Friday, March 29, 2024

Reporter likely to be charged for using “view source” feature on web browser

St. Louis Post-Dispatch reporter who viewed the source HTML of a Missouri Department of Elementary and Secondary Education website is now likely to be prosecuted for computer tampering, says Missouri Governor Mike Parson.

All web browsers have a “view source” menu item that lets you see the HTML code of the web page it is displaying.

The reporter discovered that the source code of the website contained Social Security numbers of educators. The reporter alerted the state about the social security numbers. After the state removed the numbers from the web page, the Post-Dispatch reported the vulnerability.

Soon after, Governor Parson, “who has often tangled with news outlets over reports he doesn’t like, announced a criminal investigation into the reporter and the Post-Dispatch.”

“If somebody picks your lock on your house — for whatever reason, it’s not a good lock, it’s a cheap lock or whatever problem you might have — they do not have the right to go into your house and take anything that belongs to you,” Parson said in a statement.

A commenter on the Post-Dispatch story offers a more apt analogy:

A better analogy would be you’re walking in the street past a neighbor’s house and notice their front door wide open with no one around. You can see a purse and car keys near the door. You phone that neighbor, and tell them their door is open and their purse and keys are easily visible from the street. Would Parson consider this breaking and entering?

[A] state cybersecurity specialist informed Sandra Karsten, the director of the Department of Public Safety, that an FBI agent said the incident “is not an actual network intrusion.”

Instead, the specialist wrote, the FBI agent said the state’s database was “misconfigured,” which “allowed open source tools to be used to query data that should not be public.”

“These documents show there was no network intrusion,” St. Louis Post-Dispatch President and Publisher Ian Caso said this month. “As DESE initially acknowledged, the reporter should have been thanked for the responsible way he handled the matter and not chastised or investigated as a hacker.”

Enjoyed this post?

Why not subscribe to our weekly cybersecurity newsletter?

Bookmark
Close
Recommended:  U.S. Cybersecurity Agency, CISA, Publishes List of Free Security Tools and Services
Please login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security