James Temperton and Matt Burgess report:
The front-end computer systems of Mossack Fonseca are outdated and riddled with security flaws, analysis has revealed.
The law firm at the centre of the Panama Papers hack has shown an “astonishing” disregard for security, according to one expert. Amongst other lapses, Mossack Fonseca has failed to update its Outlook Web Access login since 2009 and not updated its client login portal since 2013.
Mossack Fonseca‘s client portal is also vulnerable to the DROWN attack, a security exploit that targets servers supporting the obsolete, insecure SSL v2 protocol. The portal, which runs on the Drupal open source CMS, was last updated in August 2013, according to the site’s changelog.
Read more on Wired.