PSA: Your Mac and Website Security
While one of my passions is local government (which is why I love doing the Park Rag), my “day job” is in the computer industry. This week we had a security auditor come in and review my company’s security. The auditor was good … and intense. He had just finished 4 years in Kuwait working on bases, securing the military computer infrastructure.
Out of that security review, two things came to light that I wasn’t aware of that I think may help others in Park City. The first is around our computers. I use a Mac, and as I sit in coffee shops and attend government meetings, I see a lot of other people do too. I had never bothered getting antivirus/firewall software for my mac. I thought that was something for “those Windows folks” to be concerned with. The auditor was able to hack my Mac in about 5 minutes. He said that about 5 years ago it was true that Mac users didn’t need to worry about security but that time has passed.
So, if you use a Mac and don’t have your firewall turned on and don’t have virus software installed, I would recommend you do both. In my research, a company called Sophos seems to have a good antivirus package for Macs that is free. In addition to virus scanning you will also want to turn on your firewall. To turn your firewall on, click on the apple in the upper left of your screen, click System Preferences, click the Security Icon, select the Firewall tab, and enable it (you may need to click the lock in the lower left hand corner to be able to turn it on). What the firewall does is block incoming connections to your computer (unless you specifically OK them).
The second issue is around a popular piece of software that makes it easy to run a website. That software is called WordPress. It’s what we run here at the Park Rag. The problem is that there is currently a huge hole in WordPress that let’s someone take over your website. If you have comments enabled on your site, a malicious person can send through characters that allow them to take over your website. This vulnerability exists in the most recent versions of WordPress.
While you may not think this sort of thing applies to you, last month the Running With ED WordPress site was hacked and pointed people to a Viagra site. So, your website may be running WordPress and not even know it. You can use this website to check if your site is on WordPress. If it is, you will want to check with your tech folks to make sure that your site isn’t at risk.
If you have questions, feel free to email me or leave your questions in the comments. I’m happy to help.
Leave a Comment