Top Tweets for SSNs

@mmasnick lol that may have been ambiguous -- I am referring to the state's unauthorized disclosure of SSNs

Ok, so it turns out they rot13 encoded the SSNs which means they knew they were leaking the info to the public and thought that made it safe. Obfuscation is not encryption, this makes it more ridiculous.

@GovParsonMO Browsers (all of them) download that information just to show you the site. Your government is passing out SSNs in the same way that millions of people will hand out candy to any kid who shows up saying "trick or treat" on Halloween. You're mad because they opened the candy.

@TheOnlyAyub @Eddie51313055 @RealJoseph123 @JWOLFFH @caitlinmcqulity @verge I dont think that's a good idea. But you could try to sarcastically defend Missouri's governor. Also, as far as I've heard the SSNs were ROT14-encoded. Laughable.

@flowingdata The funny thing, is that you don't even need to view the source code to get the SSNs, you just turn-off the CSS and voilá!

This is why I hide all my SSNs in a closed shadow root, because closed shadow roots are secure by default…

@reassuringURL @AlyssaM_InfoSec @GovParsonMO Possibly that very last clause, if the reporter made SSNs available to co-workers. More likely whom ever build the system violated 407.1355.

Reporter does a right-click, view page source, sees that teacher SSNs are publicly viewable on state website. Doesn’t report about it until after website has been fixed. Governor now wants reporter arrested for “hacking.” 🙄…

There is a fundamental misunderstanding of how the web works and what constitutes a hack on the part of this Governor. If he was truly worried about SSNs being exposed, he might spend some time being intellectually curious on what “View source” means.…

@maddogeco @simplebutgood @th3j35t3r AND governor wants to investigate the guy who discovered and reported these SSNs -- calling him a hacker.

@twcarey @GovParsonMO Who wants to bet those SSNs are stored in plain text too.

@nytimes This is just nonsense. The government webserver was sending out protected information to anyone who bothered to look, the reporter was just first. It's like the Missouri govt sent out a bunch of letters with SSNs in them, and then charged people for opening the envelope.


@ErrataRob The SSNs were in the HTML comments. HTML documents are transferred to your computer so that they can be viewed. It’s normal and allowed to view HTML source. A “no trespassing sign” would be equivalent to the backend demanding authentication, which it didn’t.

Typical politician... blame someone else for YOUR screwup.... @GovParsonMO You need a new advisor. ANYONE who looks at a webpage can see the HTML code. It's viewable. No hacking needed. Don't pull the personal data (SSNs) into the page!!!…

totoo nga nasa isip ko hahaha ssns masarsp tulog nyo dalawa hahaha

@ErrataRob If we're talking trespassing law, what happened here was the equivalent of this person walking into a public place, looking to his left, and seeing a sign with SSNs on it with a note that said no peeking. He mentions it to the person in charge and they arrest them.

@GovParsonMO You do realize SSNS SHOULD NOT BE IN THE HTML if they are not supposed to be viewed? There’s no “decoding” involved. It is just there, even if it is not displayed. It is in the browser cache of anyone who viewed those pages. That is a *MASSIVE* personal info leak on your part!

.GovParsonMO wants the newspaper investigated for hacking. A public-facing website run by the state had SSNs in the HTML given out to every web browser.

@RayRedacted I mean, when you base64 SSNs into HTML, it's like dumping chum in the ocean

@sandhawke @neumarcx >What is a specific tangible harm Alice avoids by using DIDs? Identity theft due to proliferation of correlatable identifiers such as SSNs, driver's license nos., phone nos.... No need to share such nos. See explanations and case studies just posted here:…

@mikaelhajje @CurranBoP Was actually exceptional about 3 ssns ago but haven’t watched much since.

@BVDGRRL I wouldn’t be surprised if their web app was dumping the SSNs to the page and they “fixed” it by simply putting HTML comment tags around it. I’ve seen worse.

@GovParsonMO Maybe the government should be held liable for storing SSNs in clear text?

If “decoding the html” is all a hacker had to do to get a bunch of SSNs it’s time for a security audit.…

For the record, it’s not about “ease” it’s about the fact that it was found in html the server sent to the researcher. As in the programmers put peoples SSNs, barely encoded, into the response of the application. GDI, Jonathan just stop with the hot takes.…

Someone right-clicked/inspected a MO state website and saw SSNs in plain text (an obvious and dangerous no-no for the developer). Something literally anyone with a browser can do. Informs the state they should change that. And now the Gov. wants that person prosecuted…

Encryption is the process of using a secret "key" (itself a piece of data) to scramble other data, so that it can only be decrypted and read by someone with the matching key. The SSNs embedded in this web site's code were not encrypted, so no key was needed to view them. 15/

Here is where we get into a technical area. The SSNs embedded in the web page were *encoded* using a system called Base64. 12/

@GovParsonMO Good god man. You put SSNs on a publicly accessible page and then blame the person that noticed. Please leave policy around technical issues to people who understand technology. This person simply looked at the info you gave him

@KatieKull1 @KurtEricksonPD You know what this is really over? The Post-Dispatch found out the form to enter SSNs in used used <input type="text"> (UNENCRYPTED PLAIN TEXT) instead of <input type="password"> (ENCRYPTED). Do you have that one guy at work who always has an excuse not to do sthg? That's Parson.

A Missouri state website accidentally put teachers’ SSNs in their HTML source code. A newspaper noticed the bug and reported it to the state. The governor then accused the newspaper of hacking their website. 🤦🏼‍♀️…

@phonedude_mln @SenBlumenthal @GovParsonMO Sounds like they should be prosecuting the software company that were making the blatant mistake of providing unencrypted SSNs in cleartext html.

@jonathandata1 @MalwareTechBlog I havent seen anyone humiliating the victims whose SSNs were leaked. Everyone is making fun of how pressing the F12 key is now considered a “hack.”

Man, it's a good thing real hackers would never go through 8 whole steps before getting to the SSNs.…

@GovParsonMO Real simple: You had SSNs on your org computer. Your org sent them to somebody elses computer. At this point you already have failed. The rest is unimportant. Doesn't matter how they were accessed, it matters that your org made them accessible.

[自動]携帯が壊れてSNSの会話全部飛んだ 話途中だった人、この機会に話したい人は俺に言って *SSNSはbot限定

If it only took 8 steps to get peoples' SSNs in plaintext then you flatly failed to secure the data. I doubt that said journalist is a sophisticated system cracker. This guy already has quite the synography about himself on Wikipedia, and sure enough this incident is there too.

Trends for United States

4.251 Tweet
19,6 B Tweet
43,4 B Tweet
4.201 Tweet
8.649 Tweet
1.777 Tweet
252 B Tweet
189 B Tweet
1.877 Tweet
30,6 B Tweet
1.189 Tweet
1.071 Tweet
2.685 Tweet
3.928 Tweet
131 B Tweet
7.558 Tweet
1.993 Tweet
2.321 Tweet