科技回声

6 条评论

tyingq超过 3 年前

Ah, so finally the detail. The site was apparently an ASP.NET site, and they were putting the whole SSN into the "VIEWSTATE" object.Which looks something like this in the html:<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="BASE64STUFFHERE=">There is a choice to encrypt it, but I'm skeptical how useful that is, or that it was enabled in this case.So the "hack" was "view source" -> decode some base64 data sitting in plain sight.Edit: A little bonus. This bizarre video from a PAC the governor started, still trying to call this "hacking": <a href="https://www.youtube.com/watch?v=9IBPeRa7U8E" rel="nofollow">https://www.youtube.com/watch?v=9IBPeRa7U8E</a>

评论 #28995110 未加载

评论 #29001775 未加载

breckenedge超过 3 年前

My biggest fear is that nothing comes of this. The elected representatives of Missouri are making accusations that should be laughed out of court.

评论 #28993008 未加载

评论 #28993351 未加载

_dg6h超过 3 年前

If you care about this issue, please consider signing this petition urging Governor Parson to apologize.<a href="https://www.change.org/p/governor-parson-apologize-to-st-louis-post-dispatch-which-responsibly-disclosed-data-leak" rel="nofollow">https://www.change.org/p/governor-parson-apologize-to-st-lou...</a>Do petitions accomplish much? I don't know. Still, someone needs to tell this guy he's an idiot.

评论 #28996970 未加载

wly_cdgr超过 3 年前

Incredible and terrifying that this needs to be explicitly asserted

literallyaduck超过 3 年前

Decoding viewstate might technically be illegal according to the DMCA, but shouldn't be and if the journalist is convicted they should be immediately pardoned.

评论 #28995800 未加载

huatilla超过 3 年前

The Computer Fraud and Abuse Act outlaws "unauthorized access". The website owner clearly did not authorize access to that, so the letter of the law may have been violated. Maybe the law should require malice, criminal intent, and actual harm to have happened for "unauthorized access" to be a crime.

评论 #28996379 未加载

评论 #28996895 未加载

评论 #29008605 未加载

6 条评论

tyingq超过 3 年前

评论 #28995110 未加载

评论 #29001775 未加载

breckenedge超过 3 年前

My biggest fear is that nothing comes of this. The elected representatives of Missouri are making accusations that should be laughed out of court.

评论 #28993008 未加载

评论 #28993351 未加载

_dg6h超过 3 年前

评论 #28996970 未加载

wly_cdgr超过 3 年前

Incredible and terrifying that this needs to be explicitly asserted

literallyaduck超过 3 年前

Decoding viewstate might technically be illegal according to the DMCA, but shouldn't be and if the journalist is convicted they should be immediately pardoned.

Viewing website HTML code is not illegal or “hacking,” prof. tells Missouri gov.

6 条评论

Viewing website HTML code is not illegal or “hacking,” prof. tells Missouri gov.

6 条评论