AlistairJamesMorton
- 2 comments
- 1 likes given
- 2 likes received
Bio not provided
@belllindsay @HamOntReporter well here's my few cents, as I am not a PR professional, or a journalist I cannot really comment on these elements of the story.
I do own a web development company, that specializes in building accessible secure Wordpress and Drupal sites for NGO's and have worked in the Web field since 1996.
@HamOntReporter you said their Pinterest was "hacked" and referred to a link from october (via the google ) that you said explained everything.
Did you read it?
The hackers in the article were posting well hidden, new pages of links and images to online pharmacies & porn sites. All to benefit themselves financially, and build up bogus SEO via cross linking off of Pinterest's high ranked SEO clout.
If we are to believe your "IN DEPTH" reporting on the matter, hackers managed to get the YourHamilton Pinterest logins via this method ( usually done by massive spam phishing email campaigns, until someone ( usually a luddite or beginner ) accidentally and inadvertently gives up the login information. A stretch, but okay... let's try to believe that.
Then these hackers once gaining access choose, instead of using the site to benefit them financially that they'd probably just post a couple of images of the wrong city... Screwing over a PR firm from Ottawa, and probably doing all of this by way of Nigeria.
Really? ... Really? Have you ever met a hacker? This is one really, really lame hacker you've just accused. Makes me think your facts sound almost impossible.
You also said your research on the the malicious PayDay loans code in the Wordpress header install was because it was "hacked" and that accusation you make sounds like it was a very targeted assault.
...but this is also 100% incorrect.
The Wordpress™ install was easily compromised by the use of an old outdated and completely unsupported plugin, there is hundreds of them on Wordpress site and lying around the web, and they always say ( right beside them ) last updated ( say ) May 2008 or whenever. Which would mean, there had been no security updates for years on the plugin and it probably is a very bad idea to use it with newer versions of Wordpress because of all the security holes they've fixed since.
These security holes make it very easy for any bot or spider familiar with the plugin's vulnerabilities to come in and easily write code to the header file. You don't even need a human being. This is such a rookie mistake, it's a little embarrassing.
So... summating...
I do not believe the Pinterest was or could have been hacked.
I cannot say that they did or did not place those images on the site, but the chances of someone actually hacking the site, are slim to none. Unless you think that maybe someone they knew who was disgruntled & once worked there, and still had knowledge of the access codes ( which is also completely sloppy security ) Short of that, we are left with a sloppy intern panicking to get something up fast, and not doing a very bang up job, or uh, magic?
All of which are more likely than your quick googling and then lecturing people here about Pinterest Hacker facts.
The Wordpress install was vulnerable to compromise the second it was released to a live web server, oh and as that server belonged to the City of Hamilton thankfully one of us evil #hamont twitter people found the compromised code quickly before Google blacklisted the City's domain.
I do believe you called us criminals?
In short, and with what I can speak to with knowledge... This project, in terms of the website and one assorted web application, was work of amateurs.
I await your response, perhaps the link below can get you started...
I think their biggest fault was launching simply as a twitter account.
Be in the city, be in front of the local cameras, be in the press, tell people what to look for, give them a human face or faces to the campaign. Actually spend a few bucks on a website and brand, test it for user feedback and soft launch it to test out your code so no nasty payday loan hacks get in for launch.
If you feel you are losing the community, DO NOT STOP TALKING. They turned off the lights about 16 hours after launch to complete radio silence. We didn't hear anything "engaging" other than oddly worded blog posts ( with commenting turned off ) and a one sided letter to the city and local news.
This was a completely saveable dropped ball, I annoy half my twitter followers every week, they stick with me because I continue to engage with them.
Love from Hamilton.