Advertisement

A Reporter Is Under Investigation for Using the 'View Source' Function on a Website

Because, right clicking on a site and pressing 'view source' counts as tampering.

A Reporter Is Under Investigation for Using the 'View Source' Function on a Website
Utku Kucukduner for IE

They say that no good deed goes unpunished and this is a story that illustrates just that. A St. Louis Post-Dispatch journalist who accidentally came across the source HTML of a Missouri Department of Elementary and Secondary Education website is now looking at charges of computer tampering according to Missouri Governor Mike Parson, reported the St. Louis Post-Dispatch (might be inaccessible outside the U.S.).

This all began when the reporter took a look at the "view source" menu item that lets you see the HTML code of the web page on a web application that allowed the public to look up teacher certifications and credentials and discovered that the source code contained the Social Security numbers of educators. Being a diligent and respectful citizen, they then proceeded to inform the state about the dangerous vulnerability.

Once the private numbers were removed from the web page, the Post-Dispatch wrote an expose on the incident. This led to Governor Parson announcing a criminal investigation into the reporter and the Post-Dispatch.

"If somebody picks your lock on your house — for whatever reason, it's not a good lock, it's a cheap lock or whatever problem you might have — they do not have the right to go into your house and take anything that belongs to you," Parson said in an arguably misguided statement.

The analogy here is not quite correct because the journalist did not abuse the vulnerability and instead was the reason the issue was resolved, the went about handling it how a security researcher likely would: with a responsible disclosure. The news outlet referenced an FBI agent that stated that the incident "is not an actual network intrusion."

Advertisement

Instead, the state's database was "misconfigured," which "allowed open source tools to be used to query data that should not be public." This feeling was echoed by Post-Dispatch President and Publisher Ian Caso who explicitly said that no network intrusion had occurred and that the outlet's reporter should have been thanked for the discovery rather than treated as a nefarious hacker.

Update: A previous version of the title read: "A Reporter Is on Trial for Using the 'View Source' Function on a Website". The journalist in question is not brought to a trial, they are merely brought under criminal investigation by Missouri Governor Mike Parson.

Follow Us on

Stay on top of the latest engineering news

Just enter your email and we’ll take care of the rest:

By subscribing, you agree to our Terms of Use and Privacy Policy. You may unsubscribe at any time.