Rudy Giuliani, the former New York mayor who is now appointed by President-elect Donald Trump as his special advisor on cybersecurity is facing a potentially embarrassing faux pas.
Security experts have, within hours of Rudy Giuliani’s appointment as the next President’s special advisor on cybersecurity, pointed to significant insecurities in the website of Giuliani’s own security firm, Giuliani Partners.
The website was found to be running without a firewall, multiple open ports and an old copy of the Joomla open-source CMS (content management system) on a copy of FreeBSD released in 2008. It also uses an end-of-life version of PHP, security sleuths quickly determined.
The glaring security deficiencies don’t stop there. The website’s SSL certificate has expired and a huge red flag – the website runs the staggeringly vulnerable Adobe Flash.
Since 2002, the former NY mayor’s company, Giuliani Partners, has offered security consulting under the banner Giuliani Security & Safety, a subsidiary.
A senior developer at cybersecurity firm Aquent discovered and summed up the vulnerabilities as follows:
To recap on Rudy Giuliani leading the nation’s cybersecurity efforts, here are the Cliff Notes on Giuliani Security:
– Expired SSL
– Doesn’t force https
– Exposed CMS login
– Uses Flash
– Using EOL’d PHP version (5.4.x)
– SSL Lab grade of F
– Using Joomla 3.1.1 (released in April, 2013 – current is 3.6.5)
– SSH exposed to public access
– FreeBSD 6 (released in 2008)
– Open ports, so many open ports…
An industry executive with previous experience with Giuliani’s company has pointed to the company’s security focus from a legal perspective, rather than a technical one.
Speaking anonymously to Motherboard, the cybersecurity executive from New York stated:
If you hired them on a cyber engagement, they are going to tell you what your legal obligations are and how to manage the legal risk related to cyber. Basically, not to prevent a Target [breach], but how to prevent a Target CEO being fired.
BlackBerry is a notable example of a company that has seen security consulting from Giuliani.
Image credit: Pexels.
About the author
US President Donald Trump has signed an executive order on Thursday that aims to improve and bolster...Read more arrow_forward
The New York Post app has apologized after sending compromised push notifications to subscribers,...Read more arrow_forward
President Trump’s former campaign advisor Roger Stone has admitted to having conversations with...Read more arrow_forward