Arthur Cirelli Building
626 30th Street N.W.
Canton, OH 44709
(330) 438-6101 Phone
(330) 649-8109 Fax
Having trouble with our Web site? E-mail us at to troubleshoot.
Security Warnings and Alerts
This page contains any current online issues that we are aware of, and may be of a security concern to our users and citizens.
So far we have been fortunate that any internet security issues that involve the City of Canton have been few and far between, we do our best to keep our networks and servers secure and to keep up with current security concerns.
If you know of any communication that says it is from the City of Canton but it seems illegitimate, feel free to contact us through this web site or through our e-mail address to verify its authenticity.
Remember to always take your online security seriously and be suspicious of any unexpected e-mails, messages, phone calls, or texts that you receive. Your personal information is very valuable and should be protected by you and by anyone you entrust it to.
To someone with nefarious intentions your personal information has monetary value that they can quickly exploit. At the same time they can turn your life upside down for weeks or months while you try to undo any of the bad things they have done.
September 26, 2014
On September 12, 2014, a vulnerability (or 'bug') was discovered and disclosed on September 24, 2014. That bug is called 'Shellshock' (and sometimes 'Bashdoor').
It is a bug in the Unix Bash shell (or 'Bourne Shell'), which is kind of like a command line on a computer.
The first bug causes Bash to unintentionally execute commands when the commands are concatenated to the end of function definitions stored in the values of environment variables. Within days of the publication of this, intense scrutiny of the underlying design flaws discovered a variety of related vulnerabilities, which were addressed with a series of further patches.
Attackers exploited Shellshock within hours of the initial disclosure by creating botnets of compromised computers to perform distributed denial-of-service attacks and vulnerability scanning. Security companies recorded millions of attacks and probes related to the bug in the days following the disclosure.
Shellshock could potentially compromise millions of unpatched servers and other systems. Accordingly, it has been compared to the Heartbleed bug in its severity.
Only Unix (and Linux) servers that run the vulnerable version of Bash, and that have direct connections to the internet, may have been compromised. The City of Canton did find one server that was vulnerable, it was patched as the patches became available. None of the City's servers were compromised.
April 15, 2014
Last week news was disclosed about a Secure Sockets Layer (SSL)* vulnerability in the OpenSSL library* that is used by some Apache web servers, they have dubbed the vulnerability 'Heartbleed'.
This vulnerability is found in OpenSSL versions 1.0.1 through 1.0.1f, and 1.0.2 beta.
Any server running any of those versions should be immediately upgraded to OpenSSL version 1.0.1g or 1.0.2 beta 2, and obtain a new SSL certificate.
We have checked all of our servers that use SSL, and have found that none of our servers have ever been affected by this bug.
We are confident that our servers and all users of our sites were not exploited by the Heartbleed vulnerability.
* Nontechnical Definitions:
Secure Sockets Layer (SSL) - a communication protocol computers use to take information, encrypt it, transport it across a network or the internet, and decrypted it on another computer.
library - a software library basically contains software that is not used by users directly, but by other programs.
NOTE: Our "Nontechnical Definitions" are only meant to give nontechnical people a hint of what the word or phrase actually means in the context it was used in, they are not official definitions.
August 12, 2013
It has come to our attention that somebody is sending an e-mail claiming to be from the City of Canton with an e-mail address of 'email@example.com' and asking for some personal information. Do not respond to it, it is NOT from the City of Canton.
Here is the text of that fake email:
WE WERE DIRECTED TO FORWARD THIS MESSAGE TO YOU. TAKE THIS VERY SERIOUSLY
AND KEEP THE DETAILS CONFIDENTIAL:
WE HAVE IN OUR CUSTODY FUND LEFT BEHIND TO YOUR FAMILY BY A LATE RELATIVE.
GET BACK TO US IMMEDIATELY FOR COMPLETE INFO. PLEASE PROVIDE THE FOLLOWING
DETAILS NOW FOR VERIFICATION SO THAT WE CAN FORWARD FURTHER DETAILS.
(1)FIRST NAME:.........(2)LAST NAME:.........(3)POSTAL ADDRESS:......../
(4)DIRECT MOBILE NUMBER:......THANKS.
This e-mail has a spoofed 'FROM' e-mail address (noted above) which was never a real e-mail address for us or the attacker, and it has a different 'REPLY-TO' e-mail address which usually stays hidden until the recipient clicks the 'Reply' button. This is a fairly simple thing to accomplish, it can be done within most e-mail clients (ex. Outlook, Thunderbird, etc.) and it can also be accomplished programmatically.
The 'REPLY-TO' e-mail address in this scenario is a 'disposable' e-mail address that is set up by the attacker and it will usually bounce your reply through several other e-mail addresses (most often in different countries to make it more difficult to track down the real person[s]). The 'disposable' e-mail address is usually abandoned after a few days.
The City of Canton network and servers have not been compromised and it does not seem like the fraudulent e-mail was 'bounced' though the City's e-mail servers.
If you or any one you know has received an unexpected and suspicious e-mail that claims to be from the City of Canton, please forward it to our e-mail address. Once we get it we can determine if it is valid or fraudulent.
Any new security concerns (that could effect the public and our technological infrastructure) we become aware of will be listed near the top of this page.