Skip to main content

Outdated versions of WordPress and Drupal led to the Panama Papers leak

Panama Papers firm used old software
If you haven’t already learned the importance of updating your computer software, take a lesson from Mossack Fonseca. The Panamanian law firm that recently had 11.5 million documents leaked was using old client portal, email access, and website software, according to a reports with slightly different findings from Forbes and WP Tavern. No one knows for sure how the leak happened (except the person or persons behind it), but the obsolete software may have contributed to the world’s largest data breach ever, now referred to as the Panama Papers.

Politicians, financiers, and athletes around the world are disputing wrongdoing, resigning their posts, or working furiously to cover their tracks in the international blowback from the massive leak. Mossack Fonseca has denied any wrongdoing, but you can bet it is having hard talks with its IT personnel in the coming days.

Forbes reported Mossack Fonseca was running a three-month old version of WordPress web site software. However, when WP Tavern looked at the source code it found evidence the firm was using an even older version of WordPress (4.1), released in December 2014. Fifteen month old site software is ancient for web building, not just for updated design features, but especially because of the numerous critical security updates that are issued.

The Panamanian firm was also running three-year old version 7.23 of the open source client portal program, Drupal. Version 7.23 is notorious for its vulnerability according to WP Tavern, and since that release Drupal has issued 25 security updates. To top it all off, the firm’s unencrypted email was handled by a 2009 version of Microsoft Outlook Web Access.

While politicians scurry and in at least one instance a country is censoring any mention of the papers, the lesson for all of us is clear. Keep your software updated or someday every email you’ve ever sent, received or drafted, every document, image, or rough notes may be out there for the whole world to scrutinize.

Editors' Recommendations

Bruce Brown
Digital Trends Contributing Editor Bruce Brown is a member of the Smart Homes and Commerce teams. Bruce uses smart devices…
Another WordPress exploit hits thousands of sites
another wordpress exploit hits thousands of sites wordpressheader2

The downside of becoming a popular content management system is that more and more people are looking for bugs you may have, in order to exploit them. It makes sense, as the more people use something, the more potential targets you have if you find a bug. But for WordPress' developers, it must be an exercise in frustration patching holes as often as they need to.

Yet another bug has been found in the popular CMS in the past couple of weeks, and it's seen thousands of sites targeted and millions of visitors made vulnerable. Visitors to sites that have been compromised risk being redirected to a site that attempts to infect them with the Nuclear Exploit kit, an ever-evolving arsenal of malware that can inject ransomware into a system, locking the desktop and encrypting files while demanding payment to return them to normal.

Read more
WordPress vulnerability affects millions of sites, and yours could be next
Wordpress 2015 Security Flaw Vulnerability

According to a post by the security research team at Sucuri, millions of Wordpress websites could be at risk for exploitation thanks to a defect in a popular theme included in the default setup.

The exploit feeds off an XSS vulnerability known as a "DOM-Based XSS," or Document Object Model. According to the independent vetting agency, DOMs are used to teach a browser how to display headers, images, text, or links that are displayed inside a WordPress loadout theme.

Read more
Skype now supports 911 calls in the U.S.
iPhone with the Skype mobile app loading screen.

Skype has updated its mobile and desktop apps to allow emergency calling in the U.S. for the first time in its 18-year history. Calls to 911 are also possible via Skype’s web-based service, notes for the recently released Skype 8.80 showed.

Emergency calling from Skype could come in handy if you find yourself in a tricky situation without a phone but have a computer close by, or if phone lines are down but you can get online.

Read more