Slashdot Mirror

← Back to Stories (view on slashdot.org)

Donald Trump Running Insecure Email Servers (theregister.co.uk)

Posted by msmash on from the pol-and-kettles dept.

Donald Trump has slammed Hillary Clinton for using private email servers numerous times, but it turns out his inboxes aren't that secure either. From a report on The Register: Security researcher Kevin Beaumont discovered the Trump organization uses a hopelessly outdated and insecure internet setup. Servers on the Trump Organization's domain, TrumpOrg.com, are using outdated software, run Windows Server 2003 and the built-in Internet Information Server 6 web server. Microsoft cut off support for this technology in July 2015, leaving the systems unpatched for the last 15 months. In addition, Beaumont said he'd found that emails from the Trump Organization failed to support two-factor authentication. That's particularly bad because the Trump Organization's web-based email access page relies on an outdated March 2015 build of Microsoft Exchange 2007, he says. "Windows Server 2003, IIS 6 and Exchange 2003 went end of life years ago. There are no security fixes. They don't have basics down," the UK-based researcher concludes. Beaumont's findings are based simply on inspecting publicly available information rather than actively scanning for vulnerabilities or attempting to gain access to insecure systems, a point lost on Trump supporters who have reported him to the Feds.

6 of 445 comments (clear)

  1. Re:But . . . by ScentCone · · Score: 5, Informative

    As if the Secretary of State even had access to the truly classified documents...

    Yes, the SoS does have access to such. And is regularly briefed on stuff that's much, much more sensitive than merely "classified." The person holding that job is on the short list of people in line for the presidency if a small number of particularly bad things happen.

    The documents Clinton had slopping around on her home computer included things that were considered so sensitive that the intel community insisted not on merely having the contents redacted, but on the documents not even being abstractly described (in terms of dates, to/from info, let alone the actual content).

    --
    Don't disappoint your bird dog. Go to the range.
  2. Re:As much as I dislike Trump ... by smooth+wombat · · Score: 5, Informative

    So she was following the example of Bush who didn't preserve millions of emails as the law requires so he could hide his illegal activities from FOIA requests.

    Got it.

    --
    We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
  3. Are they asking to be hacked? by hawguy · · Score: 3, Informative

    Seems like they just put out a call to be hacked:

    The Trump Organisation responded to Beaumont’s criticism by putting out a statement to the media saying that its web setup is shielded behind a firewall.

    The Trump Organization deploys best in class firewall and anti-vulnerability technology with constant 24/7 monitoring. Our infrastructure is vast and leverages multiple platforms which are consistently monitored and upgraded using current cyber security best practices.

  4. Re:You Trump supporters and your damn facts by vux984 · · Score: 4, Informative

    So what if he is just a private citizen and doesn't even have access to (supposedly) secure government servers.

    Nobody is expecting him to be using servers audited and monitored by the NSA.

    They expect him to be using servers that aren't running EOL versions of Windows 2003. Because, in Trump's own word's...

    "Iâ(TM)m going to surround myself only with the best and most serious people. We want top of the line professionals."

    I

  5. Re: But . . . by KenHansen · · Score: 4, Informative

    His National Security briefings are received in-person, not presented as emailed PPT presentations... You know, once upon a time it was considered a good security technique to change the identity signatures of your server to mid-lead would-be hackers. I'' not saying that Trump's IT team did this, but the basis of this 'report' is that some, without ever attempting to hack into the servers, used 'public records' to determine he was running Windows Server 2003 & IIS 6. I find it hard to believe it never occurred to anyone to try and hack into his servers, or if it did occur to them that they were found to be impenetrable... Bottom line, a lazy reporter extrapolated a story out of a few server identification response strings. Wow.

  6. Re: But . . . by kilfarsnar · · Score: 2, Informative

    Hillary was responsible for deaths at Beghazi.

    How many hearings did the Republicans hold on this issue? They investigated it over and over. And they came up with nothing. If they had found anything they would have run with it. And yet here you are, still fucking that chicken.

    --
    "What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)