some information about something. Some guy told me to check out ftp.netcom.com. I've looked and looked but I can't find that group.
August 12 --; I sent a post to every usenet group on the Internet asking where the ftp.netcom.com is. Hopefully someone will help. I cant ask the kid next door. His parents said that when he comes back from my house he's laughing so hard he can't eat or sleep or do his homework. So they wont let him come over anymore. I do have a great sense of humor. I don't know why the rec.humor group didn't like my chicken joke. Maybe they only like dirty stuff. Some people sent me posts about my 56 posts of the joke and they used bad words.
August 13 --; I sent another post to every usenet group on the Internet asking where the ftp.netcom.com is. I had forgot yesterday to include my new signature file which is only 8 pages long. I know everyone will want to read my favorite poem so I included it. I'm also going to add that short story I like.
August 14 --; Some guy suspended my account because of what I was doing. I told him I don't have an account at his bank. He's so dumb.
What a Moron
He’s dumb enough his own computer has enough holes in it anyone could get in it no doubt.
This weeks sesame street has been brought to you by the keys 'Ctrl' and 'U'...
