Tuesday, November 02, 2021

Parson continues attack on reporter who found security flaw on state website


By Jason Hancock

Missouri Gov. Mike Parson once again on Sunday took aim at a reporter who notified the state of a security flaw in one of its websites, questioning the journalist’s motives and noting he’d support prosecution of any state employee found to have assisted the reporter.

In a TV interview with Scott Faughn, a longtime Parson supporter, the governor said the criminal investigation he ordered to be conducted by the Missouri State Highway Patrol is still ongoing.






 

Asked if he would support prosecution of any state employee discovered to have helped uncover the security flaw, Parson quickly answered, “most certainly.”

Last month, reporter Josh Renaud of the St. Louis Post-Dispatch alerted the state that Social Security numbers of school teachers and administrators were vulnerable to public exposure due to flaws on a website maintained by Missouri’s department of education.

The Social Security numbers were contained in the HTML source code of publicly available pages — information that could easily be discovered by any person who knows how to access the standard web-browser function of displaying a page’s HTML code.

Emails obtained by The Independent show Renaud informed the state of the issue and promised to withhold publishing any story about it until the problem was fixed and the Social Security numbers were no longer exposed.

He also laid out to state officials in an email the steps he’d taken to find and confirm the security flaw. That included contacting three teachers to verify the information in the HTML code was their Social Security numbers.






 

Parson responded to the revelation by labeling Renaud a “hacker” and vowing to seek criminal prosecution. Soon after, a political action committee backing Parson began raising money off of his attacks.

During his interview Sunday, Parson said he couldn’t understand why Renaud was even looking for the security flaw. And even though the reporter informed the state of the problem and held off publishing a story about it, Parson asked, “Why would you simply not just say, ‘Hey, you got a problem here. You need to fix it.’”

At one point in the interview, Faughn suggested the criticism Parson has faced over his attacks — from cybersecurity experts, the media, First Amendment advocates and even some of his fellow Republicans — could be blamed on elitism.

“The folks that overwhelmingly elected you about a year ago, I don’t think they elected you for your IT skills. It just feels like there’s a hint of elitism in some of this stuff,” Faughn said, later adding: “It just feels a little hint, in some of those highfalutin ivory towers in St. Louis, a hint of elitism about how they talk about this.”

Parson said that he is “no computer expert. I’ll be the first to admit that.”

But if Renaud and the Post-Dispatch did nothing wrong, Parson reasoned, they shouldn’t be afraid of a criminal investigation.

“Why wouldn’t they want an investigation?” Parson said.

He then accused the media of misrepresenting the situation.

“They pretty well spun the story from day one that it was a right click,” he said. “Well trust me, it’s much more than a right click. Because you got to talk about decoders and all these kinds of things that were used.”

3 comments:

Anonymous said...

If Missouri had a griftofascist governor would he look like Governot Parsnip?

Anonymous said...

What a moron. This is no different than how vulnerabilities are disclosed to tech companies. The company is contacted about the vulnerability, given time to remediate it, and if not remediated, the vulnerability is communicated with the public. He is lucky that it wasn't a hacker that found it.

Anonymous said...

Solid proof that Parson is terrible. Of course he's no computer expert, I don't want him to be. I want him to trust computer experts on his staff and not make such boneheaded moves. This will NOT end well for Parson.