The Trump transition team announced on Thursday that Rudy Giuliani would be forming a cyber-security team for Mr. Trump. According to the team, the former New York City mayor’s 16 years of experience in security for the private sector make him a prime candidate for the job.
Despite his 16 year tenure in security, Giuliani has failed to secure one key element of his business: his website, giulianisecurity.com
Phobos Group founder Dan Tentler, as well as others in the field, have detailed the way in which Giuliani Security’s website is actually a security disaster.
trumps pick for obercybergrandpa runs a joomla install from 2012.https://t.co/M4EJ4dv76S
— Dan Tentler (@Viss) January 12, 2017
The website runs on a virtually ancient version of Joomla! — a free content management system. Over a dozen vulnerabilities have been documented in the content management system since the version used by Mr. Giuliani’s site was released.
^^^ ref this. Giuliani, Trumps pick for 'overseeing cybersecurity' owns .www.giulianisecurity.com. Very comforting. Errythang gonna be fine. pic.twitter.com/6vXYPEmmTq
— JΞSTΞR ✪ ΔCTUAL³³º¹ (@th3j35t3r) January 13, 2017
However, this is not the most compromising aspect of Giuliani’s cyber security fail. The website also does not follow several practices that would be obvious to employ even to the cyber security novice. For example, both the management system and server log in pages are public, leaving them susceptible to hackers. It reportedly also uses an outdated version of the script language PHP, which leaves the site vulnerable as well.
The site is currently down, but the criticism remains. How can someone assemble a cyber security team for the President of the United States, based upon their ‘experience in the private sector,’ but can’t even properly secure their own business’ website?
“Our [cyber] offense is way ahead of our defense… We’ve let our defense fall behind.”