January 17, 2017
Trump Cybersecurity Czar Giuliani’s Site Can Be Hacked by ‘a 7-Year-Old’
President-elect Donald Trump appointed Rudy Giuliani as his cybersecurity adviser. Trump’s transition team cited Giuliani’s “long and very successful government career in law enforcement and his now 16 years of work providing security solutions in the private sector. The former New York City mayor launched a security firm, Giuliani Partners in 2002. There is also a subsidiary of the company–Giuliani Security.
There’s just one problem: Giuliani may not really know much about cybersecurity.
Last week, computer programmers and cybersecurity experts took to social media proclaiming Giuliani’s website, giulianipartners.com, as unsecured and easily hackable.
Michael Fienen , a web developer, analyzed the former mayor and Republican presidential candidate’s site. According to Fienen, the site is on an old version of Joomla–a content management platform–that has known security vulnerabilities.
Even more troubling, Fienen discovered that the site has an expired SSL certificate–a digital certificate that employs encryption and helps keep a website secure. Giuliani’s site also does not force the HTTPS protocol, another common web security technology; and the site has open ports, which can be used as backdoors for hackers to gain access.
Rawstory reports: “A 7-year-old could take that site down,” tweeted Paul Gilzow, a programmer and security analyst from Columbia, Mo.
“Oh yeah, I totally trust this guy to put together a top-notch team to protect us from hackers,†posted Fienen on his Facebook page.
Naked Security, a cybersecurity news site, assessed the commotion over Giuliani’s flawed site.
“In Giuliani’s defense, these were brochureware sites: they didn’t appear to host any sensitive information. In the view of Errata Security’s Robert Graham, their flaws demonstrate only that Giuliani chose a lousy service provider,†writes Bill Carmada, a Naked Security blogger.
Giuliani also was part of a session at this year’s CES on cybersecurity that included BlackBerry CEO John Chen.
During the session, Giuliani said that cybercrime is “the fastest growing form of crime.†He also announced a partnership between his firm and BlackBerry. All of his company’s clients will use BlackBerry software and services.
“They’ve developed some of the most secure software in the world,†he said of BlackBerry.
Naked Security ponders an interesting question, if Giuliani is not really a cybersecurity expert, just what exactly will he bring to the role in the Trump administration?
After the criticisms from cybersecurity experts, the Giuliani Partners site appears to have been taken down, although it’s unclear by whom.
Do you think Rudy Giuliani is an appropriate cybersecurity adviser for the nation? Let us know your thoughts in comments and on social media.