You’d be forgiven for thinking this is one of the Russian ladies that were purportedly hired to honor the Moscow bed The Obama’s slept in, but it is, in fact, Rudy Giuliani – President-
Erect, sorry – President-Elect Trump’s new Cybersecurity Adviser… in drag!
Donald Trump is famous for surrounding himself with the right aides but this time he’s fallen short by choosing golf-buddy, Rudy Giuliani to pick and oversee the entire United States’ Cybersecurity Team. Trump chose Giuliani to be his Cyber Guru for his expertise, but many industry members have never heard of his work.
If you thought the cyberworld had already gone mad with fake news, the election reportedly hacked, PeeGate and allegations of Trump’s blackmail then you better prepare yourself for at least four more years of the same, because “Cyber-Tzar”, Rudy Giuliani can’t even secure his own security website!
The Ex-Mayor of New York is chairman and CEO of a company who allege to be an “International Management and Security Consulting Firm”. Unsurprisingly, at the time of writing, Guliani Partners’ website was down, we guess due to UNPLANNED MAINTENENCE WORK while they ADDRESSED THE SHIT OUT OF THE “ANCIENT” and “EASY HACKABLE” SITE’S MANY PROBLEMS!
The consultancy site runs a version of content management system, Joomla that is four years out of date and plagued with security flaws: “Giuliani is running a version of PHP that was released in 2013, and a version of Joomla that was released around 2012,” Threat Intelligence director Ty Miller told The Register.
“Using the version information, within minutes we were able to identify a combined list of 41 publicly known vulnerabilities and 19 publicly available exploits. Depending upon the configuration of the website, these exploits may or may not work, but is an indication that Giuliani’s security needs to be taken up a level.”
The site doesn’t force https and its SSL certificate had also long expired — leaving it vulnerable to being impersonated by haxors like these guys… in under a minute.
BUT WAIT. THERE’S MORE!
Another security analyst, Robert Graham points out on his blog that it’s possible that the site isn’t being directly run by Giuliani or his team, however. “But here’s the deal: it’s not his website,” states in his blog. “He just contracted with some generic web designer to put up a simple page with just some basic content. It’s there only because people expect if you have a business, you also have a website.”
If Mr Robot Hacks didn’t know better, it’s almost as if the USA’s Top Cybersecurity Adviser knew nothing about cybersecurity and was given the job on cronyism alone. Lucky we’re not cynical enough to believe that, fake news, right!