Draft:Jason Parker (cybersecurity)
 | Review waiting, please be patient.
This may take 3 months or more, since drafts are reviewed in no specific order. There are 2,723 pending submissions waiting for review.
Where to get help
How to improve a draft
You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Editor resources
Reviewer tools
|
Jason Parker | |
|---|---|
| Born | July 17, 1982 |
| Years active | 2023–present |
| Known for | Cybersecurity discoveries |
| Website | https://ꩰ.com/@north |
Jason Parker (born July 17, 1982) is a cybersecurity researcher known for identifying and disclosing vulnerabilities in various software, particularly those related to government technology. Parker's cybersecurity work primarily focuses on court and public records request systems, where they have exposed significant security flaws that could potentially compromise sensitive and confidential information.
Vulnerabilities[edit]
U.S. Court Record Systems[edit]
In late 2023, Parker discovered[1][2][3][4] several vulnerabilities in court record systems from Tyler Technologies, Catalis, and Henschen & Associates, which are used across Florida, Georgia, Ohio, and several other states. These vulnerabilities exposed sealed, restricted, and confidential court filings to the public, using only a web browser for access. The disclosures led to mixed responses, with some systems quickly remedied and others, such as Florida’s Lee County, threatening legal action against Parker.
Records Requests Systems[edit]
In January 2024, Parker uncovered[5] significant vulnerabilities in the GovQA platform by Granicus, which is used by numerous state and local governments to manage public records requests. The vulnerabilities could have allowed unauthorized access to sensitive information, including IDs and medical records. These were patched after Parker reported them to Granicus and the Cybersecurity and Infrastructure Security Agency.
U.S. Court Electronic Filing Systems[edit]
In April 2024, Parker began investigating vulnerabilities in electronic court filing platforms. Their first significant discovery[6] was in multiple versions of EZ-Filing, a system developed by Catalis, which permitted users to access sensitive information, including sealed court documents and personal data. When there was no response from Catalis regarding the reported vulnerabilities, Parker contacted PSG Equity, a major financier of the company, underscoring challenges in vendor responsiveness in cybersecurity, where issues may only be addressed when facing potential financial implications.
References[edit]
- ^ Whittaker, Zack (2023-11-30). "Security flaws in court record systems used in five US states exposed sensitive legal documents". TechCrunch. Retrieved 2024-05-05.
- ^ Lowrey, Brandon (2023-11-30). "Software Flaws Exposed Sealed Court Docs, Researcher Says". Law360. Retrieved 2024-05-05.
- ^ "Multiple Vulnerabilities Affecting Web-Based Court Case and Document Management Systems". Cybersecurity and Infrastructure Security Agency. 2023-11-30. Retrieved 2024-05-05.
- ^ "Sarasota Clerk and Comptroller Confirms No Breach of Private Information Obtained Via ClerkNet". Sarasota County Clerk and Comptroller. 2023-11-30. Retrieved 2024-05-06.
- ^ DiMolfetta, David (2024-03-07). "Flaws in public records management tool could let hackers nab sensitive data linked to requests". Nextgov/FCW. Retrieved 2024-05-05.
- ^ Lowrey, Brandon (2024-05-07). "Cybersecurity Flaws Uncovered In 3 States' E-Filing Systems". Law360. Retrieved 2024-05-08.
External links[edit]