Donald Trump's email servers are not secure
Republican presidential candidate Donald J. Trump has a worryingly insecure internet setup.
Websites representing Trump's organization - his hotels, golf courses, realty business, and more - are all running internet server technology that's riddled with holes, according to a security architect speaking with Vice's Motherboard.
The news might not be such a big deal in another election, but Trump has repeatedly leaned into his opponent, Democratic presidential nominee Hillary Clinton, for her use of an insecure private email server while serving as Secretary of State.
"Running outdated software and operating systems for your publicly facing email infrastructure is problematic, especially when you're a high profile organization," security architect Kevin Beaumont told Motherboard. Beaumont is the man who discovered the holes in the Trump organization's internet security.
He first tweeted about the holes on October 17:
Quick update on Trump corp email servers - all internet accessible, single factor auth, no MDM, Win2003, no security patching. pic.twitter.com/nIMTa9UmdL- Kevin Beaumont (@GossiTheDog) October 17, 2016
"During an election where cybersecurity is such a big issue, I was a little amazed at what I saw," he said.
More problematically, the internet security holes in Trump's organization also affect email servers; in several instances, email servers of Trump's are running software that has reached "end-of-life" status - the company that originally made said software (Microsoft in this case) will no longer issue security patches and updates. And that leaves it vulnerable to attack.
Due to the age of the software and the setup of the system, the Trump organization isn't using industry-standard safety measures like two-factor authorization, which enables users to confirm authenticity through their mobile phone (or another third-party factor).
- A Google employee of 11 years says he and his wife stared at each other in 'disbelief' when they realized they'd both been laid off by the company
- A Google engineer of 8 years says his 'spidey-senses' detected incoming layoffs — and felt 'isolated' when his 'faceless' severance email arrived
- 6 signs that you're in a one-sided relationship and how to find balance
- Rajinikanth issues public notice on infringement of rights, warns legal action
- Govt likely to float global tender for HPV vaccine in April; Merck, Serum Institute may participate
- Finance Ministry to stick to privatisation of already announced CPSEs next fiscal
- 70-plus Indian startups show exit door to 21K techies, more pink slips coming
- Steps taken in subsidence-hit Joshimath inadequate, declare Himalayas eco-sensitive zone, say experts