Politicians, financiers, and athletes around the world are disputing wrongdoing, resigning their posts, or working furiously to cover their tracks in the international blowback from the massive leak. Mossack Fonseca has denied any wrongdoing, but you can bet it is having hard talks with its IT personnel in the coming days.
Forbes reported Mossack Fonseca was running a three-month old version of WordPress web site software. However, when WP Tavern looked at the source code it found evidence the firm was using an even older version of WordPress (4.1), released in December 2014. Fifteen month old site software is ancient for web building, not just for updated design features, but especially because of the numerous critical security updates that are issued.
The Panamanian firm was also running three-year old version 7.23 of the open source client portal program, Drupal. Version 7.23 is notorious for its vulnerability according to WP Tavern, and since that release Drupal has issued 25 security updates. To top it all off, the firm’s unencrypted email was handled by a 2009 version of Microsoft Outlook Web Access.
While politicians scurry and in at least one instance a country is censoring any mention of the papers, the lesson for all of us is clear. Keep your software updated or someday every email you’ve ever sent, received or drafted, every document, image, or rough notes may be out there for the whole world to scrutinize.
Editors' Recommendations
- New malware can steal your credit card details — and it’s spreading fast
- This new Windows 11 feature will help you protect your passwords
- Spellcheckers in Google Chrome could expose your passwords
- Hackers can now sneak malware into the GIFs you share
- More than 80% of websites you visit are stealing your data
