Hacking skills as determined by a politician

Words have meaning and it is a bit disturbing when you read an article or see a speech where they are being incorrectly used. The most recent example of this is how people use or refer to technology. When computers were new, well newish, a hacker was someone who was an advanced computer technology enthusiast. These “hackers” played with and pushed the limits of the technology that was available to them.

Over the years the term hacker has taken on a different tone until today. Today this is someone who is still advanced with computer technologies but uses their skills to gain access to data or systems that they do not have authorization to use.

I know a lot of smart computer types but none of them are really hackers using either definition of the word hacker. I was surprised to read how Mike Parson, the Governor of Missouri, was able to recognize a hacker without any real examination.

The background is that a reporter was visiting one of the states web pages and he managed to uncover a security problem. The problem was that the web site which allowed the public to search teacher certifications and credentials and the site was written in such a way that it also held the social security numbers of those teachers. This information was apparently not visible unless you looked at the source code.

Finding this information might be a leap too far for most people but web browsers take this HTML code and display the site in your browser but the browser can also display the actual source code. It was the actual source code that contained this highly sensitive information. This discovery was made by St. Louis Post-Dispatch journalist. Once the journalist realized the seriousness of the problem it was reported back to the organization so the problem could be corrected before reporting on this issue in the newspaper. This is exactly how responsible security testing firms treat these same types of issues. Thus no information was in danger because of the article as the problem was corrected before it was published.

This is certainly embarrassing to the Department of Elementary and Secondary Education which was maintaining this website. Yet, it was perhaps more embarrassing to Governor Mike Parson as the buck really does stop at the top. It seems Governor Mike allegedly feels that the Post-Dispatch reporter is a hacker and is recommending prosecution. I guess that to Governor Mike thinks the ability to press a key sequence on your web browser to view the page source code makes you a hacker. Yup utilizing a built in developer feature is apparently the new bar for determining hacker skills.

Not only that, apparently the new reward in Missouri for reporting security short comings in their infrastructure is threats of prosecution by their governor.

This entry was posted in programming, security and tagged . Bookmark the permalink.