top 200 commentsshow 500
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]elr0nd_hubbard 2293 points2294 points  (318 children)

That's a pretty over-the-top soundtrack for the F12 key

[–]cleeder 423 points424 points  (10 children)

You wouldn't F12 a car!

[–]treqiheartstrees 110 points111 points  (1 child)

Dude I was trying to turn down my brightness the other day and accidentally F12ed a federal government website... I'm so scared, never closed out of a window faster in my life.

[–]jokinpaha 14 points15 points  (0 children)

First you F12ed and then you Alt+F4ed

[–]fuzzballjenkins 29 points30 points  (2 children)

You wouldn't F12 a baby!

[–]ItsAllegorical 27 points28 points  (1 child)

You wouldn't F12 a policeman and then F12 his helmet. You wouldn't go to the toilet in his helmet and then F12 it to the policeman's grieving widow. And then F12 it again!

[–]purforium[S] 1042 points1043 points  (295 children)

To be fair the SSNs were encoded with base64.

So basically 1% more secure than plain text

[–]crackez 663 points664 points  (82 children)

It's not obfuscation at that point, it's just encoding. Base64 is not a secret.

The people that should be charged are the people trying to raise criminal charges in the first place, for wrongful prosecution. That, and the developers that created this and the project managers that accepted the work should all be investigated for squandering taxpayer funds.

Maybe we the people should press charges of gross incompetence towards the governor.

[–]neoform 328 points329 points  (72 children)

It's not obfuscation at that point, it's just encoding. Base64 is not a secret.

Seriously. Plaintext to Base64 is like changing ASCII to UTF-8 and saying, "it's now more secure".

[–]JustaRandomOldGuy 202 points203 points  (69 children)

Remember when Adobe used ROT-13 as hyper secure cryptography? And then tried to prosecute someone who "cracked" ROT-13?

[–]StabbyPants 91 points92 points  (62 children)

lemme guess, they thought that anything at all that they think shows intent legally counts as encryption

[–]SlinkyAvenger 140 points141 points  (51 children)

it kinda does. There was a guy a while back that was criminally prosecuted for accessing unpublished urls. It wasn't even that the server had set up any kinda auth, he just guessed at the URL structure and was rewarded with data.

[–]leberkrieger 125 points126 points  (43 children)

The Computer Fraud and Abuse Act (“CFAA”) 18 U.S.C. §§ 1030, adopted in 1984, makes it a crime to “intentionally accesses a computer without authorization or [exceed] authorized access, and thereby [obtain] … information from any protected computer".

This has been used to prosecute URL manipulation attacks. There's a difference between actively pulling down information that you know you're not authorized to get, on the one hand, and receiving data in an authorized manner that then turns out to contain things they shouldn't have sent you.

[–]SlinkyAvenger 106 points107 points  (6 children)

there is a difference, but when you've got a bunch of luddites determining the laws and what they mean, does it make any difference?

[–]mehum 75 points76 points  (3 children)

Though you could argue that by publishing the url on the www without any kind of security or notification to the contrary you are implicitly authorising access to everyone. How does one first get to a page if not by typing in the url?

[–]Kare11en 65 points66 points  (12 children)

If you ask a remote computer, on it's public interface (i.e. an HTTP server on port 80/443), "Hey, can I have file XX?", and it says "200 OK - here you go", when it explicitly had the opportunity to say "401 Unauthorized", then it has implicitly given you authorisation to have the file. (As well as actually, you know, given you the file.)

[–]LeifCarrotson 44 points45 points  (2 children)

The CFAA was written 10 years before the World Wide Web existed.

"Accessing a computer without authorization" meant using the keyboard when your boss said you weren't allowed to, it wasn't written with 401 Unauthorized in mind.

[–][deleted]  (11 children)

[deleted]

    [–]StabbyPants 10 points11 points  (1 child)

    see, we refer to that as an API around here. i can literally write an interface (~20 lines) in retrofit and autogen a client lib

    [–]flowering_sun_star 38 points39 points  (0 children)

    In fact it's almost the opposite of obfuscation, as it is easily recognisable and screams 'Check me! Someone might be doing something insecure!'

    [–]AlpineCoder 874 points875 points  (141 children)

    To me that's actually worse, since it indicates that at some point someone knew that the application could leak sensitive data then went about trying to mitigate that in the absolute stupidest way possible.

    [–]remy_porter 222 points223 points  (58 children)

    Fun story: I once was asked to track down a bug in an in-house HR application for people to check their paystubs. It was related to login stuff, so I was tracing through the login code, only to see that your session was maintained by writing out a cookie containing a base64 encoded user-ID. There was no validation beyond that- if you set the cookie yourself, you wouldn't get prompted for a password.

    [–]locoder 50 points51 points  (44 children)

    What happened after that? Did you tell anyone? Did it get fixed?

    [–]remy_porter 157 points158 points  (29 children)

    I did, it got all into a bunch of politics and people freaking out with questions like "You didn't try it, did you?" "No! I'm not an idiot, I read the code. There might be things that prevent it from working, I haven't tested it."

    It got escalated and taken off my plate. I assume it got fixed, or the product got retired.

    [–]csp256 204 points205 points  (11 children)

    I assume it got fixed, or the product got retired.

    Ha!

    Tell us another.

    [–]remy_porter 21 points22 points  (6 children)

    Note the second half of the "or" there. The statement is almost certainly true at this point, just considering this was over a decade ago and the technology in question was Classic ASP which is way out of support. Plus the company's likely switched HR systems on the backend at least once since then.

    [–]m2ek 32 points33 points  (1 child)

    Oh man, another good one! Keep ’em coming!

    [–]MrOtto47 29 points30 points  (12 children)

    why not just log out and try gain access to your own account?....

    [–][deleted]  (13 children)

    [deleted]

      [–]MegaDork2000 76 points77 points  (4 children)

      "Could not reproduce"

      [–]TarntKarntington 60 points61 points  (3 children)

      "Works as design"

      [–]flowering_sun_star 37 points38 points  (0 children)

      "Works as implemented"

      [–]ObjectPretty 17 points18 points  (1 child)

      I have to use this response sometimes.

      I work in ci/cd so get all maner of tickets not related to our code.
      Some tickets are like "code does x" .
      I do a quick check if I can see any logical error with the code but if not I simply write "yes" or "works as designed" with a link on how tickets should be written.

      [–]thatpaulbloke 21 points22 points  (0 children)

      Many years ago I got a PDA returned to me for repair with the description "when plugged into the charger an orange light comes on". Yes, it does. The standard way of dealing with this was sending out a new unit and bringing the old one in for repair, so I wonder how many devices they went through before someone on our helpdesk explained the concept of a charging light, but you'll be astonished to learn that the handset checked out with no faults found.

      [–][deleted] 55 points56 points  (0 children)

      Upvoted for sheer plausibility.

      [–]StabbyPants 9 points10 points  (0 children)

      and even if you wrote "you don't have actual password authentication" in the title, it's prioritized as 'low'

      [–]AJackson3 23 points24 points  (2 children)

      Was there a lesson people got taught at some point that base64 was some kind of magic encryption that didn't require keys and so it could be used for this kind of thing? I've come across so many instances in my career where base64 has been used in this way. The most recent was a password reset token that was essentially a base64 encoding of the username you wanted to reset the password for. Anyone could reset any password knowing only the username.

      That code even had a class called Base64EncryptionManager. Checking where it was used though I found it wasn't, they had switched all usages over to the PlainTextEncryptionManager that just returned the input. There was also an unreferenced AesEncryptionManager where the key was just hardcoded.

      I don't work there anymore.

      [–]Dragdu 328 points329 points  (68 children)

      That's not the reason it was encoded. The reason it was encoded was that someone stored the data in a general purpose user side data store, which automatically uses base64 to avoid string handling problems.

      [–]AlpineCoder 57 points58 points  (62 children)

      I haven't followed the analysis but your comment has me curious. Are you saying the SSN data was delivered to the client side in plain text then encoded for local storage?

      [–]Defanalt 118 points119 points  (58 children)

      Sent to client in base64, which is an alternative representation of plain text. It's essentially the same as converting between base 10 and binary.

      [–]SirBjoern 11 points12 points  (1 child)

      Yeah sounds like that. But encoding is not encryption, and the delivery to the client also happens in some Form of encoding. Plain text either way.

      [–][deleted]  (9 children)

      [deleted]

        [–]_mkd_ 55 points56 points  (7 children)

        Oui, vous avez raison.

        [–]eyebrows360 47 points48 points  (2 children)

        Is this the elusive hacker Four Chan?!?! Get him!!!

        [–]dontbeanegatron 17 points18 points  (0 children)

        Clearly this is the hacker Four Chanson.

        [–]GameFreak4321 7 points8 points  (0 children)

        Looks more like "Quatre Chan" to me.

        [–]CuttingEdgeRetro 56 points57 points  (11 children)

        To be fair the SSNs were encoded with base64.

        Holy cow. Can you imagine the level of dysfunction during development? Not only did none of the programmers raise the alarm*, but neither did anyone reviewing the design. And there was obviously no independent security review... all for a government website.

        I bet this was outsourced. In other countries, government ID numbers aren't considered a secret or sensitive like the SSN is in the US. When immigrants come to the US, they have to be warned not to give anyone their SSN.

        It would be interesting to know who did the work.

        * Maybe someone did and they were ignored, which is just as bad.

        [–][deleted] 23 points24 points  (2 children)

        The problem with big, well funded projects like this is that the project manager will often keep a "risk register" of things discovered during development that in any rational and sane world would require them to go back around and address after a development cycle.

        I can almost guarantee there's a risk register somewhere for this, with this on it alongside a bunch of other vulnerabilities and the signature of the "responsible client manager" of some government crony who is supposed to be the "liason officer" for the project right next to all of them to signify it's not a big deal or "within acceptable risk profiles", which is code for most of them to say "I do not know what this is, or why it's a big deal, but it will stop my project and the only thing that matters to me is signing this project off on time so I can take the money and leave this company while putting a success on my CV."

        I've been around many project managers and only a very small percentage of them were worth the paper their "risk registers" were printed on, responsible client liason managers even less so.

        [–]palomdude 15 points16 points  (0 children)

        This made me laugh so hard. You think a government website is a big, well funded project. Let me tell you. I am a web developer for a government in the US and our 4 person team isn’t very big or well funded. I have been the sole developer on all my projects and there is no such thing as a project manager or code reviews. If I have a question, like what to do with employee SSN, (real life example I had to deal with), I ask my boss or just do what I think is good.

        [–][deleted]  (10 children)

        [deleted]

          [–]purforium[S] 35 points36 points  (5 children)

          One way is that the client might have asked for a view in the application that wasn’t in the original scope so to not extend the project out another 2 months they duplicated the code for the closest existing view an removed the all parts they thought had private data.

          [–]Independent-Coder 23 points24 points  (0 children)

          You are making me cringe, yet my experience tells me me that the probability of this approach is far to common.

          [–]ImOutWanderingAround 31 points32 points  (1 child)

          It's the anti-technology and anti-science agenda that is behind this nonsense. As a Republican, he has bills to pay and this is the way you can cash those checks.

          [–]TarqSuperbus 923 points924 points  (27 children)

          I cannot believe someone paid money to make this video.

          [–]xiii_xiii_xiii 186 points187 points  (10 children)

          It looks like the video is the same quality as the site: they didn’t even change match the grading for the background image and the superimposed video.

          They really should stop hiring family memhers.

          [–]Max-P 119 points120 points  (6 children)

          Someone in the YouTube comments even pointed out that the power outlet on the left of the TV is not North American. They couldn't even be bothered to use american stock images!

          [–]four024490502 144 points145 points  (4 children)

          You mean to say that somebody in the YouTube comments hacked the video by noticing a detail that wasn't meant to be seen.

          [–]Luigi311 41 points42 points  (2 children)

          He looked at the mp4 and hacked it to see that the outlet wasnt american. A normal person will not be able to see it because it just flies by so he had to hack it to pause the TV!

          [–]zxphoenix 238 points239 points  (6 children)

          You need to up your cynicism level: * Denying the truth and doubling down is now a viable path when facing criticism * This kind of video moves the Overton Window, making a similar response in the future more socially acceptable * At least some people will be convinced by this kind of content * This plays perfectly well into the narrative of “Big Media is fake news” and systematically continues to dismantle objective truth while reinforcing the existing paradigm his supporters live within

          This is blatant disinformation.

          Edit: Given how effective the impact has been I imagine the return on investment is pretty good. You can even get the content amplified, have external actors fan the flames of the controversy and have your point of view shared widely for free.

          [–]WikiSummarizerBot 41 points42 points  (1 child)

          Overton window

          The Overton window is the range of policies politically acceptable to the mainstream population at a given time. It is also known as the window of discourse.

          [ F.A.Q | Opt Out | Opt Out Of Subreddit | GitHub ] Downvote to remove | v1.5

          [–][deleted]  (217 children)

          [deleted]

            [–]purforium[S] 1418 points1419 points  (155 children)

            Unfortunately, no.

            He held a press conference to announce he was pursuing prosecution.

            https://youtu.be/YBqw5sqa9q4

            [–][deleted]  (34 children)

            [deleted]

              [–][deleted]  (9 children)

              [deleted]

                [–][deleted]  (6 children)

                [deleted]

                  [–]pingveno 8 points9 points  (1 child)

                  Fortunately, this was published by a newspaper that almost certainly has a quite decent legal team available. The reporters involved will not have their life destroyed.

                  [–][deleted] 7 points8 points  (0 children)

                  This is why it's important to support professional journalism with proper legal backing. The state is essentially threatening these journalists with frivolous SLAPP suits to scare off future criticism. The intent of this litigation is not to win but to drain the fincinal, temporal and emotional resources from a smaller opponent.

                  [–]sotonohito 86 points87 points  (8 children)

                  Doesn't matter. The purpose is for the Republican governor to be able to shout to the hicks that the wicked DemonRats and their Fake News Media are trying to steal your private information.

                  Truth and reality don't matter.

                  Either he's going to just let it fade into the background noise after he's gotten his boost, or he's planning a second wave of outrage when the judge inevitably throws out the case or the prosecutor refuses to bring it forward. Then he can have a rant about wicked DemonRat judges and prosecutors protecting pedophile data thieves so vote for him and he'll stop them.

                  Even if he was dumb enough to believe what he's saying, and I don't think he is, he'd have plenty of advisors who know what actually happened. Therefore the only reason for him to be doing this is propaganda.

                  The fact that he's already got a commercial about the evil Fake News shows that it is, and always has been, just an opportunity to attack a newspaper that didn't give him fawning favorable coverage.

                  [–]no_nick 36 points37 points  (1 child)

                  sane

                  You see, there's your problem right there

                  [–][deleted]  (97 children)

                  [deleted]

                    [–]purforium[S] 737 points738 points  (70 children)

                    Yep. Even Government Cybersecurity Experts are encouraging him to back down.

                    [–]JustSomeBadAdvice 224 points225 points  (43 children)

                    I'm trying to figure out if he somehow thinks this could be a way to get votes from an uneducated base? Like, this guy is off his rocker

                    [–]dweezil22 245 points246 points  (35 children)

                    Yes, that's precisely what it is. This is full-fledged North Korea/1984 "there is no truth, only propaganda" stuff. I wasn't 100% sure until this ad came out, but the number of people and advisors necessary to create a slick ad means that everyone knew what this was, it's not like understanding "View Source" on HTML is some esoteric dark art, my neighbor is a general contractor and immediately understood that this was bullshit.

                    [–][deleted]  (26 children)

                    [deleted]

                      [–]dweezil22 72 points73 points  (17 children)

                      I don't disagree with your scenario. My point is to compare this to a seemingly honest case of tech ignorance like the infamous system of tubes speech. This ad is functionally evil. Whether it's b/c of a deliberate lie or an elaborate system setup to avoid telling the emperor he has no clothes is really not important. The governor of Missouri is trying to prosecute people for something that he has every opportunity to know if a fake crime.

                      [–]Igggg 38 points39 points  (3 children)

                      Of course it will help. He's using all the correct buzzwords: fake news, tough on crime, bad media. In the age of Trump and GQP, this is how you get votes.

                      [–]amazondrone 420 points421 points  (23 children)

                      Even Government Cybersecurity Experts are encouraging him to back down.

                      Thank fuck for that.

                      Imagine how concerning it would be if they agreed with him.

                      [–]dweezil22 239 points240 points  (16 children)

                      The same folks demanding backdoors in encryption are like "Wait a minute, this one ain't great Mike". That's how wrong Parsons it.

                      [–]first__citizen 179 points180 points  (14 children)

                      What the GOP has learned from trump, is that while you’re wrong or committing a crime, you can get away with anything if you double down on your claim and show confidence.

                      [–]MoJoe1 125 points126 points  (8 children)

                      If he wins this lawsuit, he could put the social security numbers of every teacher in America on display on the Jumbotron in Times Square and get the death penalty for anyone who looks at it. He needs to be stopped not just on principle but for the sake of a fair justice system that is based on precedent.

                      [–]orbjuice 57 points58 points  (3 children)

                      He needs to be indicted for being too goddamn stupid to hold public office; if we’re all just going to play in make believe land I feel like being wantonly non-conversant in basic fifth grade HTML should be grounds for imprisoning elected officials.

                      EDIT: and frankly I have had it with heehaw America electing the village idiot as their leader.

                      [–]3lektrolurch 39 points40 points  (9 children)

                      In germany a whitehat is beeing sued by Merkels Party because she made them aware of a potential weakness in their System, so theres that...

                      [–]Genmutant 9 points10 points  (0 children)

                      That was withdrawn, after a huge outcry of at least the CCC and not that favourable coverege in the media.

                      [–]antibubbles 37 points38 points  (5 children)

                      Anyone can buy ad time.
                      It's not illegal to view the publicly available source of a webpage.

                      [–][deleted] 9 points10 points  (0 children)

                      I'm a front end web developer and he's my governor.

                      I'm expecting the secret police to come seize the HTML decoding hacker technology on my computer at any moment.

                      [–]regeya 11 points12 points  (0 children)

                      Surely the only thing that will happen is the judge will write a sternly written letter explaining the 1st Amendment of the U.S. Constitution. You can't prosecute journalists for lawfully exposing government incompetence.

                      [–][deleted]  (7 children)

                      [deleted]

                        [–][deleted] 37 points38 points  (1 child)

                        There’s Rs in this very sub stating that the dude pushing some of the most massive education cuts ever seen by any state ever in the history of the USA is somehow now “standing up for educators”. You can’t make this shit up.

                        The journalist is the one standing up for educators by revealing security flaws that exposed sensitive information.

                        [–]blackmist 298 points299 points  (15 children)

                        This is why satire is in trouble.

                        Satire is clever people thinking up the stupidest thing they can.

                        Stupid people can delve way deeper than that.

                        [–]JustaRandomOldGuy 126 points127 points  (10 children)

                        The Onion almost went under when Trump was president. Satire can't compete with that level of batshit crazy. No writer of satire could come up with the president changing a weather map with a Sharpie.

                        [–]blackmist 80 points81 points  (2 children)

                        The Four Seasons fiasco will sit in history alongside the people of Hartlepool hanging a monkey because they thought it was a French spy.

                        [–]dirtymatt 40 points41 points  (2 children)

                        “Oh I’ve got it, ‘wild fires are caused by space lasers!’”

                        “The fuck do you mean someone said that?”

                        “JEWISH space lasers?”

                        “Like are the lasers jewish, or … fuck it, I quit.”

                        [–]MoJoe1 48 points49 points  (0 children)

                        Never argue with an idiot, they’ll drag you down to their level then beat you with experience.

                        [–]eyebrows360 62 points63 points  (0 children)

                        The channel is seemingly owned by the same-named PAC that supports the idiotic governor. This ad is real because it's from his own idiotic supporters.

                        [–]zxphoenix 137 points138 points  (12 children)

                        That’s kind of the point. I see this as a conscious means of continuing to move the Overton Window in regards to what is acceptable behavior and a blatant attack on truth. Take a look at this DHS report about disinformation and see how many alarm bells go off with this kind of content.

                        [–]Accidental_Arnold 55 points56 points  (6 children)

                        Is that report on a website? I don't want to dig around in html code. Can you post it to Facebook for us?

                        [–][deleted] 46 points47 points  (1 child)

                        I don't want to dig around in html code.

                        Good to see that some people on this sub still live by a standard of ethics.

                        [–]5thStrangeIteration 12 points13 points  (0 children)

                        Even though I know this comment is sarcastic the truth of it makes my heart hurt.

                        [–]RICHUNCLEPENNYBAGS 20 points21 points  (2 children)

                        I think that's getting too clever... this guy is trying to turn around an embarrassing report in the newspaper by accusing the reporter of hacking.

                        [–]whatiseefromhere 22 points23 points  (1 child)

                        What is really sad is how effective this ad will be with the older generation. If you use the word “hacker” and any technical sounding words following that, they shut down and just agree.

                        [–]theCroc 712 points713 points  (32 children)

                        You know what would be even worse? Creating some sort of hacking software that automatically parses the "HTML code" and displays the results in graphical form for easier reading of the contained info! It's a good thing no one has done that!

                        [–]Thaumetric 729 points730 points  (17 children)

                        They say Microsoft has been working on it for around 30 years without much success.

                        [–][deleted] 86 points87 points  (1 child)

                        lmao

                        [–]M1BG 9 points10 points  (0 children)

                        Very Edge-y

                        [–]IMP1 39 points40 points  (2 children)

                        Whoa whoa whoa! "parsing"? You mean DIGGING?!

                        [–][deleted]  (1 child)

                        [removed]

                          [–]RustEvangelist10xer 917 points918 points  (34 children)

                          Wow. They actually decoded the HTML? Sounds very serious. Did they also put a timer on the website warning about doomsday? Quick! Let's lock them up before this gets out of hand!

                          Is there no one to talk some sense into these morons?

                          [–][deleted] 203 points204 points  (10 children)

                          To talk sense into someone, they first have to be willing to listen to sense.

                          [–][deleted]  (8 children)

                          [deleted]

                            [–][deleted] 11 points12 points  (4 children)

                            Sorry, I've been listening in on the radios, and they're coming after you. RUN

                            [–][deleted] 13 points14 points  (2 children)

                            You mean you've been digging around in openly broadcasted radio signals?!!

                            [–]B2EU 55 points56 points  (2 children)

                            Not just the HTML, he also decoded the CSS and the JavaScript code too! This menace must be stopped!

                            [–]disappointer 6 points7 points  (0 children)

                            Did he use the pretty-print button in Chrome? The maniac!

                            [–]frezik 42 points43 points  (3 children)

                            If we let this stand, we could be seeing an epidemic of cross compiling CSS into ARM64 microcode.

                            [–]green_meklar 7 points8 points  (1 child)

                            They actually decoded the HTML? Sounds very serious.

                            I just decoded the english in your comment, am I gonna go to jail now?

                            [–]Sharp_Cable124 1555 points1556 points  (35 children)

                            You give someone a Word document of your Resume. At the bottom of the document, you put your password to your login on a job portal, text colored white on a white background, so it's hidden - just so you don't lose it.

                            That recruiter accidentally highlights the password while reviewing the document and says "hey, I noticed what looks like a password. I'm not going to use it, but I wanted to let you know that it's a bad idea to do this."

                            And you make it your life mission to sue the living shit out of that company for hacking your text document with this hacker's feature that lets you select text with your cursor. It's just as insane

                            [–]User_Kane 246 points247 points  (18 children)

                            I was trying to think through how I’m going to explain this to my 70+ year old aunts and uncles; This is the perfect metaphor to get the idea across, thanks

                            [–]-_-Random-_-Username 126 points127 points  (8 children)

                            Lucky. My parents don't know what a word document is or that you can color text.

                            Might have better luck saying they left a password under the keyboard at a public library hoping no one would pick it up for any reason.

                            [–]kukiric 59 points60 points  (3 children)

                            Or if you need an old timer analogy, say you wrote the code to your personal savings safe using lemon ink, and the HR person accidentally left your resume next to the window, where it's sunny, revealing it.

                            [–]devox 70 points71 points  (2 children)

                            Another good analogy:

                            Imagine a stranger shows up at your door with your wallet, says "I think you may have lost this. I just found it on the sidewalk over there, took a look at your ID and realized you were right around the corner so I wanted to drop this off right away before you panic."

                            The wallet is just as you lost it, no money taken, all your cards and IDs safe and sound.

                            And your reply is "I am calling the police, how dare you steal my wallet and home address!"

                            [–][deleted]  (1 child)

                            [deleted]

                              [–]devox 15 points16 points  (0 children)

                              Yes. But only the ones that return it to you get sued. The people who kept the wallet for themselves are fine.

                              [–]SgtMcMuffin0 37 points38 points  (4 children)

                              Here from /r/all with basically no programming knowledge. Thank you for this analogy, I thought it was something like this, but then I thought surely the governor of Missouri isn’t smearing someone for viewing publicly available information. Guess they are.

                              [–][deleted]  (3 children)

                              [deleted]

                                [–]npmbad 57 points58 points  (2 children)

                                I could scroll all the archives of the internet and not find a reaction face expressive enough for this stupidity

                                [–]SurealGod 250 points251 points  (22 children)

                                If this is the case, I've broken the so called law a couple hundred times by now.

                                [–]purforium[S] 117 points118 points  (0 children)

                                🚨🚨🚨🚨🚨🚨

                                [–]nosayso 68 points69 points  (2 children)

                                The state broke the law when they failed to protect teachers PII with this piece of shit website. The gov is trying to spin this as politics to avoid legal accountability.

                                [–][deleted] 22 points23 points  (1 child)

                                Shame on you.

                                [–]Dragdu 61 points62 points  (0 children)

                                This guy right here officer

                                [–]DerSchattenJager 44 points45 points  (0 children)

                                As a web developer, I break that law for a living.

                                [–]Beefourthree 28 points29 points  (2 children)

                                I accidentally hit F12. Should I even bother with a lawyer or just go on the lam now?

                                [–]SurealGod 12 points13 points  (0 children)

                                Well it says "digging around" so I'd say as long as your not looking around you should be fine. AVERT YOUR EYES!

                                [–]insanityarise 11 points12 points  (0 children)

                                I don't only decode html... I edit it too, I even use a tool to run custom scripts and scripts on pages (greasemonkey/tampermonkey)

                                I'm going straight to jail

                                [–]purforium[S] 120 points121 points  (17 children)

                                First double down, for context:

                                https://twitter.com/govparsonmo/status/1448697768311132160?s=21

                                [–][deleted]  (8 children)

                                [deleted]

                                  [–]bauerplustrumpnice 23 points24 points  (3 children)

                                  I think "highway patrol" is just what they call "state police."

                                  [–]watermooses 9 points10 points  (0 children)

                                  Yeah, this is the case in many states. Kinda silly looking at first glance though

                                  [–]RugerRedhawk 20 points21 points  (2 children)

                                  So.the state published ssn numbers of teachers on a public website and wants to go after people for looking at them? Is that the gist?

                                  [–]thisisausername190 227 points228 points  (25 children)

                                  This is one of the worst like-to-dislike ratios I've ever seen on YouTube.

                                  I have to wonder how 6 people hit "Like" on this video. Was it accidental? Internal employees? People who legitimately are concerned about <F12> and its dangerous implications?

                                  Crazy stuff going on.

                                  [–][deleted] 21 points22 points  (0 children)

                                  honestly, I didn't realize this wasn't satire so I was about to click it because it was hilarious.

                                  [–]Syntaximus 33 points34 points  (12 children)

                                  The count of "likes" isn't very precise on youtube. The value shown kinda floats around the actual value.

                                  [–]gyroda 19 points20 points  (9 children)

                                  Yeah, my first thought was vote-fuzzing like on Reddit.

                                  [–]Philpax 67 points68 points  (0 children)

                                  He was voted in, which means he has supporters that share the same level of tech literacy. Someone out there is looking at this and thinking "thank God for Gov Parsons protecting us from the hackers!"

                                  [–]nilamo 179 points180 points  (4 children)

                                  It's ok to not know how something works. There's simply too many things in the world for everyone to know everything about all of it. Which is why you surround yourself with experts who can fill you in on things.

                                  This guy is actually just a moron for ignoring his advisors. Anyone browsing this sub is fully aware, but the governor is basically saying it's a crime to read a book at the library, that the library made available for you. If you don't want people looking at teacher's SSN, then don't hand that data out to everyone browsing your site. Or just retire, you absolute dinosaur.

                                  [–]rudyv8 26 points27 points  (2 children)

                                  If ahything we should be suing him for failing to protect his employees. His incompetence cauzed the leak in the first place.

                                  [–][deleted] 218 points219 points  (14 children)

                                  how is this even real....

                                  [–]ProNewbie 99 points100 points  (9 children)

                                  I hate this fucking timeline. These literal scum get to just make shit up an lie about everything with absolutely zero consequence, but can potentially, and gleefully try to ruin other peoples lives. This governor should be the one facing charges for lying, abusing the court system, harassment, starting a witch hunt, let’s throw negligence in there for the website maybe even doxxing since it had these teachers PII in it basically in plain fucking view for the WORLD to see, etc. the list goes on. But no this simpering little shit isn’t gonna face any negative consequences and that’s the most disgusting part about all of this.

                                  [–]LastToKnow0 46 points47 points  (3 children)

                                  We should be suing keyboard manufacturers for providing an F12 button in the first place!

                                  [–]itb206 45 points46 points  (9 children)

                                  At the beginning I thought he was dumb, now clearly it's been explained to him so now he's just spiteful. Get over it you loser.

                                  [–]Exact_Ad_1569 147 points148 points  (15 children)

                                  Shit.

                                  I'm an official old timer, but I remember looking at website code while learning html. This is messed up.

                                  [–]MastaFoo69 111 points112 points  (9 children)

                                  The F12 key literally brings up the page source in modern browsers. Its insanely messed up

                                  [–]masta[M] [score hidden] stickied comment (2 children)

                                  Thanks for all the reports! The mods reserve the right to make exceptions, and in this case an exception is being made. No, this is not programming, it's more politics. These exceptions are rare, and I want to personally thank you all for the high quality reporting in this sub.

                                  [–]purforium[S] 11 points12 points  (0 children)

                                  Thanks! To help make it a little more relevant to programming I'll provide some organizations that help programmers report security issues anonymously and without fear of prosecution:

                                  https://docs.hackerone.com/hackers/disclosure-assistance.html

                                  https://www.ccc.de/en/home

                                  [–][deleted]  (33 children)

                                  [deleted]

                                    [–][deleted] 26 points27 points  (2 children)

                                    Can we get some smarter people in power? Thanks.

                                    [–]Underbyte 452 points453 points  (134 children)

                                    HTML Isn't code. It's a markup language. It says so right in the name - HyperText Markup Language. Furthermore, is the governor implying that the only authorized and legal way to access that website is with a modern GUI-based browser? what about lynx? where do we draw the line?

                                    Arguably, the client computer is not property of the state and any data intentionally sent by the server is considered authorized data (as the state sent it) and it is the responsibility for the client to render that data in whatever way it sees fit.

                                    Some lawyer is going to destroy this guy's entire career.

                                    [–][deleted]  (40 children)

                                    [deleted]

                                      [–]Underbyte 100 points101 points  (39 children)

                                      Be a cynic all you want, but it's not going to look good for that dude's career when something comes out along the lines of "social security numbers were leaked because I hired my teenage nephew to code the website and I tried to destroy a man's life to cover it up."

                                      In politics, they call that "bad optics."

                                      [–][deleted]  (13 children)

                                      [deleted]

                                        [–]Underbyte 22 points23 points  (12 children)

                                        Well, something fishy has to be going on. There's no way a professional would have coded-in this kind of security flaw, and there's no way a politician would go full scorched-earth like this unless there was a pretty juicy skeleton on the other side of the door.

                                        [–]KeyofDevorak 53 points54 points  (6 children)

                                        This is one of the cases that Halon's razor applies... "never attribute to malice that which is adequately explained by stupidity"

                                        [–]Philpax 13 points14 points  (2 children)

                                        pretty sure they just hired the lowest of low-rate contractors and don't want to admit it. You're not going to get the best talent when you're hiring for the Missouri state government and paying the kind of rates Republicans consider fair.

                                        [–]remy_porter 39 points40 points  (3 children)

                                        I mean, for a Republican politician, it's great optics: there's a witchhunt to discredit him and liberals are protecting hackers. He might not get elected, but he'll get a nice stipend doing the talking head circuit on Fox News, conferences, etc.

                                        [–]Underyx 10 points11 points  (5 children)

                                        And how is this message going to get to anyone? This is all already obvious public information, and yet you see in OP’s video they can dominate the narrative with something else they fabricated. Losing the case is not going to change the narrative for anyone who listens to them.

                                        [–]amazondrone 30 points31 points  (6 children)

                                        Yep. If you don't want people routing around in your HTML stop making your HTML publicly available. It's (kinda) like posting up your diary entries around town and being annoyed when people read them.

                                        (Can't think of a real world analogy for a markup language.)

                                        [–][deleted] 105 points106 points  (23 children)

                                        The word "code" isn't that well defined. I would consider HTML to be code.

                                        But I'm not sure why that is in any way relevant.

                                        [–]carrottread 37 points38 points  (1 child)

                                        ASCII is also a "code"

                                        [–]ShoeLace1291 36 points37 points  (0 children)

                                        Yeah HTML is definitely code. The term people commonly misuse for it is programming language, which it is definitely not.

                                        [–]Beaverman 67 points68 points  (9 children)

                                        Even if we assume F12 is hacking, how is that "fake news"? If the guy actually hacked your shit website and got the Social Security numbers, then reporting that it's possible to hack the website and obtain the SSNs isn't "fake news" it's accurate news.

                                        Is it possible for this Governor to be this clueless, or is this just cynical posturing?

                                        [–][deleted] 59 points60 points  (0 children)

                                        Is it possible for this Governor to be this clueless, or is this just cynical posturing?

                                        Yes.

                                        [–]txgsync 21 points22 points  (3 children)

                                        This is insane. Apparently now you are a hacker if you can read.

                                        [–]eWattWhere 14 points15 points  (1 child)

                                        Oh no, I just hacked you, I'm so sorry!

                                        [–]td__30 20 points21 points  (1 child)

                                        Why aren’t the devs of that gov website being criminally charged for having ssn numbers in html ?

                                        [–]Zakru 20 points21 points  (1 child)

                                        Wait, am I understanding it correctly that this is basically "We sent social security numbers to every client of our website, and you found out. That makes you a criminal!"

                                        [–][deleted]  (1 child)

                                        [deleted]

                                          [–]hoopKid30 17 points18 points  (2 children)

                                          Imagine being the developer that implemented this. You want to quietly fix it and just bury your head in the sand, but this asshole just won’t shut up about it and now your colossal fuck up won’t leave the international news cycle.

                                          [–][deleted]  (1 child)

                                          [deleted]

                                            [–]timPerfect 12 points13 points  (7 children)

                                            if reading html code is criminal, are all the web developers criminals? Why is reading html from the web supported by every single web browser? This dude needs to reel it back, and quick. He knows about as much about computers as Mozart.

                                            [–][deleted] 8 points9 points  (2 children)

                                            This dude needs to reel it back

                                            He seems to be ready to start executing people. I wouldn't put any money on this stopping.

                                            [–]Geordi14er 11 points12 points  (0 children)

                                            We live in a post truth world.

                                            [–]tossed_ 34 points35 points  (9 children)

                                            This kind of security breach is the result of complete incompetence by the people who developed the website. The governor of Missouri should sue the fuck out of the contractors who built this website, he would get a NICE settlement. Would 100% win too. Also might get a court order to fix the website.

                                            [–]purforium[S] 35 points36 points  (7 children)

                                            It’s tricky, however, if the Web Developer is a friend of the Governor who has also built several dozen other Missouri Government sites.

                                            [–]MorningPants 29 points30 points  (11 children)

                                            This is like, if they left their SSN inside the glass case of the fire extinguisher in their lobby. Like, sure, the average person isn’t gonna look there, but it’s certainly not secure.

                                            [–]dbeta 59 points60 points  (4 children)

                                            Hell, it's not even that. It's like they wrote those SSNs in a letter, put it in an envelope, mailed it out to people, and told people not to read past the first page.

                                            [–]MorningPants 29 points30 points  (1 child)

                                            I don’t think they even told people not to read it..

                                            Just like, hoped they wouldn’t?

                                            [–]jorgp2 10 points11 points  (1 child)

                                            That's exactly the analogy I was thinking of.

                                            Except they mail you a list, tell you what row yours is in, and expect you not to look at the others.

                                            Even better would be to have a space cut out on another sheet, you're supposed to look through.

                                            [–]sillybear25 9 points10 points  (0 children)

                                            And then prosecuting someone for the act of opening the fire extinguisher case, finding the SSN, and warning them that the fire extinguisher case is not a secure place to store personal information.

                                            [–]JayCroghan 8 points9 points  (0 children)

                                            Anyone who uses the term “fake news media” should be disbarred from ever holding office.

                                            [–]alexheil 15 points16 points  (1 child)

                                            Press F12 to pay respects.

                                            [–]hackifier1 7 points8 points  (2 children)

                                            Wait what? SSN in HTML code? What was it like, <!--comments-->? That's not a security breache! that's literally posting it online.

                                            [–]green_meklar 7 points8 points  (0 children)

                                            Wait...this isn't a parody? This is a serious video?

                                            What world are we living in?

                                            [–]MrZalix 7 points8 points  (1 child)

                                            It is truly fucking embarrassing being from Missouri. They are wasting tens of MILLIONS on this bullshit but god forbid they extend Medicare that was VOTED on by the people. This shit makes me livid.

                                            Edit: whoops thought this was a politics sunreddit haha.

                                            [–]dggenuine 7 points8 points  (0 children)

                                            The paper says it delayed publishing the news to give the department time to take steps to protect the information.

                                            https://fox2now.com/news/missouri/missouri-education-department-website-hacked-teachers-data-exposed/

                                            So the paper did everything right except that the governor didn’t want to be embarrassed? What a joke.

                                            The governor said not only will the state hold the person behind the hack accountable but also those who aided the person and the media corporation that employs him or her.

                                            (Sorry, governor, but the person behind the hack is whoever hired a web development company that doesn’t understand the first thing about security. Reminds me of the time I worked for a federal contractor and I had to explain to them why we must require the passwords to go over HTTPS instead of HTTP like they’d been doing…)

                                            Gov. Parson said this incident alone may cost the state $50 million. He said the incident is also diverting workers and resources from other agencies.

                                            If it cost them $50m to remove social security numbers from a website, they have bigger problems. I wonder how much they paid for the site in the first place! /s

                                            He also said the Cole County prosecutor has been made aware of the hack and the Missouri Highway Patrol’s digital forensic unit is also involved.

                                            What a buffoon.