Missouri Governor Seeks to Prosecute Journalist for Responsibly Reporting Flaw in State's Website

Joint fed advisory warns of ongoing attacks on water facilities, White House ends ransomware meeting with statement, 'White Hat' hacker cops to running mass fake news operations, more

The St. Louis Post-Dispatch discovered a vulnerability in a web application on a website maintained by the Missouri Department of Elementary and Secondary Education (DESE) that left exposed more than 100,000 Social Security numbers of school teachers, administrators, and counselors across the state.

The newspaper responsibly delayed the publication of its report to give the department time to take steps to protect teachers’ private information and allow the state to ensure no other agencies’ web applications contained similar vulnerabilities.

However, instead of thanking the newspapers for discovering the flaw, Republican governor Michael Parson called a news conference to rail about a plot against a teachers’ database by the newspaper’s reporter. The consensus among cybersecurity professionals is that no “hack” occurred. Instead, the reporter merely used a standard web browser technique known as “View Source” to make his discovery.

Parson referred the reporting to state prosecutors and …