Trump's Cyber Security Advisor Rudy Giuliani Runs Ancient, Utterly Hackable Website (theregister.co.uk) 57
mask.of.sanity writes from a report via The Register: U.S. president-elect Donald Trump's freshly minted cyber tsar Rudy Giuliani runs a website so insecure that its content management system is five years out of date, unpatched and is utterly hackable. Giulianisecurity.com, the website for Giuliani's eponymous infosec consultancy firm, runs Joomla! version 3.0, released in 2012, and since found to carry 15 separate vulnerabilities. More bugs and poor secure controls abound. The Register report adds: "Some of those bugs can be potentially exploited by miscreants using basic SQL injection techniques to compromise the server. This seemingly insecure system also has a surprising number of network ports open -- from MySQL and anonymous LDAP to a very out-of-date OpenSSH 4.7 that was released in 2007. It also runs a rather old version of FreeBSD. 'You can probably break into Giuliani's server,' said Robert Graham of Errata Security. 'I know this because other FreeBSD servers in the same data center have already been broken into, tagged by hackers, or are now serving viruses. 'But that doesn't matter. There's nothing on Giuliani's server worth hacking.'"
The Russians are only interested in hacking Democrats servers.
Where would that get them? Being able to blackmail the current Republican administration and the current Republican dominated congress would be much more useful.
Unfortunately not. The difference is whether they have more to gain in releasing what they collect, or threatening to release.
Not really a big deal. (Score:5, Insightful)
Robert Graham explained it succinctly: http://blog.erratasec.com/2017... [erratasec.com] .
The real story here is that Giuliani is now a goddamn cybersecurity advisor, not that this personal site is crap. The guy was hired not because of competence but because he spent the entire campaign kissing Trump's ass.
This should be the only comment (Score:5, Insightful)
there's nothing else to talk about.
Nothing to talk about, plenty to do... 15 known exploits: get to work.
You might not get anything interesting from the server, but you could use it to infect other systems and visitors, who might be high profile targets given what it's hosting. The complete disregard for a server might be acceptable for a mom & pop shop, but not for someone who's going to advise the President of the United States of America on security issues.
"All this tells us is that Verio/NTT.net is a crappy hosting provider, not that Giuliani has done anything wrong."
He outsourced to a 2-bit shop with no recognition of the reputational risk. That's a security fail.
Does it contain classified e-mail? (Score:2)
Does his server contain highly classified e-mail messages too?
Let's all have a good laugh at Rudy's tech securit (Score:1)
[P]If someone wants to prove a point they can hack it. Someone will have an egg on their face, another will look bad, maybe someone will get fired, and some meetings will be scheduled to fix it. [/p]
[P] Call me if he starts trying to run an email server to pass classified infomartion to skirt federal record keeping rules on that same box, THEN you might have a story. [/p]
lets all have a good laff at this dude using vbb tags on the ole slashdot
Website is already down but... (Score:1)
So he will be a great fit as a Cyber Security Advisor.
I bet he can wipe a server
... like with a cloth.
Yes, you can actually get a "cloth or something"
http://www.bleachbit.org/cloth... [bleachbit.org]
They need better cyber (Score:3)
There's nothing on Giuliani's server worth hacking (Score:2)
What website? (Score:2)
"giulianisecurity.com’s DNS address could not be found."
Let's call it what it is... (Score:2)
Giuliani has been hired to endorse and push laws that further Trump's administration's ability to invade the privacy of those they dislike, and to prosecute those who dare to use technology or the internet to speak out against them.
Require Muslim citizens to register their devices before being allowed to sign up for broadband? Sounds like cybersecurity to me! Emailing someone an article disparaging Trump? Sounds like CYBERTERRORISM right Rudy?
Competency (Score:2)
The DNS entry has been removed, but the server continues to run:
http://209.238.99.227/index.ph... [209.238.99.227]
Mirror of the website: http://archive.is/CixsY [archive.is]
And open ports:
nmap -O 209.238.99.227
Starting Nmap 7.40 ( https://nmap.org/ [nmap.org] ) at 2017-01-13 16:51 EST
Nmap scan report for giulianisecurity.com (209.238.99.227)
Host is up (0.21s latency).
Not shown: 979 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp filtered smtp
80/tcp open http
110/tcp open pop3
139/tcp filtered netbios-ssn
143/tcp open imap
161/tcp open snmp
389/tcp open ldap
443/tcp open https
it's a trap! (Score:2)
beware!
It's a honeypot (Score:2)
Is that guy something; or is that guy something? I mean, you gotta give this crew credit. They are so fucking good... Know what he's looking at?
Us. The L.A.P.D. The Police Department. We just got made...
Hanna
Heat (1995)
Get a clue (Score:2)
So I am sure all of these anti Trump/Giuliani posts are perfectly content with the job the Obama administration has done, what with the millions of accounts hacked at OPM and hundreds, if not thousands of cyber foreign cyber attacks on US companies and contractors???
Anyone who thinks that Giuliani, a very active public figure, is going to update the Giuliani web site himself is an idiot. He paid someone to put that site together, and if it gets hacked, so what, i'ts not like he is storing classified govern
It's so cute you think Rudy got the job because he's qualified.
Joomla Considered Harmful (Score:2)
I figured it would have to be Joomla. I'm doing maintenance programming on a Joomla site right now, and it's just a complete mess. There is nothing good about any part of the framework and no one should use it for anything. There is no "right way" to do things, and the documentation is beyond awful: obsolete, incomplete, badly written. Beyond the official documentation, most books on Joomla either don't cover the latest major version, or mention it but focus on the legacy interfaces. One is forced to look a
Geithner Corollary (Score:2)
OS (Score:2)
Is this supposed to be suprising? (Score:2)
It seems most of Trump's appointments have been for people who are the opposite of the best choice for the job.