Slashdot Mirror
Donald Trump Running Insecure Email Servers (theregister.co.uk)
Donald Trump has slammed Hillary Clinton for using private email servers numerous times, but it turns out his inboxes aren't that secure either. From a report on The Register: Security researcher Kevin Beaumont discovered the Trump organization uses a hopelessly outdated and insecure internet setup. Servers on the Trump Organization's domain, TrumpOrg.com, are using outdated software, run Windows Server 2003 and the built-in Internet Information Server 6 web server. Microsoft cut off support for this technology in July 2015, leaving the systems unpatched for the last 15 months. In addition, Beaumont said he'd found that emails from the Trump Organization failed to support two-factor authentication. That's particularly bad because the Trump Organization's web-based email access page relies on an outdated March 2015 build of Microsoft Exchange 2007, he says. "Windows Server 2003, IIS 6 and Exchange 2003 went end of life years ago. There are no security fixes. They don't have basics down," the UK-based researcher concludes. Beaumont's findings are based simply on inspecting publicly available information rather than actively scanning for vulnerabilities or attempting to gain access to insecure systems, a point lost on Trump supporters who have reported him to the Feds.
Trump is not the Secretary of State. He doesn't have the country's classified documents on his server.
Call me when Trump is doing this in public office using taxpayer money.
Don't tell that to commercial airlines or the military.
Why would Trump want to pay to secure unclassified emails?
why update the country if you can just build a wall around it?
These allegations are different from the Clinton allegations. They point to possible incompetence in maintaining a private email system, in contrast to allegations of violating govenment policies and regulations regarding a government official. Had Trump done something like this while working in government rather than campaigning for office, the allegations would hold more weight.
He's just trying to be more transparent with his campaign. This is totally irrelevant to the campaign.
Far be it for me to defend the moron... but did the dipshit who posted this bother to consider that Trump isn't the fucking Secretary of State and it therefore doesn't fucking matter.
Trump isn't the Secretary of State and don't handle classifieds documents.
UNDERSTOOD ?
Hack it?
Or shut up
I don't care if Trump is running Netscape Enterprise Server 1.0. If he is a fool with his out-of-date IT infrastructure, then let him be a fool. It's his own bloody business that he's running into the ground.
Though, I'd get quite a laugh if he ever fell for the same "Your account has been hacked. Click here to reset your password" scheme that the DNC staffers fell for.
Running insecure email that exposes your communications is the exact opposite of subversively running a private email server and deleting emails in order to hide your communications.
Well, that's classic do-as-I-say-not-as-I-do Trump for you.
Trump has business data on those servers, not Federal Classified Information.
Interesting, and perhaps poor IT practice... but unless he's sending confidential government emails using that site then there's not really any problem, is there? As far as I know, he's not currently elected so he can choose to do whatever he wants.
Plenty of companies out there using outdated software.
Read the article. It is talking about a do-nothing website being hosted on IIS6
IIS6 isn't an email server last time I checked.
This is stupid. Some dumb website that doesn't need to be secure at all.... isn't!
Remember when people here were technically competent?
sure, but Trump is not using his email servers to discuss State Secrets and Classified material.
All we end up getting in congress is a bunch of mentally challenged and bought off politicians. Instead lets take up a vote to end government instead. We don't need a nanny state. We don't need boarders. We don't need a police state. We don't need government schools. We don't need a welfare state. We don't government mandating health insurance or drivers licenses. It's not like they are good at any of these things. If we simply said no more and left it to the people to take responsibility for themselves we'd all be better off. Ohh wait- that's exactly why people who care about liberty and freedom are moving to New Hampshire. Right. Check out http://www.freestateproject.org/ and http://www.freekeene.com/ and http://shiresociety.com/ and http://www.freetalklive.com/
So what if he is just a private citizen and doesn't even have access to (supposedly) secure government servers. It's a damn good sound byte to say that Trump is also using insecure servers, and when you're up against facts that's all this poor victimized woman has. How dare you try to take that away from you. You must be a Russian agent or a rapist and groper. You're on the enemies list now and one thing you don't want is to be on Hillery's enemies list.
I'm an American. I love this country and the freedoms that we used to have.
He couldn't decide between getting an .org or a .com domain, so he took trumporg.com?
Anyway, trumpcom.org is still available if someone has an idea of something to do with it...
$ whois trumpcom.org
NOT FOUND
>>> Last update of WHOIS database: 2016-10-19T23:47:43Z
the Project Veritas videos of Robert Creamer, the Democrat activist who has visited the Obama White House 342 times (47 of those visits one-on-one with Obama himself) explaining that:
The Clinton campaign pays the DNC...
The DNC pays Democracy Partners...
Democracy Partners pays the Foval Group...
and The Foval Group started all the violence at all the Trump rallies.
This is brown-shirt stuff right out of the 1930s... and as always it is from the National Socialist Workers Party sort - in this case the "progressive Democrats" of the Hillary Clinton campaign and the Obama administration. We now know that this stuff goes right to Barack "Community Organizer" Obama and Hillary.
Smoking bazooka.
He better get those servers secured. We wouldn't want to leak any classified documents. Hey, wait a minute... :/
This is the Trump Apologist thread.
The man can't even hide his bald head. If there was anything juicy to leak, you'd think they'd have already leaked it by now because it's pretty clear that he has a server that anyone could've robbed ages ago.
If you want juicy Hillary quotes, you read her FBI files or the Podesta dump. If you want juicy Trump quotes, you can just read his damn Twitter feed.
Trump is not the Secretary of State
So he automatically gets a free pass and is measured by lower standards? You must do a great job hiring people for your business. . .
Irregardless, saying our voting system is rigged without any credible evidence has invoked a kind of Godwin's law in my mind. . . For anyone who cares about our democracy, the primary goal at this point should be to make sure Trump loses by a large enough margin that any claim of a rigged election would be laughable.
Otherwise, these last couple months will seem like a VACATION compared to what is headed our way. Let's end this once and for all. . .
Sdelat' Ameriku velikoy Snova!
DJ knows more about Email servers than all his Generals, he'll fix all of them personally.
Does anyone really expect technical competence from someone who makes repeated references to "The cyber"? Trump's only hope, just as Hillary's only hope was, is to pick competent advisers on the subject. Considering they're both absolute retards that want magical backdoors in encryption, we're fucked either way.
In Capitalist West gov dictates cyber security to you.
Do US brands really want yet more US gov inside their networks?
In the US political orgs still have the freedom to run any hardware and software they want.
Its the US gov workers who actually have to be security aware.
"Penguins for President?" "Web server/platform combinations 2004 presidential candidates "
http://www.linuxjournal.com/ar...
In the US you still have the party political freedom to run a political campaign.
Linux, Microsoft, Apache, FreeBSD and others have all been used over the years to run great campaigns and get the voters out.
Domestic spying is now "Benign Information Gathering"
"...he'd found that emails from the Trump Organization failed to support two-factor authentication..."
How does an email support two factor authentication?
Seems like they just put out a call to be hacked:
The Trump Organisation responded to Beaumont’s criticism by putting out a statement to the media saying that its web setup is shielded behind a firewall.
The Trump Organization deploys best in class firewall and anti-vulnerability technology with constant 24/7 monitoring. Our infrastructure is vast and leverages multiple platforms which are consistently monitored and upgraded using current cyber security best practices.
king of false equivalence says throwaway VMs need the same security as a billion dollar corporation
If the business isn't a government regulated industry such as Medical or Financial, private companies can do whatever they want (within lawful bounds) with their private networks. As far as I know, Trump's 500 or so businesses are owned solely by him - so he has no obligations to shareholders or the SEC.
Trump and only Trump bears the entire risk for his poor IT choices. The entire American people bear the risk of Hillary's poor IT choices.
There is a big difference between the two.
The article is crap. An email doesn't "support" 2FA or not, it's the servers you're talking about. If they whiffed on this detail, who knows what other misinterpretations there were?
So, tell us, oh Wise Armchair Warrior, what was YOUR plan and how would it have worked in the REAL world?
"Every complex problem has solutions that are simple, obvious, and wrong." - variously attributed
It was that She was running a private server to try and get around the requirements for recordkeeing and security of classified documents that she was under as an elected official.
Trump isn't under any such requirements yet, if he uses anyprivate server after he is in office, then you can make comparisons.
But I don't like that he is using old stuff either
I'm no Trump fan, but there are many reasons why him running insecure servers for his current business isn't even close to Clinton running insecure servers when she was Secretary of State.
Someone who's running for president should be adhering to higher standards than regular people, not lower ones. Trump can have crap security right now; he's a private citizen, and there's no law against it (whether or not there should be is another question). Clinton can even have crap security on her personal servers. She just needs to know when to use which one. Really it was the greatest stroke of brilliance of the entire Clinton campaign to get the media to label the whole server / classified document situation as the "e-mail scandal" because it trivializes it and hides away what actually makes it significant.
For the record I'm not voting for either one.
Clinton used a private server to get around public records laws.
Clinton took secrets from an air gapped network and put them on an unsecure server connected to the internet.
Clinton knew all of this was illegal but did it anyway.
When people found out, she responded to subpoenas by deleting everything.
Trump is a real estate guy. People aren't going to hack into his computer and steal a building. He probably doesn't even use email in his day to day business.
What are the chances that all that org's e-mail is public by tomorrow morning?
Pretty good I'd think. Lots of hacker types around who read. Wouldn't take much to crack that box.
As a SE, if the contract fell my way, I'd have them completely offline for an upgrade on an emergency basis. Let the mail backup on the secondary- assuming his admin is smart enough to have done it right.
I'd bet dinner with a friend they are cracked by morning. If Trump had a decent IT staff they would not be in this condition.
Another consultant who stuck it out.
"We are the Priests, of the Temples of Syrinx..."
Trump also doesn't use email. Like, at all.
So this certainly puts a different spin on the DNC and Clinton email hacks. It certainly looks more and more like they were politically motivated. A curious child could hack this setup and yet there has been no release of documents from the Trump campaign's email servers. If it truly was about just sharing information, why would they not attack both sides? The longer it goes, the more it looks like someone (or someones) is purposely trying to influence the election with the hacks and leaks. If Wikileaks was really about just releasing information, why would they be slowly releasing the hacked emails over time before the election instead of just releasing them all at once? IT's not like the scrub person information from them, so what is the purpose of slowly dishing them out if not to keep it in the news and influence people?
"Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
As long as he doesn't intend them to be leaked, no reasonable prosecutor would challenge it. And seeing as the FBI doesn't even try to find intent, I'm thinking he is good no matter what.
Oh, you mean he should get into trouble if he does? Oh well, guess you should have complained when there was a precedent set instead of cheering when it was set.
He isn't an elected official trying to evade the law by hiding criminal activity as the Clintons have done for the past 40 years. His E-Mails are NOT classified by the government.
Wow. You kids need to get ears and eyes to go along with that appendage that you use to type and play with.
He should be careful. State sponsored Russian hackers will quickly hack that and leak his emails to Assange.
Oh wait, his buddy Putin won't do any such thing. They'll hack him, laugh at him behind his back and patch any holes on their way out.
Are you actually trying to make people here on Slashdot believe that it takes a state actor to hack an old IIS server?
Are you actually telling me that none of the people worried that Trump will start a nuclear war would be willing or able to dump the contents of an old IIS server if they could find anything juicy in there?
I bet someone already DID steal it and are having trouble finding anything more interesting than the stuff he puts on Twitter. I wonder if CNN will try to tell us that looking through a Trump dump is illegal if they ever get one?
Oh sure. But here are some counterpoints:
1). Trump likes to portray himself and his organization(s) as competent, "great", "fantastic", "unbelievable", and "HUUUUGGGGEEEE". An incompetently administered and badly neglected e-mail server doesn't quite align to this message;
2). During all the DNC hacking, Trump supporters have loudly proclaimed that "how the information was obtained doesn't matter". Now that they are on the receiving end of an investigation by a security researcher, they suddenly reverse course and report the security researcher to the Feds. I thought that information on political parties could be obtained by any means necessary? Or is it only by any means necessary, when it is convenient for your side? Yeah, I thought so.
3). The DNC hacking incident is particularly instructive because there are (apparently strong) indications that the hackers were Russian. Objections by Trump supporters must be viewed in light of The Donald's frequent loving and admiring comments about Vladimir Putin, so not exactly an objective objection. This time it is a known, real security researcher, doing you know, security research. And the security researcher is from a friendly country, not a frenemy/enemy. And not attempting an unauthorized penetration test. Even so, the Republicans are going wild, claiming all sorts of unlikely activities and improbable motives.
Partisans will be partisan. The Republicans lost their moral compass on the hacking incident and now that the shoe is (very slightly) on the other foot, they suddenly discovered that they don't like the attention. Not very convincing, I must say.
He is gonna run the government like his companies. Cut rate IT departments all around!
Anyone that has seen corporate networks knows just how crappy security is. It's been that way for over 2 decades. If you haven't noticed how bad IT security is, you either didn't care, didn't pay attention or don't really understand security.
Every hour on the hour The Donald sends Pence a email that says 'You're Fired', then 10 minutes later another email that says 'Nevermind.'
Mathematics is either flawed or not; math doesn't tarnish or rust or break. It was either secure to begin with, or insecure all along. The only difference is that if it's insecure and new there's a chance no one knows the flaw yet and perhaps you fix it before anyone finds it. But it could be secured (eg by sufficiently advanced firewall rules), and if it's secure it's secure. On that note, I wouldn't mind reading the Trump emails if anyone has them. I'd bet either Wikileaks or the New York Times would be willing to publish Trump emails, if someone were to get them off that supposedly insecure server.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
It bet it was the Russians that did it.
Big deal. He's not the Secretary of State. He's a private citizen. He's not charged with the responsibility of protecting classified information.
Netcraft reports that trumporg.com is running IIS 7.5, not 6 as the article claims. Who am I to believe: a computer, or an investigative journalist attempting a hit piece?
sig: sauer
Somewhere, someone is saying this .... Jack Nicholson as the Joker
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
Their webmail server SSL config is rated F:
https://www.ssllabs.com/ssltes...
It supports SSL2! SSL2 was replaced by SSL3 a loooong time ago.
Oddly enough, SSL3 is disabled on this server (which is good, since it has many flaws, but not as many as SSL2).
And the ciphers it supports? It will use DES. That's single DES, not triple DES. 3DES replaced DES as a standard since 1999.
Not to mention 40-bit RC4, RC2, and other insecure algorithms.
Microsoft released an update to support AES on win2003 waaay back in 2008: https://support.microsoft.com/...
https://support.microsoft.com/...
Of course, it isn't installed.
There is no such thing as "secure" on the internet.
So what, he's been running an insecure mouth for years
Is this an actual security risk and does it have actual known exploits that have been patched in later versions?
Even though using outdated software is generally a bad idea, it does not mean that it's not "secure".
Well, color me surprised, there are people trying anything and everything to influence voters and the results.
You know what? EVERYONE is doing this. It's called electioneering.
And every fucking punter on facebook and slashdot and every other forum in the known universe is blathering on about how the OTHER candidate is unfit for office.
I think we've all established that neither of the two will make a good POTUS, but the logical conclusion seems to escape everyone.
Presumably because most of humanity is too fucking stupid to stop being die-hard tribalists.
So fucking what if someone hacks a PRIVATE organisation that has easily enough money to set up properly secure servers? It's not news, and it's not important, whether it was DNC or Trumporg.
I only care that top secret classified information was DELIBERATELY concealed, the FBI confirmed it, Mrs C lied and then pleaded stupidity, and she got a free ticket. You know, a federal crime. Differential justice, that's the true American spirit:
These rules don't apply to me, these are not the criminals you're looking for, move along.
But that's none of my business.
Putting aside that Trump is not yet a high ranking government official illegally transferring classified documents on illegal mail servers...
The technical allegations in this story are contrived lies.
1. Exchange 2007 is still fully supported! Don't be some ageist techno half-wit.
2. If it's so full of unpatched "vulnerabilities", exploit them. I'm absolutely sure that the contents of those emails would be an epic shit show and pure platinum for the DNC. Put your money where your mouth is or GTFO.
3. This guy claims to be a security "architect" but is clearly a weak skiddie.
4. Why are twats on Twitter newsworthy? Seriously. If it happens on Twitter, just flush it.
If medical and financial systems are built in an insecure manner, then that is the fault of the regulators.
I've worked in both medical and financial IT fields - both jobs had annual independent and government auditors looking at the systems. If the regulators are doing their jobs - those systems would be changed or replaced.
Maybe there's a leak somewhere from these HUUUUGE servers and they have classified state department SECRET/NOFORN emails?
Clinton is an honest lady and a square shooter
Exactly. Thread closed.
Just because he is not secretary of state does not mean that it's uninteresting that his e-mail servers are not secure.
It does bring up an interesting question: so, why are only DNC email being leaked? If the Trump servers are also insecure, why aren't we seeing leaks of them?
mailhost01.trumporg.com and mailhost02.trumporg.com are running Sendmail. Maybe his internal server is Exchange.
Irony tends to become invisible on the internet, because it's camouflaged by so much stuff from which it is indistinguishable
But if I had mod points I'd mod it troll just on general principles.
Trump can do that all he wants because he is not in public office.
End of discussion.
I know, personally, 4 people that have hacked and downloaded (and continue to download) all contents of the web server. I don't know what they plan to do with the information, but you might see it online soon.
Hey, Trump has the same setup we have!
-==- Buy a Mac and leave me alone!
When Micro$oft stops supporting something, it means they finally fixed it.
trump.com uses LINUX! trumporg.com does not look like a trump site.. when you browse it it appears to be a phishing site.
Godaddy has shitty whois records. I prefer the old days when contact information was easily available with whois.
Visit trumporg.com for yourself, you be the judge. looks like a troll to me.
trump.com looks good. it runs on a secure linux server.
Check out trump.com with Netcraft.
Even if Trump did own the domain the subject is moot. He is not an elected official and secret government information isn't stored on it.
If I had Classified information stored on my personal email server, or even google email account.. I would be FIRED! If SECRET or above was stored there I would be presecuted! The uneducated public does not get it. Clinton is a dangerous idiot!
What occurred in Benghazi when she was Secratary of State indicates what kind of Commander in Chief she would be.
When the call comes in at 3am for help she would be nowhere to be found.
Do you know what happens when you are an IT Professional and you miss an important call when you are on call ?
Your Fired!
Also she's been linked to many suspicious deaths.
Oh, please. You're not being fair to Trump's supporters. Do you really expect them to understand things like information security, much less those "subtle" nuances like the role of white hat researchers?
"You've got to remember that these are just simple farmers. These are people of the land. The common clay of the new West. You know... morons."
Fail article. Big difference between a insecure government server (highly illegal and dumb) and a insecure private server (dumb).
Hillary is still Hillary. No news here.
Donald Trump has slammed Hillary Clinton for using private email servers numerous times, but it turns out, he's done something completely different and legal. So how very dare he?
Also, create connection between marketing budget of political ghouls and security researcher.
Requiem for the American Dream
Secretaries of State have done that many times before, and if it were illegal to do it now, it would have been illegal for those secretaries tohave done it in the past.
Where were you complaining then???
Oh, and as far as I've been able to confirm, the emails weren't classified at the time they were sent, and classification nowadays is done to cover asses, not protect state secrets and secure the nation, so it's rather hard to care about the emails without much more information than you provide. Of which information you have already been uncaring of actually looking for to date...
He is not in a position of authority, which makes ALL the difference, and he is obviously not going to use those servers to communicate HIGH level Secure info, once he is in the position. Get a clue!!!
and not under requirement to keep records for accountability.
This is a very, very lame attempt to compare apples to oranges to make one party look less evil.
That's exactly why I support Hillary.
She's a hard-ass Gangsta who has played the game and WINS.
You stupid Republicunts can't even keep your own people in line, failing to elect Ted Cruz. You keep wasting The Peoples' time and treasure trying to pin dirt on her before Congress, FAILing every time.
Trump on the other hand, has FAILed numerous times with bankruptcies, stiffing good hard-working Americans over and over. What a freakin' LOSER. He's already priming the pump for his excuses for FAILing yet again with all this "the election is rigged" LOSER bullshit. No duh the system's rigged, you're not WINNER enough to successfully game it.
Except Hillary was a high-level government employee who had been given access to a secured government system and told that all of her official business was supposed to be handled on the secured government citizen and that anything else was a crime.
Trump is a private citizen conducting private business.
If you can't see the difference, then you are not very bright.
The Democrats in question brag that they have team at EVERY Trump and/or Pence rally doing this stuff.
They claim credit for the Chicago rally, the one in the LA area, the one where an old lady with an O2 tank got punched (SHE was an old leftie on their payroll and trained to provoke people). They trained the agitators who were in the KKK hood and provoked a black Trump supporter to punch them. Now the most-famous three incidents of "Trump violence", which were played endlessly by ABC,CBS,NBC,MSNBC,etc are all accounted for as Hillary and Obama violence.
These people led by a felon who was in the Obama White House nearly every week of the presidency, and met with Obama himself more often than most members of congress, are the worst trolls in out entire political system.
It leads to another set of questions:
Will the DNC and the Hillary campaign who are now known to be funding and orchestrating political violence, be willing to lie?
Are they tied to the fire-bombing of the RNC office in North Carolina several days ago?
Are they related to the robbery of another RNC office within the past 3 days?
No more whining that Trump offered to pay the legal bills for an old guy who punched pack at one of these paid agitators.
Has anyone gone to the site or run a scan? This looks like a political troll to me.
Comey might be a Republican, but he is probably a "Never Trump" Republican, like the Bushes. In other words: the sort of corrupt Washington-establishment-first politician that is more-accurately a Republicrat or a Dinocan (there are plenty on both sides of the political aisle who are actually more tethered to the nation's elites than the the voters in "fly-over country".
What we know with certainty is that the man has no regard for the law, or the basic concept of everybody being equal under the law. He "re-interpreted" the law to require "intent" (the law was written to NOT require intent in order to deter even recklessness) and then decided Hillary had no such intent despite a mountain of evidence of intent of the sort used every day in courts across the nation. Simply trying to "cover your tracks" is evidence of guilt and intent in most criminal cases. Hell, the woman lied about all this UNDER OATH before congress and NATIONAL TELEVISION (C-SPAN) and Comey neither considered this nor prosecuted her for those acts of perjury
Why it don't surprises me?
I dislike the idiot Hannity rather intensely and have never been to his website. What exactly do you claim I copied and pasted?
As for O'Keefe, he edits his videos for time and content for release to the press, AS ALL REPORTERS DO, but then also releases the raw stuff which is more honest than any other reporter I am aware of.
Stop attacking the messengers; it's pretty obvious that you are trying to dodge the facts.
Nice try.
Difference between the two being there is no federal law against a private citizen or a political campaign using private and/or insecure servers. There are in fact several federal laws against a government official using private and/or insecure servers and at least several more federal laws against storing or transmitting classified information to or from such a system.
The revelations about Trump's servers have nothing to do with National Security, nor do they or should they give HRC a pass. What they do is point out his incompetence and the hypocrisy of his claim, about taxes, that "if he didn't translate paper wealth to real wealth and take a loss on it, he'd be guilty of fiduciary irresponsibility to his shareholders." Failing to go to the furtherest extent to protect the corporate secrets of Trump Inc., is fiduciary irresponsibility by the same measure, is it not?
InvalidCastException : Unable to cast object of type 'Insecure Server' to type 'Out Of Band Server'
No. They haven't. Most previous SOS's did not use email at all, and what few Powell sent were preserved.
Hillary Clinton was, which makes her a hypocrite for doing the same thing within two years of that rant, and her supporters mindless sycophants for excusing it.
I don't know about hacking but when my ex was cheating on me, a friend of mine referred me to Mr Robert I thought it wasn't real but he later proved me wrong by helping me to spy on my ex-husband and got me all the necessary evidence I needed. He helped me to hack and spy on his emails, mobile , all his social media and his bank accounts, Robert did all this remotely without touching his devices. You can contact him with mastershield55@gmail.com if you are in the same shoe as I was..