Enlarge / Cybersecurity professor Shaji Khan of University of Missouri–St. Louis. (credit: University of Missouri–St. Louis )
The cybersecurity professor who helped uncover the Missouri government’s failure to protect teachers’ Social Security numbers has demanded that the state cease its investigation into him and stop making “baseless accusations” that he committed a crime.
As we reported on October 14 , Missouri Gov. Mike Parson threatened to prosecute and seek civil damages from a St. Louis Post-Dispatch journalist who identified a security flaw that exposed the Social Protection numbers of teachers and other school employees. The state is also investigating Shaji Khan, the cybersecurity professor at the University of Missouri-St. Louis who assisted the Post-Dispatch journalist verify the security vulnerability.
This will be all happening despite the fact that the state government made teachers’ Social Security numbers available in an unencrypted form in the particular HTML source code of a new publicly accessible website. The governor’s strategy of blaming those who discovered the flaw earned him widespread mockery on social media from people who are familiar with the standard “view source” function present in major web browsers.
Read 19 remaining paragraphs | Comments
