Slashdot Mirror

← Back to Stories (view on slashdot.org)

Donald Trump Running Insecure Email Servers (theregister.co.uk)

Posted by msmash on from the pol-and-kettles dept.

Donald Trump has slammed Hillary Clinton for using private email servers numerous times, but it turns out his inboxes aren't that secure either. From a report on The Register: Security researcher Kevin Beaumont discovered the Trump organization uses a hopelessly outdated and insecure internet setup. Servers on the Trump Organization's domain, TrumpOrg.com, are using outdated software, run Windows Server 2003 and the built-in Internet Information Server 6 web server. Microsoft cut off support for this technology in July 2015, leaving the systems unpatched for the last 15 months. In addition, Beaumont said he'd found that emails from the Trump Organization failed to support two-factor authentication. That's particularly bad because the Trump Organization's web-based email access page relies on an outdated March 2015 build of Microsoft Exchange 2007, he says. "Windows Server 2003, IIS 6 and Exchange 2003 went end of life years ago. There are no security fixes. They don't have basics down," the UK-based researcher concludes. Beaumont's findings are based simply on inspecting publicly available information rather than actively scanning for vulnerabilities or attempting to gain access to insecure systems, a point lost on Trump supporters who have reported him to the Feds.

20 of 445 comments (clear)

  1. But . . . by reboot246 · · Score: 5, Insightful

    Trump is not the Secretary of State. He doesn't have the country's classified documents on his server.

    1. Re:But . . . by Anonymous Coward · · Score: 5, Insightful

      Exactly. Thread closed.

    2. Re:But . . . by Software · · Score: 5, Insightful

      One of Trump's frequent arguments is that he's so much better than Clinton because he "hires the best people." This story puts the lie to that.

    3. Re:But . . . by Anonymous Coward · · Score: 5, Insightful

      Exactly right. This article REEKS of whiny liberal finger pointing. When he's Secretary of State and hides an email server in his bathroom at his house, then you have a scandal. Kevin Beaumont comes off like a juvenile, as do the author and anyone citing this "article" as some kind of "gotcha" moment.

      But liberals, who claim keeping a server in your bathroom closet when your the Secretary of State is a "non issue", will undoubtedly continue to show their hypocrisy with this.

    4. Re:But . . . by amRadioHed · · Score: 4, Insightful

      Sure, what would a multi-billion dollar organization need security for? That makes sense.

      --
      We hope your rules and wisdom choke you / Now we are one in everlasting peace
    5. Re:But . . . by amiga3D · · Score: 4, Insightful

      House Chairman on the intelligence committee has a very high clearance and there were many of the documents that even he wasn't cleared for. The fact that she had highly classified material on the private server is indisputable. The only dispute is whether it was a crime or not. Basically the FBI accepted her explanation that she's an idiot and I have to agree, she is. Arrogance is it's own kind of stupidity.

    6. Re:But . . . by unixisc · · Score: 5, Insightful

      Trump is not the Secretary of State. He doesn't have the country's classified documents on his server.

      Precisely! It's not like Trump has overridden the State Department and insisted in substituting their secure servers for his insecure ones. It just happens that his organization uses servers that it bought way back 12 years ago, and didn't consider it worthwhile getting onto the Microsoft upgrade treadmill. Can't say that I would fault them.

      But they might do well to look into migrating to either Linux or one of the BSDs, so that this is not an issue going forward

    7. Re: But . . . by Anonymous Coward · · Score: 1, Insightful

      Trump lies. But Hillary lied to the mothers of the people who died in Benghazi, which thanks to Wikileaks, we now definitively know was her fault. Trump has no blood on his hands and isn't a two faced liar who works for Goldman Sachs, George Soros, and other authoritarians.

      Plus, even the FBI said she had classified materials on her private server, which also violates record retention laws so that you and I can do FOIA requests. Had I done what Hillary did, I would be in jail. (I was in the military and I was in a position to enforce this very law as a commanding officer)

    8. Re:But . . . by AmiMoJo · · Score: 3, Insightful

      It shows that he is at least as incompetent as she is. In fact it's part of a pattern of behaviour, where he claims to have the best people but it turns out to be untrue, e.g. Trump University.

      It's also rather interesting that the Russians or whoever hacked the DNC looking to weaken their campaign, but didn't hack him even though they easily could have. Or more likely they did, but didn't release the stolen data.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    9. Re:But . . . by aquacrayfish · · Score: 3, Insightful

      Since when do you 'need the best people' to understand that running a currently unsupported OS from 2003 is a bad thing? That isn't hard to understand or update.

  2. As much as I dislike Trump ... by MacTO · · Score: 4, Insightful

    These allegations are different from the Clinton allegations. They point to possible incompetence in maintaining a private email system, in contrast to allegations of violating govenment policies and regulations regarding a government official. Had Trump done something like this while working in government rather than campaigning for office, the allegations would hold more weight.

    1. Re:As much as I dislike Trump ... by smooth+wombat · · Score: 1, Insightful

      If his team can't do the job now, why would we expect them to do any better if they get elected? His track record should be of concern to everyone.

      --
      We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
    2. Re:As much as I dislike Trump ... by Tesen · · Score: 4, Insightful

      Except the White House/State Department told her she could set up her own server.

      And the fact that past administrations did the same damn thing. Shit, I still want those 22 million Bush era emails back.Nay, the email situation, the Benghazi attacks (another right wing hack job) stems from decades of mismanagement and unfortunately the old saying holds true: "Here is the new boss, who is the same as the old boss".

      I would take the Clinton email situation a little more seriously if The Congress didn't target her specifically to take down and give previous administrations free passes. Seriously, Clinton is a result of what the "oversight" committees have let run loose and wild for decades. The entire point of the three branches of government were controls and oversights, so we have 13 embassy attacks with 60 dead prior to Benghazi, ZERO, ZERO investigations or people held accountable, status-quo oh well, more peons where they came from. We have the Bush administration using RNC servers for government correspondence to avoid FOI too and contrary to what you all may believe, the RNC is not the government, it is simply a political organization (you can start one too if you wanted!), nothing done or said, no one held accountable.

      If you think Trump is an outsider and will not fall victim to the above you would be mistaken; Trump did not get to where he is without rubbing elbows with the political and financial elite; I mean shit, Trump by his own admissions is one of the financial elite as he says he is worth billions of dollars (definitely got a taxpayer bail out, by not paying nearly a billion dollars in taxes, sounds like an elitist to me). If we have learned anything over the last decade and a half (thank you Mr. Snowden) that the elite think they can do whatever they want. Trump is a prime example of this (as is Clinton).

      Trump also claims that he is the best at everything because he hires the best people; this email server may contain nothing that can be used against Trump (whether publicly of privately), but it does show a lack of critical thinking. Out of one side of his mouth he is taking Hillary to task about her insecure email environment that was compromised with sensitive material on it, and the other side of his mouth he is so arrogant he has not even tried to clean his own house...

      Bottom line: If Trump gets in, we are totally and utterly fucked, if Hillary gets in, we are a lot less fucked, but still fucked...

      Reach around anyone?

    3. Re:As much as I dislike Trump ... by smooth+wombat · · Score: 4, Insightful

      And yet time and again Clinton is used to point out this or that even though he hasn't been president for well over a decade.

      Make your mind up. If the lies and criminal acts of Bush and Cheney can't be used in a discussion than neither can Bill Clinton.

      And no, crimes of past president's are not irrelevant. They are very relevant since they show the hypocrisy of people who will excuse those crimes but suddenly become appalled when someone else does the exact same thing. If you didn't consider it a crime then you can't consider it a crime now.

      You can't have it both ways hypocrite.

      --
      We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
    4. Re:As much as I dislike Trump ... by Gussington · · Score: 3, Insightful

      When someone points out Hillary's crimes there is always someone that pops up with "well Bush did this" or Cheney did that...the crimes of past presidents are irrelevant to discussion. We're talking about Hillary being a criminal, stay on topic

      Except in law it does matter, because the law has to be consistent. So if want to convict Hillary, you'll also have to line up Colin Powell, Condi Rice, and George W Bush.
      The simple fact is everyone did it, including Trump, which is why it's a non-issue. You can't convict them all.

  3. Far be it for me to defend the moron... by Type44Q · · Score: 3, Insightful

    Far be it for me to defend the moron... but did the dipshit who posted this bother to consider that Trump isn't the fucking Secretary of State and it therefore doesn't fucking matter.

  4. Let's repeat it again, Hillary fans... by x0ra · · Score: 1, Insightful

    Trump isn't the Secretary of State and don't handle classifieds documents.

    UNDERSTOOD ?

  5. Re:trumporg.com? by ScentCone · · Score: 3, Insightful

    He couldn't decide between getting an .org or a .com domain, so he took trumporg.com?

    He is involved in several hundred business ventures and holdings. Collectively, those companies are and have for a long time been referred to as "The Trump Organization." And it's a business, so a .com domain of a shortened version of his company's familiar name makes sense. All of which you know, so the question is why you're pretending to be dumb so you can toss out some lame, faux-misinformed ridicule in hopes of scoring a couple of pointless points with low information readers.

    --
    Don't disappoint your bird dog. Go to the range.
  6. Yeah, it's SOOO hard to hack old IIS servers. by Xenographic · · Score: 4, Insightful

    Are you actually trying to make people here on Slashdot believe that it takes a state actor to hack an old IIS server?

    Are you actually telling me that none of the people worried that Trump will start a nuclear war would be willing or able to dump the contents of an old IIS server if they could find anything juicy in there?

    I bet someone already DID steal it and are having trouble finding anything more interesting than the stuff he puts on Twitter. I wonder if CNN will try to tell us that looking through a Trump dump is illegal if they ever get one?

  7. Not uninteresting by XXongo · · Score: 3, Insightful

    Exactly. Thread closed.

    Just because he is not secretary of state does not mean that it's uninteresting that his e-mail servers are not secure.

    It does bring up an interesting question: so, why are only DNC email being leaked? If the Trump servers are also insecure, why aren't we seeing leaks of them?