Politicians, financiers, and athletes around the world are disputing wrongdoing, resigning their posts, or working furiously to cover their tracks in the international blowback from the massive leak. Mossack Fonseca has denied any wrongdoing, but you can bet it is having hard talks with its IT personnel in the coming days.
Forbes reported Mossack Fonseca was running a three-month old version of WordPress web site software. However, when WP Tavern looked at the source code it found evidence the firm was using an even older version of WordPress (4.1), released in December 2014. Fifteen month old site software is ancient for web building, not just for updated design features, but especially because of the numerous critical security updates that are issued.
The Panamanian firm was also running three-year old version 7.23 of the open source client portal program, Drupal. Version 7.23 is notorious for its vulnerability according to WP Tavern, and since that release Drupal has issued 25 security updates. To top it all off, the firm’s unencrypted email was handled by a 2009 version of Microsoft Outlook Web Access.
While politicians scurry and in at least one instance a country is censoring any mention of the papers, the lesson for all of us is clear. Keep your software updated or someday every email you’ve ever sent, received or drafted, every document, image, or rough notes may be out there for the whole world to scrutinize.
