The St Louis Post-Dispatch said in a report that it had found the vulnerability in a Web application that allowed world+dog to search teacher certifications and credentials.
It notified the state's Department of Education and waited until the affected pages were removed before running its report.
Through a multi-step process, an individual took the records of at least three educators, decoded the HTML source code, and viewed the SSN of those specific educators.
— Governor Mike Parson (@GovParsonMO) October 14, 2021
We notified the Cole County prosecutor and the Highway Patrol’s Digital Forensic Unit will investigate. pic.twitter.com/2hkZNI1wXE
In simple terms, the SSNs were in the HTML code and one could see them by merely hitting the F12 key or else using the "View source" command which is present on a Web browser.
|
|
This is humor, of course. I just did "view source" (hit F12 key) on the webpage and changed it, then took a screenshot. pic.twitter.com/jPir2qsLiJ
— Robᵉʳᵗ Graham (@ErrataRob) October 14, 2021
"Under Missouri law, a person commits the offence of tampering with computer data if he or she knowingly and without authorisation accesses, takes, and examines personal information without permission. This data was not freely available and had to be converted and decoded.
"The state does not take this matter lightly and we are working to strengthen our security to prevent this incident from happening again. The state is owning its part, and we are addressing areas in which we need to do better than we have done before.
Clearly they printed out the source code and hand rendered the webpage on paper pic.twitter.com/EcbpQ90d1V
— Gene Warren (@doriath69) October 14, 2021
"We will not rest until we clearly understand the intentions of this individual and why they were targeting Missouri teachers."
Parsons came in for ridicule from technology industry workers as can be seen in the tweets embedded within this article.
The newspaper dismissed Parsons' threats. “The reporter did the responsible thing by reporting his findings to DESE so that the state could act to prevent disclosure and misuse,” Joseph Martineau, a lawyer for the paper, said.
“A hacker is someone who subverts computer security with malicious or criminal intent. Here, there was no breach of any firewall or security and certainly no malicious intent.”
Sources tell me that Mike Parson has directed the Missouri Attorney General to sue Mozilla, Apple, Google, and Microsoft for RICO due to their brazen disregard for privacy when locating "View Page Source" in the context menu of their browsers.
— Andrew Blakey (@robogeographer) October 14, 2021
