Security experts say Trump cybersecurity advisor Rudy Giuliani's website is incredibly insecure
Drew Angerer/Getty Images
Giuliani's site is littered with security problems and outdated software, they say, making it extremely vulnerable to hacking.
Since the end of his term as New York City mayor in 2001, Giuliani has - among other things - done security consultancy for various clients. A stalwart Donald Trump supporter, he was originally angling for the position of Secretary of State - but was ultimately appointed cybersecurity advisor for the President-elect, tasked with putting together a team experts in the field.
But some experts are finding his consultancy site, giulianisecurity.com, lacking on the security front. It runs a version of Joomla! (a content management system) that is four years out of date and plagued with security flaws, according to Phobos group founder Dan Tetler.
"Giuliani is running a version of PHP that was released in 2013, and a version of Joomla that was released around 2012," Threat Intelligence director Ty Miller told The Register.
"Using the version information, within minutes we were able to identify a combined list of 41 publicly known vulnerabilities and 19 publicly available exploits. Depending upon the configuration of the website, these exploits may or may not work, but is an indication that Giuliani's security needs to be taken up a level."
It also has an expired SSL certificate - essentially the thing that proves to your computer that the website is who it says it is - leaving it vulnerable to being impersonated.
Robert Graham, of Errata Security, points out on his blog that it's possible that the site isn't being directly run by Giuliani or his team, however. "But here's the deal: it's not his website," he wrote on his blog. "He just contracted with some generic web designer to put up a simple page with just some basic content. It's there only because people expect if you have a business, you also have a website."
The site went down for several hours after it began being scrutinised - it's not clear why - but it is now back online. An email address on the site did not immediately respond to a request for comment.
Trump's new cyberscurity czars rudy giuliani's website grade? F on SSL Report: https://t.co/I8FwUO3YMR (209.238.99.227) via @fienen @gilzow pic.twitter.com/VAD1P5HFVr
- Pete Quily (@pqpolitics) January 13, 2017
- I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
- Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
- One of the world's only 5-star airlines seems to be considering asking business-class passengers to bring their own cutlery
- From terrace to table: 8 Edible plants you can grow in your home
- India fourth largest military spender globally in 2023: SIPRI report
- New study forecasts high chance of record-breaking heat and humidity in India in the coming months
- Gold plunges ₹1,450 to ₹72,200, silver prices dive by ₹2,300
- Strong domestic demand supporting India's growth: Morgan Stanley