We recently launched a new site for one of our departments that is growing into it's own company and we hired a freelancer to build us a Wordpress site from scratch. Our freelancer did a great job and I'm really happy with the results, but now our boss (actually the boss of my colleague who is managing that department) got wind that we hired someone that didn't have a previous working relationship with us and is worried about possible security risks or malicious code that could have been placed on the site somewhere.
This site is for a company that works within the financial services industry but doesn't handle transactions or any personal info; it simply acts as an advisor and has some links to other financial institutions. Because of those connections, however, the boss is nervous that it might be possible for our freelancer to have added some code that could record keystrokes (like passwords) if a visitor clicks a link from our site to another (like a bank) and logs into their account. He is asking for us to hire someone else (that we trust) to look over the code and look for anomalies.
Am I being too naive and way behind on the latest diabolical schemes or are these fears unfounded? I could believe that someone, while still an admin, could have changed the links to direct people to a phishing site, but I have never heard of a site being able to record movements and keystrokes once you leave, right?
Anyway, before I go out and hire someone else to "double check the code", I wanted to get some feedback. If there's a better place to post this question, feel free to point me in the right direction. Thanks for your help
Epic visual tool
Epson 5030UB 2D/3D 1080p 3LCD Projector
No comments:
Post a Comment