Results 1 to 3 of 3

Thread: WHS computers missing critical security patches again -- and how to check yours

  1. #1
    Join Date
    May 2015
    Posts
    63

    Default WHS computers missing critical security patches again -- and how to check yours

    An important message to students at Wayland High School and their parents:

    We recently discovered that critical security patches have not been installed on the Macs used by Wayland High School students. Macs used by teachers, counselors and staff may also be affected. This is a major risk to the privacy of your data, and a recurring problem. Here is how you can check the status of your Mac:

    1. Check the version of Flash Player: This is the most bug ridden and insecure Web app on the market, but WPS continues to use it. Security patches are constantly being released. This Adobe web page will automatically check the version of Flash Player running on your Mac: https://helpx.adobe.com/flash-player.html Click on the orange "Check Now" button. If your Mac needs to be updated a menu like this will appear:

      Name:  Flash Player update notice on Adobe site.jpg
Views: 132
Size:  62.4 KB

      If your Mac needs to be updated as of 19 April, it is missing at least 21 "extreme risk" security patches that would allow a hacker to take complete control over your Mac via the internet.

    2. Check for other missing updates: Open the App Store then click on the "Updates" button at the top. If any updates are available, they will be listed below. For example:

      Name:  Apple Store - system updates - 700 x 441.jpg
Views: 365
Size:  79.5 KB

    ​For more info see: https://support.apple.com/en-us/HT201541 In March we found WHS Macs with old versions of OS X, firmware that was two years out of date, etc. etc.

    If you find that updates have not been installed, please notify Dr. Paul Stein, Superintendent of WPS and Nan Balmer, the Wayland Town Administrator. They manage computer security in Wayland:



    Unfortunately, this is a recurring problem -- so it is a good idea to recheck your Mac at least once a month. Let Dr. Stein and Ms. Balmer know if updates are missing.

    This is a basic computer security and management process that should have been fixed by now. Missing security patches led to the breaches in the Wayland Treasurer's Office in January of 2015.

    Please let us know if you have any questions: waylandcpi@verizon.net


    Mark Hays

    Name:  WCPI logo with text - 300 x 60.jpg
Views: 131
Size:  25.3 KB

    Last edited by MarkHays; 04-19-2016 at 04:43 PM. Reason: Typo

  2. #2
    Join Date
    May 2015
    Posts
    63

    Default

    Some parents in Wayland asked, "I thought the Town hired IT consultants who fixed this problem. Why is it still an issue?"

    Yes, the Town hired three IT consultants after the cyber attacks on the Wayland Treasurer's Office: Elysium, McCann and McGladrey. McGladrey was retained to create an IT upgrade plan for Wayland, which was delivered in late October. (See: www.wayland.ma.us/Pages/WaylandMA_IT/ITExecSum2015.pdf) McGladrey highlighted patch management as a Priority 1 upgrade, noting: "The Town lacks formal standards regarding the process for desktop patching." and "The Town has no formal solution for patch management."

    In March, McGladrey (now named RSM) delivered their recommendations for data storage and patch management upgrades, to prepare for Town Meeting. (See: www.wayland.ma.us/Pages/WaylandMA_Selectmen/ITCtpAssessments.pdf) They picked LanRev, a good solution from Heat Software, which can cover all of the Windows and Mac computers, Chromebooks and iPads for the entire Town and School. RSM also recommended that the LanRev system be managed by the new Wayland IT Director, who has just been hired. We agree, and found that LanRev will also be significantly less expensive than other options. LanRev will also cover smart phones and other devices -- a major security concern. It also makes sense for this central system to be run by the new Wayland IT Director, to avoid the recurring problems that have plagued Town and School computers.

    In April at Town Meeting, the Town wisely approved the increase in the IT budget for all of these fixes. So, you are probably thinking, "Problem solved!"

    Nope. At a Board of Selectmen meeting in March, Nan Balmer, Town Administrator, presented an agreement that she negotiated with Dr. Paul Stein, Superintendent of Wayland Public Schools. According to this agreement, the new Wayland IT Director will NOT be responsible for managing patches and endpoint security for any Wayland Public Schools computers, or School software running on Wayland servers in the Wayland data center! In short, Wayland Public Schools can continue to manage all of their (our) computers the same old way, without LanRev or the Wayland IT Director. This is obviously contrary to the recommendations from RSM, the IT experts the Town hired.

    You can find a copy of their agreement in the 4 April BoS agenda, on page 64:
    www.wayland.ma.us/pages/WaylandMA_SelectmenAg/Board of Selectmen Agendas 2016/20160404Pkt.pdf

    Is this the old School vs Town turf battle, now getting in the way of security? Whatever the reason, your private information and your tax dollars are at risk. Wayland Public Schools has over 2,000 computers that need to be constantly updated and properly managed, or your family's data will be vulnerable to hackers -- and another breach could easily cost us over $1 million.

    We hope Dr. Stein will choose to follow RSM's recommendations -- the IT experts the Town hired to fix these problems. This will be much better for Wayland, and cheaper too.

    Mark Hays
    Last edited by MarkHays; 04-21-2016 at 04:45 PM. Reason: Add link to the agreement between Nan Balmer and Dr. Stein

  3. #3
    Join Date
    May 2015
    Posts
    63

    Default

    Why should you worry about Flash Player? Is the "missing update" problem really that bad?

    Yes. Flash Player is well known as the most insecure Web app on the planet. You can pick up a virus / malware simply by visiting a Web page that contains a little Flash ad. You don't have to click on or download anything. That is why Amazon, Google, the NFL and YouTube removed Flash from their websites, and switched to HTML 5. Industry experts agree:

    Steve Jobs on Flash, Apple, 2010: www.apple.com/hotnews/thoughts-on-flash/

    Steve Jobs Was Right, Forbes, July 2015: http://www.forbes.com/sites/tonybrad...jobs-was-right

    Flash. Must. Die., Wired, July 2015: www.wired.com/2015/07/adobe-flash-player-die/

    It's time to uninstall Adobe's Flash from your Mac - here's how, Apple Insider, July 2015: http://appleinsider.com/articles/15/...ac---heres-how

    How to disable Flash Player: Why now's a better time than ever, PCWorld, July 2015: http://www.pcworld.com/article/29473...than-ever.html

    Security Expert Warns Users Against Flash Player, SC Magazine, September 2015: http://www.scmagazineuk.com/update-s...rticle/440238/

    Here are 13 more reasons to kick Adobe Flash to the curb, ZDnet, October, 2015: http://www.zdnet.com/article/13-reas...patch-tuesday/

    Uninstall Adobe Flash, experts advise as zero-day hits, Computer Weekly, October 2015: http://www.computerweekly.com/news/4...-zero-day-hits

    Flash banner ads banished by Google, BBC News, February 2016: www.bbc.com/news/technology-35540187

    We could go on, but I hope you are convinced! Wayland Public Schools should remove Flash Player from teacher and student computers.

    Mark Hays

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •