City of Ontario Officials quickly ‘secure’ website by fixing minor security flaw

The upper left hand corner of this screen shot shows how the city’s updated website as of yesterday morning was not secure. Upon bringing it to the attention of city officials, the fix to secure the site was made within 15 minutes.

ONTARIO — The city of Ontario unveiled its new, updated website on July 1. The revamped site now prominently displays the city’s logo against a backdrop of the landscapes of the local valley. The inviting imagery is a welcome change for visitors to the website. However, a minor security flaw went unnoticed until the morning of July 8, following a phone interview by the newspaper with City Manager Adam Brown. This security flaw could be seen on the main page when the site was called up on any web browser, which listed the site as “not secure.” What this means, practically, is that the site being visited has a certificate that is either illegitimate or expired and can not be authenticated.

According to Brown, when the prospect of updating the website was underway, the project would have cost $20,000. In an effort to save the city money, the work for the new website was done “in-house” by HR Manager and Assistant to the City Manager Peter Hall. With the help of a small group of employees dedicated to the project, Hall was able to build the new site using a free website-building platform called Weebly. The photographs featured on the new site were taken by Hall and staff for the express purpose of being featured as site’s centerpiece showcasing the valley rather than using stock photos.

Brown said the project was started around this past December/January and developed into its current state before going live on the first of the month. When asked about the “not secure” warning, Brown said, “I’ll have to talk with him [Hall] and see what that would take.”

He went on to assure any concerned citizens that the websites used for payment of utilities are not directly linked to the city’s site and any payments actually go through a third party. This third party company is called Bluefin and is currently under contract to process payments for the city from individuals.

The initial contact with Brown regarding this issue occurred on Monday around 9:30 a.m.

By 9:45 a.m., Peter Hall called the Argus back to report the security flaw had been addressed and taken care of. Hall explained that the issue was as simple as clicking a box to enable SSL encryption to ensure certificate verification.

“We are now secure,” Hall stated.

Load comments