January 13, 2017 by

Trump’s Cybersecurity Advisor Rudy Giuliani Runs an Insecure Website

Rudy Giuliani, the former New York mayor who is now appointed by President-elect Donald Trump as his special advisor on cybersecurity is facing a potentially embarrassing faux pas.

Security experts have, within hours of Rudy Giuliani’s appointment as the next President’s special advisor on cybersecurity, pointed to significant insecurities in the website of Giuliani’s own security firm, Giuliani Partners.

The website was found to be running without a firewall, multiple open ports and an old copy of the Joomla open-source CMS (content management system) on a copy of FreeBSD released in 2008. It also uses an end-of-life version of PHP, security sleuths quickly determined.

The glaring security deficiencies don’t stop there. The website’s SSL certificate has expired and a huge red flag – the website runs the staggeringly vulnerable Adobe Flash.

Since 2002, the former NY mayor’s company, Giuliani Partners, has offered security consulting under the banner Giuliani Security & Safety, a subsidiary.

A senior developer at cybersecurity firm Aquent discovered and summed up the vulnerabilities as follows:

To recap on Rudy Giuliani leading the nation’s cybersecurity efforts, here are the Cliff Notes on Giuliani Security:
– Expired SSL
– Doesn’t force https
– Exposed CMS login
– Uses Flash
– Using EOL’d PHP version (5.4.x)
– SSL Lab grade of F
– Using Joomla 3.1.1 (released in April, 2013 – current is 3.6.5)
– SSH exposed to public access
– FreeBSD 6 (released in 2008)
– Open ports, so many open ports…

An industry executive with previous experience with Giuliani’s company has pointed to the company’s security focus from a legal perspective, rather than a technical one.

Speaking anonymously to Motherboard, the cybersecurity executive from New York stated:

If you hired them on a cyber engagement, they are going to tell you what your legal obligations are and how to manage the legal risk related to cyber. Basically, not to prevent a Target [breach], but how to prevent a Target CEO being fired.

BlackBerry is a notable example of a company that has seen security consulting from Giuliani.

Image credit: Pexels.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Trump Signs Presidential Executive Order to Strengthen US Cyber Defenses

US President Donald Trump has signed an executive order on Thursday that aims to improve and bolster...

Read more arrow_forward

Hacked New York Post Sends out ‘Heil President’ Push Alert

The New York Post app has apologized after sending compromised push notifications to subscribers,...

Read more arrow_forward

Trump Campaign Advisor Engaged in Twitter Exchange with DNC Hackers

President Trump’s former campaign advisor Roger Stone has admitted to having conversations with...

Read more arrow_forward