A cybersecurity professor who verified the vulnerability that left the Social Security numbers of upwards of 100,000 teachers accessible on a Missouri website is demanding Gov. Mike Parson apologize after he threatened those who exposed the weakness with prosecution.
An attorney for University of Missouri-St. Louis Professor Shaji Khan sent a letter Thursday to Parson, the Missouri Department of Elementary and Secondary Education (DESE) and other agencies telling them to preserve records related to the episode — often a first step before a lawsuit.
The letter is the first indication that Parson may face a legal challenge over his response to a St. Louis Post-Dispatch story last week detailing how Social Security numbers had been left exposed on a DESE website. The day after publication, Parson called a news conference where he threatened the newspaper, its journalists and those who helped them with prosecution — and said law enforcement would investigate.
Author(s): Jonathan Shorman and Jeanne Kuang, The Kansas City Star
Publication Date: 22 Oct 2021
Publication Site: Governing
When the Defense Information Systems Agency sought a new satellite services acquisition on behalf of the Navy, it included a spreadsheet so bidders could fill in their prices. But the spreadsheet included the prices from the current contract, which were supposed to be inaccessible. For how things turned out, Smith Pachter McWhorter procurement attorney Joe Petrillo joined Federal Drive with Tom Temin.
Joe Petrillo: Sure. This is another excel spreadsheet disaster, and we talked about one a few weeks ago. It involved an acquisition of satellite telecom services for the Navy’s Military Sealift Command. It was an acquisition of commercial satellite telecommunications services. And they were divided into both bandwidth and non-bandwidth services. And the contract would be able to run to for up to 10 years in duration. Part of the contract, as you said, was an excel spreadsheet of the various different line items with blanks for offers to include their price. Unfortunately, this spreadsheet had hidden tabs, 19 hidden tabs, and those included, among other things, historical pricing information from the current contract. So Inmarsat, which was the incumbent contractor, holding that contract, notified the government and said, look you’ve disclosed our pricing information, do something about it. So the government deleted the offending spreadsheet from the SAM.gov website. But they understood and this was the case, third party aggregators had already downloaded it, and it was out there, it was available.
Author(s): Tom Temin, Joe Petrillo
Publication Date: 8 July 2021
Publication Site: Federal News Network
Current and former top executives at SolarWinds are blaming a company intern for a critical lapse in password security that apparently went undiagnosed for years.
The password in question, “solarwinds123,” was discovered in 2019 on the public internet by an independent security researcher who warned the company that the leak had exposed a SolarWinds file server.
Several US lawmakers ripped into SolarWinds for the password issue Friday, in a joint hearing by the House Oversight and Homeland Security committees.
“I’ve got a stronger password than ‘solarwinds123’ to stop my kids from watching too much YouTube on their iPad,” said Rep. Katie Porter. “You and your company were supposed to be preventing the Russians from reading Defense Department emails!”
Author(s): Brian Fung and Geneva Sands
Publication Date: 26 February 2021
Publication Site: CNN