Look at you, trying to use "logic" to procecute the right person. /s Yeah, criminals get away with everything. How many ppl got put away for the crimes that led to the 2008 Great Recession? Not many.
@@SayAhh Not many of the idiots who caused the Great Republican Recession committed crimes. It was mostly about legally gambling with other people's money.
@@Foolish188 Good point, but I think that there might have been several actual crimes, including allegedly fudging subprime loan income qualifications and/or approvals, on the borrower and/or lender's side.
@@russlehman2070 It is, and I hope someone goes after them for that, because this sort of issue is just pure negligence. It's not even a bug, it downright not caring about security at all. Whoever build that system is no better then a mechanic that thinks he can just use garden hose to replace a brake line and not be responsible when something goes horribly wrong. It really is that bad...
And her Husband is a Warlock. I wonder what kind of menagerie those two have in their basement. He should get a Warrant and have the Sheriff search the place. Not nicely. Use the Battering Ram Tank, SWAT TEAM. Block off and evacuate the entire neighborhood! They look like the kinds of Freaks that hide stuff in the walls and ceilings! They'll have to come down! Check inside the Heat Exchanger in the Furnace! You'll have to break it open! Cuff them and make them sit out on the sidewalk for six hours in front of the News Cameras with no water or bathroom breaks. No allowances for Disabilities! No shade from the sun or proper clothing for the weather. And plenty of threats, insults and intimidation. Separate the two. Now play them against each other. With lies and deception. As they watch you destroy their Mutual Dream Home. Everyday in America, innocent people's lives are being destroyed by Stupid idiotic people that don't have enough evidence to legally obtain a Warrant. Yet those Warrants go out faster than they can be read! And the Prosecutor's job is to Prosecute. He wants to get Re-elected. It pays good. He runs the show at the Courthouse. He likes that. It's an important job. He really does get criminals off the streets. But he's too busy to really look at every case.
@Nadine_gh. C : Unfortunately, a class action isn't really what SHOULD happen. Because the award of damages gets split up among everybody who joined in the class action. $100,000,000 / 100,000 = $1,000 per litigant. $100,000 * 10,000 = 1,000,000,000. A much bigger "bite on the a~~" for the State of Missouri to "absorb" (if it can), and a lot more reason$ to ou$t the Governor in the next election! What's needed here is for those whose social security numbers were exposed to file suit INDIVIDUALLY! Those who can't currently afford to file should first file the paperwork to declare themselves "In Forma Pauperis" with the appropriate Court in the State of Missouri.
@@javabeanz8549 : Yeah, but the "difference" will be that the next individual who discovers this sort of problem will: A) Disappear without revealing it to ANYBODY. B) Start selling the data to the highest bidder! Better idea: Start a "bug bounty" program, and stop threatening the [apparently], innocent discovery of this type of problem. Unless you are referring to prosecuting the Governor for attempting to prosecute the reporter
@@K7DFA I already made the point about them being disappeared in a thread on the conference video. And I pointed out that the state was lucky that all the data was not already harvested by a malicious actor. I work in IT and have for years, designing back end and front end database access. You should never expose data that is not needed to answer the query, and PII should only be stored in very restricted tables, accessable only to those who have the proper credentials and very good reason to access it.
This is like writing state secrets on the back of a flyer, that is handed out to everyone, then getting mad when people flip the paper over to see the backside.
@@chuckthebull I disagree. I deal with government employees multiple times a month. A lot of them are just stupid. Like they actually have very little intelligence. They however are honest and try to do the right thing.
@@kiethmergard that may be sorta true in the local level..(and yeah I have had that experience occasionally) but over all even if they are "trying" they still completely are brain washed into the system and will defend the system against the public. and indeed they are dumber than a mud fence most of the time too. but that works for government..look at Biden...he was installed for that very reason...he's a perfect example of failing up..but for the clever social and cultural controllers he's a perfect patsy. This is how the system operates,,with figurehead useful idiots as a stop gap against the public... You have to deal with idiots so you can never address the real problems..it's all by design... I would never work a government job and they would never have me because I can think and "logic" and tell the truth... They can't by nature even be honest with themselves...it's no different than any cult. They believe in the cults lies and so they delude themselves they are honest. Truth is and if you deal with them you know this too.. they will uphold the facade that they serve the people but are all in the same click and view the people as an exploitable resource to be simply managed and controlled..everything they do right down to paper pushing reflects this. to get revenue for the state is their primary function..and they then call it "helping" oh they will be sweet as pie as long as you pay up.
Being prosecuted for ethical disclosure. That just means that the next time there's a major vulnerability or leak for this state's infrastructure, it'll go straight to the public because Missouri clearly doesn't understand how ethical disclosure/bug bounties work.
If he gets prosecuted next time if someone finds a error they won't say anything. Better to keep quiet than go to jail and/or be charged with a crime you didn't do. Let the state deal with the consequences.
@@kurtwetzel154 sadly this will be what happens, potentially or perhaps certainly at a significantly higher cost to us all. We shouldn't be forced to think like this... the rest of us need to stand firmly behind and speak loudly for those that have done the right thing
You would think that Biden would get the capital police involved in this now, or the local FBI who of course are ready to pounce on anyone yelling at a board meeting would be helping in the investigation as well.
@@jasonbourne1596 right if the IRS ever comes to you for any question at all just say I'll talk if you grant me immunity. You ask for immunity for the IRS questions, they'll leave faster than they came in.
Using the power of government to attempt to imprison a person you KNOW is innocent should be treated as one of the highest crimes that can be committed in this country. The Governor belongs in prison.
There has been a time honored solution and punishment. It just takes an older way of thinking rather than modern deep obedience to The State and Nationalism. A Nation can exist beyond it's government, but a government is a temporary thing and, like diapers, should be changed and replaced often with the leftovers thrown into the trash as they have an unholy stench to them.
@@neilkurzman4907 If you actually were aware of reality you would know that after 2020 the Democratic Party went after Trump Administration officials with a vengeance. Investigating them and Filing false charges against them. They spent Tens of Millions of Dollars defending themselves. Found guilty even though later proven innocent! The worst of the worst abuses of the top levels Law Enforcement Agencies and The Judicial Branch of Our Government! I don't get Political on Steve's Channel but your ignorance needed to be addressed Skippy. Enjoy the rest of your Weekend.
@@kingforaday8725 HRC's Democratic Socialist Party! She and Obama are pulling the Puppets strings! That's why he's so Damn inconsistent! He can't be as smooth as his former Boss, and well, look at HRC, they were holding her up in 2016! I liked that trip getting onboard the airplane! One of my favorites! It's always funny! It will always be funny! I can't wait! I want to be first to her grave! I got my sample cups from my Doctor's! I keep a few in my sock drawer! Don't you?
Yup, over 20 years ago a friend who worked at a local bank was told to "mind her own business" when she reported a client who would come in different days, with different names/accounts to deposit monthly support checks.
@@SonsOfLorgar In many states it is forbidden to keep bank accounts under false identities. It is therefore the bank's duty to ensure that this legislation is complied with. On the other hand, it is regularly forbidden to pass on information about customers to third parties if there is no corresponding court order. That is why this is definitely not the job of the bank employee.
I'm a software developer, and I can confirm that clicking File->Save As in a browser, opening said file in a text editor, and looking through it with a pair of eyeballs, makes you an elite hacker and a danger to society.
So since the governor is the one in charge of the state and should know the inner working of his state then they should prosecute the Governor for failing to protect the employees under his watch
If nothing else the reporter should sue him for defamation. He will not be able to sue for much else because the government has immunity for things done in the course of the job, but slandering journalists and others is not part of the job even though the republicans have been doing that for years now.
The governor is the one that is responsible for everyone under that office , and it is the governor,s fault that some one did not do their job right . Governor is supposed to know that things are done right.
Instead of a Oh S**t moment and fixing the bug; they instead want to prosecute the reporter for exposing their incompetence! Sounds about right for today’s world.
Actually, according to Mr. Lehto they fixed the bug, and now the "illustrious" Governor wants to initiate CRIMINAL proceedings against the reporter! It goes way beyond stupidity, and the reporter SHOULD be receiving a "bug bounty", instead of being prosecuted!
@@K7DFA According to other news sources, they "fixed" the bug by taking the website down. Probably best course for the short term, as they will clearly need to hire developers who have some idea what they are doing to rewrite the site. The incompetence of the web "developer" who created the site is only slightly less embarrassing than the incompetence of the governor.
The way this governor took the website vulnerability so personally, I'm getting the impression that either he built the website himself or one of his family members did it.
Your judgement and sentence of all involved doesn't even give the other side a chance to defend themselves. I want to know the rest of the story, not just the side put out by the media source being accused of wrongdoing.
@@alecamal The source is publicly available information. There really isn't another side. The state is wrong. Every person's whose information was left expressed has at least a $1 million dollar lawsuit against the state.
@@rayh592 Officials say through a multi-step process, an individual took the records of at least three educators, unencrypted the source code from the webpage, and viewed the social security numbers of those specific educators. Source KOAM News...... Just seems like there may be a little more to the story, as there always is when only one side is reported.
There was someone in Hungary who found that anyone could set their own train ticket price on the webpage via HTML editing. The government was equally unamused at their own stupidity.
HAHAHAHAHAHAHA! HAHAHAHAHAHAHA! HAHAHAHAHAHAHA! I LOVE IT! GOD help the world if I ever have a desire to learn to code! You will all need Thermonuclear Proof Noah's Arks. I will be watching from Flight Level 70. I think the sight of a Mushroom cloud is the most beautiful thing in the World! I'm going to going rewatch the end of Dr Strangelove now! HAHAHAHAHAHAHA! HAHAHAHAHAHAHA! Hell, I'll watch the whole movie! Gentlemen! You can't fight in here! This is the War Room! President Muffley.
@@bokoloaranyfa3824 how many times do people have to say this: when money or sensitive information is involved, *always* use a third-party processor who actually knows WTF they're doing. *Don't* write that shit yourself unless *you* are the third-party processor. So simple, yet so often forgotten.
It technically wasn’t even illegal for them to do that for train tickets. Like any transaction, the buyer and seller agree upon a price, then that price is exchanged for goods and/or services. Nothing prevents a buyer from making a counter-offer, and if the seller accepts, that is the new price. It’s not the buyer’s fault that the train ticket seller was ordered by its boss to accept all counter-offers, no matter how low they were.
@@ianbattles7290 I don't think it's incompetence at all. It's an infowar. Most likely the governor realized how bad this was going to look and made a conscious choice to spin it as hacking.
In Germany, there was a comparable case: The CDU (one of the biggest and oldest parties of Germany, somewhat conservative in the European sense, not like in the US) has a website. Now this year, a woman within Anonymous tried an URL that is part of that Website, and it got her to personal information like name and address of members. She notified the CDU that that part of the Website is in no way secure and told them the had a week to fix it before she publishes it. The CDU tried to file a case for hacking, but instead the prosecutor is investigating the CDU because they didn't protect that Data and therefore they broke data security laws.
@@atsylor5549 in Europe there are a lot more parties within the spectrum of left vs right unlike in America where most people think there are only 2 ways of political thought. Most European countries don’t have a 2 party system , so they have smaller political groups who team up to pass legislation. The biggest difference is only Americans are afraid of buzzwords like socialist.
The Governor knows all about the Internet, I assure you. He just went to his local computer store last week to get a fresh copy of the Internet on a floppy disk.
I remember when I was in Jr High and I was a librarian's assistant (for $2/hr). Computers were a relatively recent addition to the library and I was knowledgeable so I helped them out. One day I got summoned from class to the library (which never happens). The librarian was in a tizzy because she thought some student was "hacking" on the computer and wanted me to tell them how much trouble the kid was in. What had really happened was the student had accidentally quit Windows 3.1 and typed gibberish into the command prompt making a few syntax errors before they gave up. I restarted Windows and explained to the librarian what'd happened. Hacker crisis averted.
Comforting to be repeatedly reminded of the level of competence and intelligence of people in top positions. This is exactly what narcissists do when you point out a wrong.
This can barely be considered a bug, and is more just gross incompetence from their IT and web development team. They are the ones who need to be reprimanded.
What kills me is that it is generally more work to show the data in the HTML source than it would be to simply not display it. I have no idea what kind of server software they are using, so I don't really have any idea how this could have happened. I suspect it was something really stupid like downloading the data to a Word document or Excel spreadsheet, hiding the columns, then exporting to an HTML file.
Possibly the person/persons who screwed up lied to the governor's office about what happened to cover their ass. The governor didn't know any better so now it's blown up.
This is exactly what's wrrong with our govt. These people that do this to someone that's trying to warn them about something that"s dangerous should-1, be removed promptly from there position [ s ]. 2- be investigated for sedition & a bunch of other stuff I am shure that you can bring up.
They had better make a lot of space for the unethical hackers in China and Russia and all of the others that are going to steal the data and use it for nefarious purposes. Oh wait you can't extradite members of the Russian and Chinese government and other hackers from most countries so they will get away with it and be able to profit by selling the information to other criminals.
This is why journalists (not the entertainers at Fox "News") have the toughest jobs. They also don't get paid enough are put their lives in danger with each article. Heck, even people who blew the whistle on freaking Lance Armstrong receive death threats. Most journalists don't get rich from reporting the news, but people do get rich from reporting lies. Propaganda pays.
I'm currently beginning a career in cyber security and you'd be blown away at how stuff like this works. You'd think that any business, organization, or entity would want to know about critical security bugs but that isn't always the case. It's mind bending to know how many times people are punished for finding bugs in other people's code.
I worked for a county Gov for about 8 years. This doesn't surprise me. There were so many people in the local Gov that I had to sit down and explain simple computer things to, that it worried me a lot. And this wasn't that long ago.
This is how you do not get cyber security bugs fixed. In Finland there was big issue about defaced high profile MP etc. web pages. I had found purely accidentally full user/password list in plain text of the web page admins/customers few years earlier. After consulting contemporary law, I decided that it is not worth of risk of up to 5 years in jail to whistleblow that 'security flaws/blatant oversight to the server admins. Nowadays Finnish law is much more lenient for White Hat type activities (as above), so I would act differently in the same situation. News back thenclaimed that 'server was hacked' - which is, IMO, gross exaggeration.
45 years ago an intern in my division lost his clearance and was terminated because he accidentally found and reported a similar flaw that could have allowed [ TS eyes only ] software and data to be hacked. He had gone immediately from his desk to his supervisor and they to Dept head.. Instead of any appreciation for it he was fired. We have a skrudup way of rewarding those who go "beyond the call of duty".Instead of a "silver star" they get a boot in the butt!
"The investigation begins today, and Parson said the investigation could cost taxpayers as much as $50 million but did not detail those costs or take questions at a news conference Thursday." Fifty. Million. Bucks.
To be fair, he said "could" cost ... . "I could win $5 billion with a Powerball ticket" is a 100% accurate statement, too. It's just that most people immediately recognize that it's wildly unlikely.
Journalist obviously isn't intimately familiar with the full Snowden story. The government is rarely, if ever, pleased to have a mirror held up to reflect upon.
To be fair, the Snowden tale involves actual law breaking by disclosing officially secret info, that he Knew was secret, as opposed to pointing out a weakness/error & NOT disclosing the actual info.
@@paulcollyer801 Debateable. What was exposed is ultimately criminal acts of the state. There are laws against classifying embarrassing and/or crimes, whistleblower protections being just a piece of paper.
@@paulcollyer801 I'm aware that it's not a perfect "like and kind" parallel comparison, it was just another situation that sprang to mind involving the government valuing secrecy over sense
I'm glad to know what Snowden told us There is a man getting killed behind the curtain and I know who it is but I am not allowed to tell you , it's " Your eyes only "
I've always been a proud Missourian.. we are not all like the governor and thank you Steve for pointing out the obvious. And Missouri State taxpayer I will partially have the burden of paying for that lawsuit that will inevitably come yet I will praise the reporter. Job well done.
Literally, one of the largest reasons for journalistic protections is so that journalists can expose the shortcomings of our government without fear of retaliation.
Should be pointed out many large companies, Apple, Google, etc. PAY "Bug bounties" If you find an issue, report it to them, they PAY YOU. Others clearly have the reasonable view of this kind of thing happening.
Though they have been at time’s caught deliberately ignoring the bug/not paying until following the ethical reporting practices they eventually go public.
I think millionaires in a state should be commanded to put into a small fund of a bug bounty fund, that way the general middle to low class taxpayers don't have to pay out unbug bounties. But I still think that would be tax payer money well spent a bug bounty even at $100,000 is far cheaper than what it would cost the taxpayers if a lawsuit should go forward even if it was just settled is going to be more than that all tolled.
Even Rockstar who is a direct opposition to people who modify GTA V, paid a bug bounty to the motor who found out why the game took so long to load in resources even on single player, at subsequently either merged or reproduced the fix into their code for the game for everyone to enjoy
I'm extremely glad this is getting so much news coverage. This kinda thing happens way too often in infosec. An ethical hacker stumbles on a data leak/vulnerability and reports it to associated group. Said ethical hacker then gets threatened or has charges/suit brought against them for finding it. Imagine the instances where someone nefarious stumbles on the same info and it's never brought to light..
If anyone is confused about how "view source" works, here's a simple explanation: When you visit a web site, the site will actually just send you a plain text document. This is the "source" for that page. Your browser then automatically reads and builds the page you see from that source. When you click "view source", you are just viewing the original text that was sent to you from that web site. In the case of this government site, that means that every single time someone visited that specific page, they were sent the entire list of social security numbers. Then, the browser was simply told to "please don't look at all these numbers we sent you, thanks!".
Just to add a little bit to this; The page you're viewing on your browser does not necessarily show all the information that was sent to you, especially if some of it was unintended. But all that will be visible in the source, the browser just wasn't instructed to show it all.
The Governor’s reaction is bizarre, but fully in line with something someone said to me about 30 years ago: There are two primary personality types among the management of any large organization. Call them Bureaucrats and Engineers. To a Bureaucrat, problems don’t exist until Officially Noticed, and are created/caused by the person who forced that Notice. Such people are troublemakers trying to destroy the organization by creating problems and must, of course, be punished for doing so. To an Engineer, people who discover problems are heroes who make it possible to improve the organization’s performance, and must, of course, be rewarded for their efforts.
Sounds like a boss I had. 1 example was I pointed out a broken weld on a work truck, had it failed, it coulda been fatal at the worst & time consuming pain + probable tickets in the least. He chewed me out for not finding it & pointing it out on a Friday! Hahaha! I didn't work there very long.
You just described the difference between republicans and democrats. Dems "look at all these problems, lets do something to fix them" Repubs "Quit trying to ruin our society you communist"
And people wonder why most don’t speak up when they see something like this, they get “rewarded “ with punishment. Plus the governor showed he has a ego too.
Yeah when I first read about this story, I posted it as yet another example of his blatant abuse of power. I’m really sick and tired of being so embarrassed to live in Missouri because of our elected officials.
When I saw the title of this story I thought, "It must be the governor of California, or New York, or maybe Michigan." Then I found out, no, it's the governor of MY HOME STATE!!! How, embarrassing! Steve, you are correct, the State should be thanking this reporter, not prosecuting him.
@@willer3399 I think you can, and it's a funky little thing called "criminal negligence" which honestly describes the events of leaving sensitive information hard coded into HTML and crying hacks when someone finds it quite well.
@@PaigeLTS05 I was referring to the governor there. You could go after the people who coded the website I suppose, but that is going to be a hard sell to a prosecutor. It is negligence for sure, but criminal negligence would have to be proved. People could go after them with a civil case if they get their identity stolen or something like that.
Everybody who clicked that website got the same information. In fact, it may still be in their browser cache. They're gonna need a lot more jails in Missouri.
I'd be interested to know how many of the exposed persons have been victims of identity theft already. Governor Mike Parson's response seems retaliatory on an almost personal level, like he or his friends may have been somehow profiting from the exposed information and are upset that it is no longer so easily available to them.
The social security numbers have probably already been read by the bots for a lot of the search engines so they can index the page. When I was learning HTML if I liked the way someone did something I'd view the source to see if I could get an idea of how they did it and then, even now I'm retired I still use view source when I find a broken page just to see where they messed up.
Hopefully this guy gets a good lawyer that eviscerates the governor and the prosecutor in court and makes them pay legal fees for their bone-headed choices
Hey you did a story in my industry. Just want to point out a few things. 1. Scrapers probably already got the numbers because they look for this information maliciously 2. To be considered responsibly reported it does not mean they waited to run the story, it means that a reasonable amount of time is given before running the story. Generally if it isn't fixed in 90 days part of responsibly reporting an issue is to identify to the public that an issue exists to put pressure on getting it fixed because after 90 days of an issue where that many SSNs are exposed isn't fixed then it isn't a high priority which the public should know about 3. Maybe if the governor doesn't want to be embarrassed he should higher a public relations manager who will stop him from making statements about going after people that responsibly disclose which saves the governor from having to deal with the questions about how they exposed the records when people start getting their identities stolen.
Just want to start by saying that the governor is clearly in the wrong here so that there is no confusion. But to add on, another problem here is that the site was likely archived by web crawlers, including search engine caching and archive.org. So it's very likely that the information is still out there anyways. Major screw up on the part of whoever the state paid to design this, and double screwup on the part of the state for not paying someone to audit it for security flaws before going live with the site. Just another addition to the millions who have to basically assume their SSN has been compromised.
There was a state that hired some people to check the security of some of their buildings. A country sheriff decided to have them arrested and tried to have them prosecuted for "breaking and entering" even after the state told him their actions were authorized by the state to test the security of state owned property.
@@karlrovey That was Iowa, and they hired Coalfire. Charges were dismissed almost a year later. The sheriff got bent out of shape because they found physical vulnerabilities and the sheriff felt that they owned the security and not the state IT department... same exact thing happening here. Embarrassing show of incompetence causes government officials to blame the person that discovered the incompetence instead of fixing the incompetence.
Wow, that's so much worse than a bug. If the state didn't actually code that page but had a contractor do it, I hope that contractor has really good insurance. The governor doesn't realize that his website sent that information out into everybody's computer but instead thinks this guy hacked into the server? Wow that's scary.
I love your totally plausible reasoning behind why the Highway Patrol have been asked to deal:- methinks the Governor is a little clueless re the interweb
When you use javascript, you are knowingly writing a script that is visible to the client side of the application (in this case, the internet browser). Any web application developer (including myself) has an understanding of this. If you want to hide business logic, you really need to write it in server side code. A web service call can be made to access this server side code (at the cost of round-trip propagation time to execute the business logic). The governor should be mad at the developers they hired, not the reporter.
@@paul.van.santvoord1232 You aren't wrong, but Lehto said that the reporter used "view source" to find this out in the first place. This, to me, implies an issue with important business logic inappropriately on the client side of the code, which allowed the reporter to track this down much easier. That being said, and to your point, any sensitive data (especially SS numbers) should be encrypted (among other forms of security on the hard drive in which the database resides).
@@paul.van.santvoord1232 So are sites where you do online banking, medical reports, etc. The problem isn't a database in some way connected to a website. It's the secure treatment of the data, making sure it's only exposed to those who are authorized to see it.
When I'm using my laptop I sometimes catch the touchpad in an as yet undetermined manner which brings up the source code of the site I'm looking at, I call myself a blithering idiot but turns out I'm an evil genius hacker! ;)
Having built many websites and currently working in tech, this is is a major disconnect on governer part. Like you mentioned the personal info should never be used. The IT or software developers involved should be reprimanded, not the reporter
*I only watched half of this, because I have to go watch Jeopardy. I am so happy that this wasn't here in florida, as our governor is severely challenged. L8R!*
Oh please, by all means I hope they go ahead and prosecute him. I would LOVE to see what the judge says. Who DOESN'T like making fun of such ignorants?
Since the HTML he viewed was delivered to his PC, isn't the real crime the state distributing confidential information to unauthorized persons?
Look at you, trying to use "logic" to procecute the right person. /s
Yeah, criminals get away with everything. How many ppl got put away for the crimes that led to the 2008 Great Recession? Not many.
@@SayAhh Not many of the idiots who caused the Great Republican Recession committed crimes. It was mostly about legally gambling with other people's money.
@@Foolish188 Good point, but I think that there might have been several actual crimes, including allegedly fudging subprime loan income qualifications and/or approvals, on the borrower and/or lender's side.
You bet. It's a clear violation of federal (and probably state) privacy laws.
@@russlehman2070 It is, and I hope someone goes after them for that, because this sort of issue is just pure negligence. It's not even a bug, it downright not caring about security at all. Whoever build that system is no better then a mechanic that thinks he can just use garden hose to replace a brake line and not be responsible when something goes horribly wrong. It really is that bad...
The governor saw his neighbor using a garage door opener and accused him of witchcraft.
And her Husband is a Warlock.
I wonder what kind of menagerie those two have in their basement.
He should get a Warrant and have the Sheriff search the place.
Not nicely. Use the Battering Ram Tank, SWAT TEAM. Block off and evacuate the entire neighborhood!
They look like the kinds of Freaks that hide stuff in the walls and ceilings!
They'll have to come down!
Check inside the Heat Exchanger in the Furnace! You'll have to break it open!
Cuff them and make them sit out on the sidewalk for six hours in front of the News Cameras with no water or bathroom breaks.
No allowances for
Disabilities!
No shade from the sun or proper clothing for the weather.
And plenty of threats, insults and intimidation.
Separate the two.
Now play them against each other.
With lies and deception.
As they watch you destroy their Mutual Dream Home.
Everyday in America, innocent people's lives are being destroyed by Stupid idiotic people that don't have enough evidence to legally obtain a Warrant.
Yet those Warrants go out faster than they can be read!
And the Prosecutor's job is to
Prosecute.
He wants to get Re-elected.
It pays good.
He runs the show at the Courthouse.
He likes that. It's an important job.
He really does get criminals off the streets. But he's too busy to really look at every case.
The journalist weights the same as a duck so he must be a witch and therefore guilty.
@@robertlee9395 Nailed how the "justice" system works
"any sufficiently advanced technology..."
And charged the driver with operating his buggy without a horse.
The people whose numbers were exposed should file a class action suit against the state.
@Nadine_gh. C :
Unfortunately, a class action isn't really what SHOULD happen.
Because the award of damages gets split up among everybody who joined in the class action. $100,000,000 / 100,000 = $1,000 per litigant.
$100,000 * 10,000 = 1,000,000,000. A much bigger "bite on the a~~" for the State of Missouri to "absorb" (if it can), and a lot more reason$ to ou$t the Governor in the next election!
What's needed here is for those whose social security numbers were exposed to file suit INDIVIDUALLY!
Those who can't currently afford to file should first file the paperwork to declare themselves "In Forma Pauperis" with the appropriate Court in the State of Missouri.
@@K7DFA OK
I don't see the point, sue the state, it just falls on the tax payers, criminal charges might make a difference
@@javabeanz8549 :
Yeah, but the "difference" will be that the next individual who discovers this sort of problem will:
A) Disappear without revealing it to ANYBODY.
B) Start selling the data to the highest bidder!
Better idea: Start a "bug bounty" program, and stop threatening the [apparently], innocent discovery of this type of problem.
Unless you are referring to prosecuting the Governor for attempting to prosecute the reporter
@@K7DFA I already made the point about them being disappeared in a thread on the conference video. And I pointed out that the state was lucky that all the data was not already harvested by a malicious actor. I work in IT and have for years, designing back end and front end database access. You should never expose data that is not needed to answer the query, and PII should only be stored in very restricted tables, accessable only to those who have the proper credentials and very good reason to access it.
This is like writing state secrets on the back of a flyer, that is handed out to everyone, then getting mad when people flip the paper over to see the backside.
perfect analogy
🎯
The Governor disclosed his own level of intellect and character. Now he gets to learn about the Streisand Effect.
government workers don't have any character..that's why the system props them up.
@@chuckthebull I disagree. I deal with government employees multiple times a month. A lot of them are just stupid. Like they actually have very little intelligence. They however are honest and try to do the right thing.
@@kiethmergard that may be sorta true in the local level..(and yeah I have had that experience occasionally) but over all even if they are "trying" they still completely are brain washed into the system and will defend the system against the public. and indeed they are dumber than a mud fence most of the time too. but that works for government..look at Biden...he was installed for that very reason...he's a perfect example of failing up..but for the clever social and cultural controllers he's a perfect patsy.
This is how the system operates,,with figurehead useful idiots as a stop gap against the public... You have to deal with idiots so you can never address the real problems..it's all by design... I would never work a government job and they would never have me because I can think and "logic" and tell the truth... They can't by nature even be honest with themselves...it's no different than any cult. They believe in the cults lies and so they delude themselves they are honest.
Truth is and if you deal with them you know this too.. they will uphold the facade that they serve the people but are all in the same click and view the people as an exploitable resource to be simply managed and controlled..everything they do right down to paper pushing reflects this. to get revenue for the state is their primary function..and they then call it "helping"
oh they will be sweet as pie as long as you pay up.
"Truth is treason in an empire of lies." -George Orwell
'If liberty means anything at all, it means the right to tell people what they do not want to hear.' Eric Arthur Blair. Truly a man before his time.
"Shut up!" - politicians nearing exposure
Oh how it is: the more things change, the more they stay the same.... Ugh. Doomed to repeat history, me thinks.
No...our computer system is probably just that bad it probably will take 50 million to fix it.
X,(
Being prosecuted for ethical disclosure. That just means that the next time there's a major vulnerability or leak for this state's infrastructure, it'll go straight to the public because Missouri clearly doesn't understand how ethical disclosure/bug bounties work.
If he gets prosecuted next time if someone finds a error they won't say anything. Better to keep quiet than go to jail and/or be charged with a crime you didn't do. Let the state deal with the consequences.
@@kurtwetzel154 sadly this will be what happens, potentially or perhaps certainly at a significantly higher cost to us all. We shouldn't be forced to think like this... the rest of us need to stand firmly behind and speak loudly for those that have done the right thing
Most folks will just not tell them anymore if they see a problem and let them learn the hard way.
You would think that Biden would get the capital police involved in this now, or the local FBI who of course are ready to pounce on anyone yelling at a board meeting would be helping in the investigation as well.
@@jasonbourne1596 right if the IRS ever comes to you for any question at all just say I'll talk if you grant me immunity.
You ask for immunity for the IRS questions, they'll leave faster than they came in.
Using the power of government to attempt to imprison a person you KNOW is innocent should be treated as one of the highest crimes that can be committed in this country. The Governor belongs in prison.
Sounds like the demoratic party to me!
There has been a time honored solution and punishment. It just takes an older way of thinking rather than modern deep obedience to The State and Nationalism. A Nation can exist beyond it's government, but a government is a temporary thing and, like diapers, should be changed and replaced often with the leftovers thrown into the trash as they have an unholy stench to them.
Don't worry the Govenor has qualified immunity.
@@neilkurzman4907 If you actually were aware of reality you would know that after 2020 the Democratic Party went after Trump Administration officials with a vengeance. Investigating them and Filing false charges against them.
They spent Tens of Millions of Dollars defending themselves.
Found guilty even though later proven innocent! The worst of the worst abuses of the top levels Law Enforcement Agencies and The Judicial Branch of Our Government!
I don't get Political on Steve's Channel but your ignorance needed to be addressed Skippy.
Enjoy the rest of your Weekend.
@@kingforaday8725 HRC's Democratic Socialist Party!
She and Obama are pulling the Puppets strings!
That's why he's so Damn inconsistent!
He can't be as smooth as his former Boss, and well, look at HRC, they were holding her up in 2016!
I liked that trip getting onboard the airplane! One of my favorites!
It's always funny! It will always be funny! I can't wait! I want to be first to her grave! I got my sample cups from my Doctor's! I keep a few in my sock drawer! Don't you?
Hopefully, the various prosecutors will look at the case and just say "no" to the governor.
Perfect example of government incompetence and how they react to it
“Missouri Governor found driving the wrong way on the internet information highway”…
After the reporter is charged and prosecuted he will have an even better story to publish!
Like Ron white telling a story of being pulled over for doing 7 in 5 zone.
@@HH-ru4bj The toll bridge to Sanibel Island! Great story!
And a nice lawsuit to boot.
Looks like Governor should retire
@@musclesmouse Clearly he has been promoted up to his level of incompetency. Good Job Misouri!
Classic example of "no good deed goes unpunished."
Same thing as punishing whistleblowers who expose government crimes.
Yup, over 20 years ago a friend who worked at a local bank was told to "mind her own business" when she reported a client who would come in different days, with different names/accounts to deposit monthly support checks.
@@johngalt5411 did she report it to appropriate federal entity?
@@SonsOfLorgar In many states it is forbidden to keep bank accounts under false identities. It is therefore the bank's duty to ensure that this legislation is complied with. On the other hand, it is regularly forbidden to pass on information about customers to third parties if there is no corresponding court order. That is why this is definitely not the job of the bank employee.
Perhaps the Governor should be prosecuted for being "Incompetant in a Public Office", and for attempted "Malicious Prosecution".
This is a very clear cut "shoot the whistleblower" mentality we have seen fester for the past ~3 decades.
I'm a software developer, and I can confirm that clicking File->Save As in a browser, opening said file in a text editor, and looking through it with a pair of eyeballs, makes you an elite hacker and a danger to society.
"looking with a pair of eyeballs" is enough. What if you see things?
As an elite hacker, I can confirm. Hack the planet!!
As someone who took an HTML class in college, can confirm. They warned us about sick deviants like that.
So since the governor is the one in charge of the state and should know the inner working of his state then they should prosecute the Governor for failing to protect the employees under his watch
Qualified immunity
@@jeremyreese54 would he have qualified immunity or total immunity?
Qualified is what cops have total is what prosecutors have.
If nothing else the reporter should sue him for defamation. He will not be able to sue for much else because the government has immunity for things done in the course of the job, but slandering journalists and others is not part of the job even though the republicans have been doing that for years now.
"Offense is the best defense"
The governor knows he's in deep shit, maybe he can save his PR by accusing the reporter of HaCKinG tHE gOVerNmENt
The governor is the one that is responsible for everyone under that office , and it is the governor,s fault that some one did not do their job right .
Governor is supposed to know that things are done right.
Instead of a Oh S**t moment and fixing the bug; they instead want to prosecute the reporter for exposing their incompetence! Sounds about right for today’s world.
And, instead of the glitch staying a local story, they have thrust their incompetence into the world wide spot light.
Politicians never take credit for their failures. They always seek to blame someone else...anyone they can.
Actually, according to Mr. Lehto they fixed the bug, and now the "illustrious" Governor wants to initiate CRIMINAL proceedings against the reporter!
It goes way beyond stupidity, and the reporter SHOULD be receiving a "bug bounty", instead of being prosecuted!
@@K7DFA According to other news sources, they "fixed" the bug by taking the website down. Probably best course for the short term, as they will clearly need to hire developers who have some idea what they are doing to rewrite the site. The incompetence of the web "developer" who created the site is only slightly less embarrassing than the incompetence of the governor.
Sounds like Donald Trump.
The way this governor took the website vulnerability so personally, I'm getting the impression that either he built the website himself or one of his family members did it.
That was my first thought too. Something triggered the childish response.
"Better to remain silent and be thought a fool than to speak and to remove all doubt" - Sounds like some Governor needs to read this.
And a president.
Yep, governor is dead wrong, as are all those they involved in deciding this is the right course of action. Fire them all.
Your judgement and sentence of all involved doesn't even give the other side a chance to defend themselves. I want to know the rest of the story, not just the side put out by the media source being accused of wrongdoing.
@@alecamal The source is publicly available information. There really isn't another side. The state is wrong. Every person's whose information was left expressed has at least a $1 million dollar lawsuit against the state.
@@alecamal Governor, thank you for making an appearance.
@@alecamal Ok, here's the 'other side'. A person used a computer for it's intended purpose and the government wants to prosecute them.
@@rayh592 Officials say through a multi-step process, an individual took the records of at least three educators, unencrypted the source code from the webpage, and viewed the social security numbers of those specific educators. Source KOAM News...... Just seems like there may be a little more to the story, as there always is when only one side is reported.
Steve is running the risk of being indicted as a conspirator for talking about this story!
Yeah but that's what we all love about Steve he takes great risks
Oh for Godsake
He "hacked" the internet to even read that news story!
I would travel to see that trial
Waitaminute. Does that make us all his accomplices?
There was someone in Hungary who found that anyone could set their own train ticket price on the webpage via HTML editing. The government was equally unamused at their own stupidity.
"via HTML editing"
It was much simpler.
The ticket price went through a query string parameter. It was enough to modify the url in the browser.
HAHAHAHAHAHAHA!
HAHAHAHAHAHAHA!
HAHAHAHAHAHAHA!
I LOVE IT!
GOD help the world if I ever have a desire to learn to code!
You will all need Thermonuclear Proof Noah's Arks.
I will be watching from
Flight Level 70.
I think the sight of a Mushroom cloud is the most beautiful thing in the World!
I'm going to going rewatch the end of Dr Strangelove now!
HAHAHAHAHAHAHA!
HAHAHAHAHAHAHA!
Hell, I'll watch the whole movie!
Gentlemen! You can't fight in here!
This is the War Room!
President Muffley.
If they are that stupid to make their website that way then they only have themselves to blame.
@@bokoloaranyfa3824 how many times do people have to say this: when money or sensitive information is involved, *always* use a third-party processor who actually knows WTF they're doing. *Don't* write that shit yourself unless *you* are the third-party processor.
So simple, yet so often forgotten.
It technically wasn’t even illegal for them to do that for train tickets.
Like any transaction, the buyer and seller agree upon a price, then that price is exchanged for goods and/or services. Nothing prevents a buyer from making a counter-offer, and if the seller accepts, that is the new price. It’s not the buyer’s fault that the train ticket seller was ordered by its boss to accept all counter-offers, no matter how low they were.
The reporter already has substantial legal grounds to file a law suit against the Governor and the State.
This is how it goes, with a Narcissist.
It is never their fault.
When that infects our government, may have God have mercy on us all!
Parson called the journalist a hacker. Makes Parson look like a hack.
Sounds like Parson needs to be sent to a nursing home, because clearly he doesn't know what the hell he's talking about.
He is a hack
Damn straight!
I dont know the skills of the journalist, but id say hes a hacker. Not a criminal though. Hacking isnt a crime. Computer fraud and abuse is
Parsons seems to be incompetent on every single issue.
Reporter: I just saved your asses.
Governor: You’re going to jail.
Makes sense as much as all the other nonsense going on in this country.
America is a police state if you can be prosecuted for pointing out government incompetence.
Reporter: there is a bug in your system.
Governor: It’s treason, then.
@@ianbattles7290 I don't think it's incompetence at all. It's an infowar. Most likely the governor realized how bad this was going to look and made a conscious choice to spin it as hacking.
In Germany, there was a comparable case:
The CDU (one of the biggest and oldest parties of Germany, somewhat conservative in the European sense, not like in the US) has a website. Now this year, a woman within Anonymous tried an URL that is part of that Website, and it got her to personal information like name and address of members. She notified the CDU that that part of the Website is in no way secure and told them the had a week to fix it before she publishes it. The CDU tried to file a case for hacking, but instead the prosecutor is investigating the CDU because they didn't protect that Data and therefore they broke data security laws.
Yea, glad those fascists were not reelected.
What’s the difference between conservatives in the European vs American sense. I’m not familiar at all with European politics
@@Lovuschka You don’t know what the word “fascist” means. Absolutely ridiculous.
So prosecute the MisGovenor!
@@atsylor5549 in Europe there are a lot more parties within the spectrum of left vs right unlike in America where most people think there are only 2 ways of political thought. Most European countries don’t have a 2 party system , so they have smaller political groups who team up to pass legislation. The biggest difference is only Americans are afraid of buzzwords like socialist.
This is why a lot of people are afraid to contact authorities when they uncover a crime, they will just walk away and pretend they know nothing.
Truly, no good deed goes unpunished.
That case will never make it past the discovery stage before it's tossed. The fact that the governor wants to charge him is just ridiculous!!!!
Gov Parsons: "I want him prosecuted for showing that we are incompetent !"
The Governor knows all about the Internet, I assure you. He just went to his local computer store last week to get a fresh copy of the Internet on a floppy disk.
I guess the MS-DOS files were too big to email to his AOL account.
He's prob still on aol with dialup lol
8 inch floppy?
@@mrs.waterboy5555 But he got a 1000 free hours...
@@mrs.waterboy5555 his file cabinets are filled with 100 hours free aol disks
I remember when I was in Jr High and I was a librarian's assistant (for $2/hr). Computers were a relatively recent addition to the library and I was knowledgeable so I helped them out. One day I got summoned from class to the library (which never happens). The librarian was in a tizzy because she thought some student was "hacking" on the computer and wanted me to tell them how much trouble the kid was in. What had really happened was the student had accidentally quit Windows 3.1 and typed gibberish into the command prompt making a few syntax errors before they gave up. I restarted Windows and explained to the librarian what'd happened. Hacker crisis averted.
Comforting to be repeatedly reminded of the level of competence and intelligence of people in top positions. This is exactly what narcissists do when you point out a wrong.
This can barely be considered a bug, and is more just gross incompetence from their IT and web development team. They are the ones who need to be reprimanded.
What kills me is that it is generally more work to show the data in the HTML source than it would be to simply not display it. I have no idea what kind of server software they are using, so I don't really have any idea how this could have happened. I suspect it was something really stupid like downloading the data to a Word document or Excel spreadsheet, hiding the columns, then exporting to an HTML file.
Possibly the person/persons who screwed up lied to the governor's office about what happened to cover their ass. The governor didn't know any better so now it's blown up.
The bug is the software that generated the HTML content also included SSNs.
“The Bug Stops Here” - Harry Truman (famous Missourian)
Missouri, the “Don’t Show Me (unless you want to be prosecuted)” State
Thanks Gordo, I always had that saying wrong!
Imagine being this governor’s aide and having to tell him that his socks don’t match.
Well, that would be the fault of whichever aide dressed the governor, as he clearly lacks the capacity to dress himself.
I was too lazy to listen to this story on the local news (I live in Missouri). I'm glad Steve covered it. Now I can face-palm.
This is exactly what's wrrong with our govt. These people that do this to someone that's trying to warn them about something that"s dangerous should-1, be removed promptly from there position [ s ]. 2- be investigated for sedition & a bunch of other stuff I am shure that you can bring up.
I suppose throwing people in jail is easier than fixing a problem.
pays more
Putins regime loves jailing people for retweeting or sharing news
They had better make a lot of space for the unethical hackers in China and Russia and all of the others that are going to steal the data and use it for nefarious purposes. Oh wait you can't extradite members of the Russian and Chinese government and other hackers from most countries so they will get away with it and be able to profit by selling the information to other criminals.
This is why journalists (not the entertainers at Fox "News") have the toughest jobs. They also don't get paid enough are put their lives in danger with each article. Heck, even people who blew the whistle on freaking Lance Armstrong receive death threats. Most journalists don't get rich from reporting the news, but people do get rich from reporting lies. Propaganda pays.
This is a text book case of "shooting the messenger".
I'm currently beginning a career in cyber security and you'd be blown away at how stuff like this works. You'd think that any business, organization, or entity would want to know about critical security bugs but that isn't always the case. It's mind bending to know how many times people are punished for finding bugs in other people's code.
The governor thanked them by giving them a long series of stories that stem from the original story. It's a gift! 🎁
True. Now the paper has a much more interesting story than it started with!
Steve, you are always so insightful. You can shame this governor in so many ways and on so many levels. But sadly it won’t make a difference.
I worked for a county Gov for about 8 years. This doesn't surprise me. There were so many people in the local Gov that I had to sit down and explain simple computer things to, that it worried me a lot. And this wasn't that long ago.
“Hacker!”
"You keep using that word. I do not think it means what you think it means."
This is how you do not get cyber security bugs fixed. In Finland there was big issue about defaced high profile MP etc. web pages. I had found purely accidentally full user/password list in plain text of the web page admins/customers few years earlier. After consulting contemporary law, I decided that it is not worth of risk of up to 5 years in jail to whistleblow that 'security flaws/blatant oversight to the server admins. Nowadays Finnish law is much more lenient for White Hat type activities (as above), so I would act differently in the same situation. News back thenclaimed that 'server was hacked' - which is, IMO, gross exaggeration.
I would have screw around with the site.
Being a good person does not pay as your likely to rewarded with fines\jail time. If gov't wants to enable criminals, so be it, just walk away.
Never let a good deed go unpunished.
45 years ago an intern in my division lost his clearance and was terminated because he accidentally found and reported a similar flaw that could have allowed [ TS eyes only ] software and data to be hacked. He had gone immediately from his desk to his supervisor and they to Dept head.. Instead of any appreciation for it he was fired. We have a skrudup way of rewarding those who go "beyond the call of duty".Instead of a "silver star" they get a boot in the butt!
"The investigation begins today, and Parson said the investigation could cost taxpayers as much as $50 million but did not detail those costs or take questions at a news conference Thursday."
Fifty. Million. Bucks.
To be fair, he said "could" cost ... . "I could win $5 billion with a Powerball ticket" is a 100% accurate statement, too. It's just that most people immediately recognize that it's wildly unlikely.
His appointment for his friend's , over time etc. Waste ! 😮
No good deed goes unpunished….
In addition to being technologically incompetent, the state has now slandered one of its citizens and has that liability.
Journalist obviously isn't intimately familiar with the full Snowden story. The government is rarely, if ever, pleased to have a mirror held up to reflect upon.
To be fair, the Snowden tale involves actual law breaking by disclosing officially secret info, that he Knew was secret, as opposed to pointing out a weakness/error & NOT disclosing the actual info.
@@paulcollyer801 Debateable. What was exposed is ultimately criminal acts of the state. There are laws against classifying embarrassing and/or crimes, whistleblower protections being just a piece of paper.
The emperor has no clothes .. it works in fables but not as well in real life
@@paulcollyer801 I'm aware that it's not a perfect "like and kind" parallel comparison, it was just another situation that sprang to mind involving the government valuing secrecy over sense
I'm glad to know what Snowden told us
There is a man getting killed behind the curtain and I know who it is
but I am not allowed to tell you , it's " Your eyes only "
I've always been a proud Missourian.. we are not all like the governor and thank you Steve for pointing out the obvious. And Missouri State taxpayer I will partially have the burden of paying for that lawsuit that will inevitably come yet I will praise the reporter.
Job well done.
Literally, one of the largest reasons for journalistic protections is so that journalists can expose the shortcomings of our government without fear of retaliation.
That governor is so out of touch with technology, he probably thinks "HTML" is a gay rights group.
HTML Rights NOW!
Missouri.....nuff said
Should be pointed out many large companies, Apple, Google, etc. PAY "Bug bounties" If you find an issue, report it to them, they PAY YOU. Others clearly have the reasonable view of this kind of thing happening.
Though they have been at time’s caught deliberately ignoring the bug/not paying until following the ethical reporting practices they eventually go public.
Some internet savvy companies, CISCO for example, actually publicize their desire for ethical hackers to find and report bugs.
I think millionaires in a state should be commanded to put into a small fund of a bug bounty fund, that way the general middle to low class taxpayers don't have to pay out unbug bounties. But I still think that would be tax payer money well spent a bug bounty even at $100,000 is far cheaper than what it would cost the taxpayers if a lawsuit should go forward even if it was just settled is going to be more than that all tolled.
@@Orphmorg s***, Cisco will pay unethical hackers if they find a flaw
Even Rockstar who is a direct opposition to people who modify GTA V, paid a bug bounty to the motor who found out why the game took so long to load in resources even on single player, at subsequently either merged or reproduced the fix into their code for the game for everyone to enjoy
I'm extremely glad this is getting so much news coverage. This kinda thing happens way too often in infosec. An ethical hacker stumbles on a data leak/vulnerability and reports it to associated group. Said ethical hacker then gets threatened or has charges/suit brought against them for finding it.
Imagine the instances where someone nefarious stumbles on the same info and it's never brought to light..
"Some people don't understand how the internet works; and, I understand people have it on computers now." I love it.
If anyone is confused about how "view source" works, here's a simple explanation:
When you visit a web site, the site will actually just send you a plain text document. This is the "source" for that page. Your browser then automatically reads and builds the page you see from that source.
When you click "view source", you are just viewing the original text that was sent to you from that web site.
In the case of this government site, that means that every single time someone visited that specific page, they were sent the entire list of social security numbers. Then, the browser was simply told to "please don't look at all these numbers we sent you, thanks!".
Apparently it was just one SS# at a time pertaining to the person being looked up. But still...
Just to add a little bit to this; The page you're viewing on your browser does not necessarily show all the information that was sent to you, especially if some of it was unintended. But all that will be visible in the source, the browser just wasn't instructed to show it all.
Governor Parsons needs to take this to the next level - mail his rivals lists of social security numbers and then prosecute them for identity theft.
Well I'm no lawyer, but I suspect the governor might lose this battle. You can't fix stupid.
We need to totally reset our government and start over.
The Governor’s reaction is bizarre, but fully in line with something someone said to me about 30 years ago:
There are two primary personality types among the management of any large organization. Call them Bureaucrats and Engineers.
To a Bureaucrat, problems don’t exist until Officially Noticed, and are created/caused by the person who forced that Notice. Such people are troublemakers trying to destroy the organization by creating problems and must, of course, be punished for doing so.
To an Engineer, people who discover problems are heroes who make it possible to improve the organization’s performance, and must, of course, be rewarded for their efforts.
Sounds like a boss I had.
1 example was I pointed out a broken weld on a work truck, had it failed, it coulda been fatal at the worst & time consuming pain + probable tickets in the least.
He chewed me out for not finding it & pointing it out on a Friday!
Hahaha!
I didn't work there very long.
You just described the difference between republicans and democrats.
Dems "look at all these problems, lets do something to fix them"
Repubs "Quit trying to ruin our society you communist"
@@E.J.Crunkleton You inverted the two. Nice try, though!
I would welcome the chance to make the governor look like a fool in court. I may not even bother to hire a lawyer.
And people wonder why most don’t speak up when they see something like this, they get “rewarded “ with punishment. Plus the governor showed he has a ego too.
These old people are so disconnected from the modern world. Why do we keep voting for them?
Newsflash they're all cheating
EXACTLY
I happen to be an old person and take insult to your "lump them all in one pile" statement.... The governor is a twit no matter their age.
Biden more votes than any elected president? The stadium chants of go brandon says it all!
You only think you are voting..
*Accidentally hits F12*
*Immediately arrested for hacking and sent to prison for 20 years*
Yeah when I first read about this story, I posted it as yet another example of his blatant abuse of power. I’m really sick and tired of being so embarrassed to live in Missouri because of our elected officials.
When I saw the title of this story I thought, "It must be the governor of California, or New York, or maybe Michigan." Then I found out, no, it's the governor of MY HOME STATE!!! How, embarrassing! Steve, you are correct, the State should be thanking this reporter, not prosecuting him.
How about we just prosecute the governor instead?
Sadly you can’t be charged for incompetence.
@@willer3399 I think you can, and it's a funky little thing called "criminal negligence" which honestly describes the events of leaving sensitive information hard coded into HTML and crying hacks when someone finds it quite well.
@@PaigeLTS05 I was referring to the governor there. You could go after the people who coded the website I suppose, but that is going to be a hard sell to a prosecutor. It is negligence for sure, but criminal negligence would have to be proved. People could go after them with a civil case if they get their identity stolen or something like that.
Governor Parsons needs to have a full colonic administered to improve his attitude.
A full on enema ! Git clean guvna!
You are advocating murder because he would obviously drown since his head is up his ass.
@@mosunshine326 Lol
Cranial Rectal inversion.
Everybody who clicked that website got the same information. In fact, it may still be in their browser cache. They're gonna need a lot more jails in Missouri.
I'd be interested to know how many of the exposed persons have been victims of identity theft already. Governor Mike Parson's response seems retaliatory on an almost personal level, like he or his friends may have been somehow profiting from the exposed information and are upset that it is no longer so easily available to them.
The social security numbers have probably already been read by the bots for a lot of the search engines so they can index the page. When I was learning HTML if I liked the way someone did something I'd view the source to see if I could get an idea of how they did it and then, even now I'm retired I still use view source when I find a broken page just to see where they messed up.
I love the end with the gal saying “if you think nobody cares about you try missing a couple payments “ that’s a classic.
That's his wife.
Hopefully the prosecutor is smarter than the governor and ignores the political pressure.
Hopefully this guy gets a good lawyer that eviscerates the governor and the prosecutor in court and makes them pay legal fees for their bone-headed choices
Oh come on! It would be great fun to see a Prosecutor take this to Court.
Governor: They reported facts, get em!
Alternative fake facts
If telling the truth is illegal, we live in a police state.
@@ianbattles7290 That is not Party approved correct thinking and speech
too close to the truth... be careful.
Governor: “Arrest him!”
Reporter: “Let’s take a deeper look into your administration and see what else we can do a story on.”
Hey you did a story in my industry. Just want to point out a few things. 1. Scrapers probably already got the numbers because they look for this information maliciously 2. To be considered responsibly reported it does not mean they waited to run the story, it means that a reasonable amount of time is given before running the story. Generally if it isn't fixed in 90 days part of responsibly reporting an issue is to identify to the public that an issue exists to put pressure on getting it fixed because after 90 days of an issue where that many SSNs are exposed isn't fixed then it isn't a high priority which the public should know about 3. Maybe if the governor doesn't want to be embarrassed he should higher a public relations manager who will stop him from making statements about going after people that responsibly disclose which saves the governor from having to deal with the questions about how they exposed the records when people start getting their identities stolen.
Ben doing the morning walk of shame, currently leaning on Mic 4, behind the Tucker, Steve's RHS
That’s what happens when you’re dealing with a narcissist who lacks humility. Great job MO voters! 😉
The source was already on his computer. “View Source” just exposes it.
The call is coming from inside the house?!? 😳
Nothing is more treasonous than to point out the government's failings.
No mercy for the governor. Remove and prosecute for treason.
These are the politicians we dealing with stupid stupid stupid people it’s sad it really is very sad 😢😥😥😥
Just want to start by saying that the governor is clearly in the wrong here so that there is no confusion. But to add on, another problem here is that the site was likely archived by web crawlers, including search engine caching and archive.org. So it's very likely that the information is still out there anyways. Major screw up on the part of whoever the state paid to design this, and double screwup on the part of the state for not paying someone to audit it for security flaws before going live with the site. Just another addition to the millions who have to basically assume their SSN has been compromised.
All of them illegals crossing the border need SS numbers too.
I did not write it so eloquently but that is exactly what I was thinking too.
Once on the internet, good luck getting it off. That just isn't going to happen.
There was a state that hired some people to check the security of some of their buildings. A country sheriff decided to have them arrested and tried to have them prosecuted for "breaking and entering" even after the state told him their actions were authorized by the state to test the security of state owned property.
@@karlrovey That was Iowa, and they hired Coalfire. Charges were dismissed almost a year later. The sheriff got bent out of shape because they found physical vulnerabilities and the sheriff felt that they owned the security and not the state IT department... same exact thing happening here. Embarrassing show of incompetence causes government officials to blame the person that discovered the incompetence instead of fixing the incompetence.
One order of the Streisand Effect coming right up.
This was the first thing I thought of.
The problem is that anyone who finds a bug is unlikely to report it for fear of being prosecuted as a hacker
Wow, that's so much worse than a bug. If the state didn't actually code that page but had a contractor do it, I hope that contractor has really good insurance.
The governor doesn't realize that his website sent that information out into everybody's computer but instead thinks this guy hacked into the server? Wow that's scary.
New t-shirt: Hitting F12 isn't a crime! 😂
I love your totally plausible reasoning behind why the Highway Patrol have been asked to deal:- methinks the Governor is a little clueless re the interweb
Information Superhighway = Highway Patrol investigation. Makes sense,
When you use javascript, you are knowingly writing a script that is visible to the client side of the application (in this case, the internet browser). Any web application developer (including myself) has an understanding of this.
If you want to hide business logic, you really need to write it in server side code. A web service call can be made to access this server side code (at the cost of round-trip propagation time to execute the business logic).
The governor should be mad at the developers they hired, not the reporter.
@@paul.van.santvoord1232 You aren't wrong, but Lehto said that the reporter used "view source" to find this out in the first place.
This, to me, implies an issue with important business logic inappropriately on the client side of the code, which allowed the reporter to track this down much easier.
That being said, and to your point, any sensitive data (especially SS numbers) should be encrypted (among other forms of security on the hard drive in which the database resides).
@@paul.van.santvoord1232 So are sites where you do online banking, medical reports, etc. The problem isn't a database in some way connected to a website. It's the secure treatment of the data, making sure it's only exposed to those who are authorized to see it.
Doubt he could yell at them, as I doubt he speaks Hindi.
@@joeschmo622 lmao nice
What is wrong with politicians these days. Thank the guy for finding the flaw and fix it.
Steve ..Thank you for flying the flag!!! LOVE YOUR SHIRT!! The Great Pacific Northwest and Washington State University
When I'm using my laptop I sometimes catch the touchpad in an as yet undetermined manner which brings up the source code of the site I'm looking at, I call myself a blithering idiot but turns out I'm an evil genius hacker! ;)
I do that too. It is so annoying, but now gotta go to Republican controlled websites and do it on purpose.
Most browsers you can press F12.
Ok in Missouri: Step 1: Shoot the messenger. Step 2: Deny screwing up. Step 3: Create a law suit.
Step 4: Show Me.
Having built many websites and currently working in tech, this is is a major disconnect on governer part. Like you mentioned the personal info should never be used. The IT or software developers involved should be reprimanded, not the reporter
*I only watched half of this, because I have to go watch Jeopardy. I am so happy that this wasn't here in florida, as our governor is severely challenged. L8R!*
Oh please, by all means I hope they go ahead and prosecute him. I would LOVE to see what the judge says. Who DOESN'T like making fun of such ignorants?