+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Security experts say Trump cybersecurity advisor Rudy Giuliani's website is incredibly insecure

Jan 13, 2017, 18:48 IST

Advertisement
Former New York City Mayor Rudy Giuliani speaks to reporters at Trump Tower, January 12, 2017 in New York City. President-elect Trump continues to hold meetings Trump Tower.Drew Angerer/Getty Images

Donald Trump has appointed Rudy Giuliani as his cybersecurity advisor, prompting security experts to cast a critical eye over his consulting firm's website - and they're not impressed.

Giuliani's site is littered with security problems and outdated software, they say, making it extremely vulnerable to hacking.

Since the end of his term as New York City mayor in 2001, Giuliani has - among other things - done security consultancy for various clients. A stalwart Donald Trump supporter, he was originally angling for the position of Secretary of State - but was ultimately appointed cybersecurity advisor for the President-elect, tasked with putting together a team experts in the field.

But some experts are finding his consultancy site, giulianisecurity.com, lacking on the security front. It runs a version of Joomla! (a content management system) that is four years out of date and plagued with security flaws, according to Phobos group founder Dan Tetler.

"Giuliani is running a version of PHP that was released in 2013, and a version of Joomla that was released around 2012," Threat Intelligence director Ty Miller told The Register.

Advertisement

"Using the version information, within minutes we were able to identify a combined list of 41 publicly known vulnerabilities and 19 publicly available exploits. Depending upon the configuration of the website, these exploits may or may not work, but is an indication that Giuliani's security needs to be taken up a level."

It also has an expired SSL certificate - essentially the thing that proves to your computer that the website is who it says it is - leaving it vulnerable to being impersonated.

Robert Graham, of Errata Security, points out on his blog that it's possible that the site isn't being directly run by Giuliani or his team, however. "But here's the deal: it's not his website," he wrote on his blog. "He just contracted with some generic web designer to put up a simple page with just some basic content. It's there only because people expect if you have a business, you also have a website."

The site went down for several hours after it began being scrutinised - it's not clear why - but it is now back online. An email address on the site did not immediately respond to a request for comment.

NOW WATCH: There's a hidden map in your iPhone of everywhere you've been

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article