WHS computers missing critical security patches again -- and how to check yours
An important message to students at Wayland High School and their parents:
We recently discovered that critical security patches have not been installed on the Macs used by Wayland High School students. Macs used by teachers, counselors and staff may also be affected. This is a major risk to the privacy of your data, and a recurring problem. Here is how you can check the status of your Mac:
- Check the version of Flash Player: This is the most bug ridden and insecure Web app on the market, but WPS continues to use it. Security patches are constantly being released. This Adobe web page will automatically check the version of Flash Player running on your Mac: https://helpx.adobe.com/flash-player.html Click on the orange "Check Now" button. If your Mac needs to be updated a menu like this will appear:
If your Mac needs to be updated as of 19 April, it is missing at least 21 "extreme risk" security patches that would allow a hacker to take complete control over your Mac via the internet.
- Check for other missing updates: Open the App Store then click on the "Updates" button at the top. If any updates are available, they will be listed below. For example:
If you find that updates have not been installed, please notify Dr. Paul Stein, Superintendent of WPS and Nan Balmer, the Wayland Town Administrator. They manage computer security in Wayland:
Unfortunately, this is a recurring problem -- so it is a good idea to recheck your Mac at least once a month. Let Dr. Stein and Ms. Balmer know if updates are missing.
This is a basic computer security and management process that should have been fixed by now. Missing security patches led to the breaches in the Wayland Treasurer's Office in January of 2015.
Please let us know if you have any questions: firstname.lastname@example.org
Last edited by MarkHays; 04-19-2016 at 04:43 PM.
Some parents in Wayland asked, "I thought the Town hired IT consultants who fixed this problem. Why is it still an issue?"
Yes, the Town hired three IT consultants after the cyber attacks on the Wayland Treasurer's Office: Elysium, McCann and McGladrey. McGladrey was retained to create an IT upgrade plan for Wayland, which was delivered in late October. (See: www.wayland.ma.us/Pages/WaylandMA_IT/ITExecSum2015.pdf) McGladrey highlighted patch management as a Priority 1 upgrade, noting: "The Town lacks formal standards regarding the process for desktop patching." and "The Town has no formal solution for patch management."
In March, McGladrey (now named RSM) delivered their recommendations for data storage and patch management upgrades, to prepare for Town Meeting. (See: www.wayland.ma.us/Pages/WaylandMA_Selectmen/ITCtpAssessments.pdf) They picked LanRev, a good solution from Heat Software, which can cover all of the Windows and Mac computers, Chromebooks and iPads for the entire Town and School. RSM also recommended that the LanRev system be managed by the new Wayland IT Director, who has just been hired. We agree, and found that LanRev will also be significantly less expensive than other options. LanRev will also cover smart phones and other devices -- a major security concern. It also makes sense for this central system to be run by the new Wayland IT Director, to avoid the recurring problems that have plagued Town and School computers.
In April at Town Meeting, the Town wisely approved the increase in the IT budget for all of these fixes. So, you are probably thinking, "Problem solved!"
Nope. At a Board of Selectmen meeting in March, Nan Balmer, Town Administrator, presented an agreement that she negotiated with Dr. Paul Stein, Superintendent of Wayland Public Schools. According to this agreement, the new Wayland IT Director will NOT be responsible for managing patches and endpoint security for any Wayland Public Schools computers, or School software running on Wayland servers in the Wayland data center! In short, Wayland Public Schools can continue to manage all of their (our) computers the same old way, without LanRev or the Wayland IT Director. This is obviously contrary to the recommendations from RSM, the IT experts the Town hired.
You can find a copy of their agreement in the 4 April BoS agenda, on page 64:
www.wayland.ma.us/pages/WaylandMA_SelectmenAg/Board of Selectmen Agendas 2016/20160404Pkt.pdf
Is this the old School vs Town turf battle, now getting in the way of security? Whatever the reason, your private information and your tax dollars are at risk. Wayland Public Schools has over 2,000 computers that need to be constantly updated and properly managed, or your family's data will be vulnerable to hackers -- and another breach could easily cost us over $1 million.
We hope Dr. Stein will choose to follow RSM's recommendations -- the IT experts the Town hired to fix these problems. This will be much better for Wayland, and cheaper too.
Last edited by MarkHays; 04-21-2016 at 04:45 PM.
Reason: Add link to the agreement between Nan Balmer and Dr. Stein
Why should you worry about Flash Player? Is the "missing update" problem really that bad?
Yes. Flash Player is well known as the most insecure Web app on the planet. You can pick up a virus / malware simply by visiting a Web page that contains a little Flash ad. You don't have to click on or download anything. That is why Amazon, Google, the NFL and YouTube removed Flash from their websites, and switched to HTML 5. Industry experts agree:
Steve Jobs on Flash, Apple, 2010: www.apple.com/hotnews/thoughts-on-flash/
Steve Jobs Was Right, Forbes, July 2015: http://www.forbes.com/sites/tonybrad...jobs-was-right
Flash. Must. Die., Wired, July 2015: www.wired.com/2015/07/adobe-flash-player-die/
It's time to uninstall Adobe's Flash from your Mac - here's how, Apple Insider, July 2015: http://appleinsider.com/articles/15/...ac---heres-how
How to disable Flash Player: Why now's a better time than ever, PCWorld, July 2015: http://www.pcworld.com/article/29473...than-ever.html
Security Expert Warns Users Against Flash Player, SC Magazine, September 2015: http://www.scmagazineuk.com/update-s...rticle/440238/
Here are 13 more reasons to kick Adobe Flash to the curb, ZDnet, October, 2015: http://www.zdnet.com/article/13-reas...patch-tuesday/
Uninstall Adobe Flash, experts advise as zero-day hits, Computer Weekly, October 2015: http://www.computerweekly.com/news/4...-zero-day-hits
Flash banner ads banished by Google, BBC News, February 2016: www.bbc.com/news/technology-35540187
We could go on, but I hope you are convinced! Wayland Public Schools should remove Flash Player from teacher and student computers.