Governor Parson vows to prosecute the St. Louis Post for revealing a security flaw in the Missouri Department of Education website. Why? He said fixing the flaw could cost the state $50 million. Why was it not designed to security standards in the beginning?
The story: A St. Louis Post-Dispatch reporter, exploring the Missouri Education website discovered encrypted data. He enlisted Shaji Khan, associate professor, director of Cybersecurity Institute at University of Missouri-St. Louis to help verify the concerns. He agreed provided the story would be delayed until after the teacher Social Security numbers were no longer at risk.
With this achieved the story was published. Governor Parson then vowed to prosecute the “hacking” saying it would cost the state millions to correct. As one familiar with the internet and HTML code, I believe the Governor is mistaken about hacking.
First, two terms: hacking and cracking. Hacking is simply viewing the HTML code of a website for inspection purposes. It is not a crime. Millions do it every day. I do, for design ideas. You can, too. Right click on a web page, choosing “Inspect” and view the HTML. Cracking, however, is gaining access to secured information for personal or financial gain. It’s a crime.
What the Post-Dispatch did was discover a security flaw they did not exploit, hacking, not cracking. The millions Gov. Parson laments should have been spent when the site was created. That the SSNs were not compromised before is our good fortune.
–– Gordon Hill
Maryville