Slashdot Mirror

← Back to Stories (view on slashdot.org)

Donald Trump Running Insecure Email Servers (theregister.co.uk)

Posted by msmash on from the pol-and-kettles dept.

Donald Trump has slammed Hillary Clinton for using private email servers numerous times, but it turns out his inboxes aren't that secure either. From a report on The Register: Security researcher Kevin Beaumont discovered the Trump organization uses a hopelessly outdated and insecure internet setup. Servers on the Trump Organization's domain, TrumpOrg.com, are using outdated software, run Windows Server 2003 and the built-in Internet Information Server 6 web server. Microsoft cut off support for this technology in July 2015, leaving the systems unpatched for the last 15 months. In addition, Beaumont said he'd found that emails from the Trump Organization failed to support two-factor authentication. That's particularly bad because the Trump Organization's web-based email access page relies on an outdated March 2015 build of Microsoft Exchange 2007, he says. "Windows Server 2003, IIS 6 and Exchange 2003 went end of life years ago. There are no security fixes. They don't have basics down," the UK-based researcher concludes. Beaumont's findings are based simply on inspecting publicly available information rather than actively scanning for vulnerabilities or attempting to gain access to insecure systems, a point lost on Trump supporters who have reported him to the Feds.

18 of 445 comments (clear)

  1. But . . . by reboot246 · · Score: 5, Insightful

    Trump is not the Secretary of State. He doesn't have the country's classified documents on his server.

    1. Re:But . . . by Anonymous Coward · · Score: 5, Insightful

      Exactly. Thread closed.

    2. Re:But . . . by Software · · Score: 5, Insightful

      One of Trump's frequent arguments is that he's so much better than Clinton because he "hires the best people." This story puts the lie to that.

    3. Re:But . . . by Anonymous Coward · · Score: 5, Insightful

      Exactly right. This article REEKS of whiny liberal finger pointing. When he's Secretary of State and hides an email server in his bathroom at his house, then you have a scandal. Kevin Beaumont comes off like a juvenile, as do the author and anyone citing this "article" as some kind of "gotcha" moment.

      But liberals, who claim keeping a server in your bathroom closet when your the Secretary of State is a "non issue", will undoubtedly continue to show their hypocrisy with this.

    4. Re:But . . . by ScentCone · · Score: 5, Informative

      As if the Secretary of State even had access to the truly classified documents...

      Yes, the SoS does have access to such. And is regularly briefed on stuff that's much, much more sensitive than merely "classified." The person holding that job is on the short list of people in line for the presidency if a small number of particularly bad things happen.

      The documents Clinton had slopping around on her home computer included things that were considered so sensitive that the intel community insisted not on merely having the contents redacted, but on the documents not even being abstractly described (in terms of dates, to/from info, let alone the actual content).

      --
      Don't disappoint your bird dog. Go to the range.
    5. Re:But . . . by amRadioHed · · Score: 4, Insightful

      Sure, what would a multi-billion dollar organization need security for? That makes sense.

      --
      We hope your rules and wisdom choke you / Now we are one in everlasting peace
    6. Re:But . . . by amiga3D · · Score: 4, Insightful

      House Chairman on the intelligence committee has a very high clearance and there were many of the documents that even he wasn't cleared for. The fact that she had highly classified material on the private server is indisputable. The only dispute is whether it was a crime or not. Basically the FBI accepted her explanation that she's an idiot and I have to agree, she is. Arrogance is it's own kind of stupidity.

    7. Re:But . . . by unixisc · · Score: 5, Insightful

      Trump is not the Secretary of State. He doesn't have the country's classified documents on his server.

      Precisely! It's not like Trump has overridden the State Department and insisted in substituting their secure servers for his insecure ones. It just happens that his organization uses servers that it bought way back 12 years ago, and didn't consider it worthwhile getting onto the Microsoft upgrade treadmill. Can't say that I would fault them.

      But they might do well to look into migrating to either Linux or one of the BSDs, so that this is not an issue going forward

    8. Re: But . . . by KenHansen · · Score: 4, Informative

      His National Security briefings are received in-person, not presented as emailed PPT presentations... You know, once upon a time it was considered a good security technique to change the identity signatures of your server to mid-lead would-be hackers. I'' not saying that Trump's IT team did this, but the basis of this 'report' is that some, without ever attempting to hack into the servers, used 'public records' to determine he was running Windows Server 2003 & IIS 6. I find it hard to believe it never occurred to anyone to try and hack into his servers, or if it did occur to them that they were found to be impenetrable... Bottom line, a lazy reporter extrapolated a story out of a few server identification response strings. Wow.

  2. As much as I dislike Trump ... by MacTO · · Score: 4, Insightful

    These allegations are different from the Clinton allegations. They point to possible incompetence in maintaining a private email system, in contrast to allegations of violating govenment policies and regulations regarding a government official. Had Trump done something like this while working in government rather than campaigning for office, the allegations would hold more weight.

    1. Re:As much as I dislike Trump ... by smooth+wombat · · Score: 5, Informative

      So she was following the example of Bush who didn't preserve millions of emails as the law requires so he could hide his illegal activities from FOIA requests.

      Got it.

      --
      We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
    2. Re:As much as I dislike Trump ... by Tesen · · Score: 4, Insightful

      Except the White House/State Department told her she could set up her own server.

      And the fact that past administrations did the same damn thing. Shit, I still want those 22 million Bush era emails back.Nay, the email situation, the Benghazi attacks (another right wing hack job) stems from decades of mismanagement and unfortunately the old saying holds true: "Here is the new boss, who is the same as the old boss".

      I would take the Clinton email situation a little more seriously if The Congress didn't target her specifically to take down and give previous administrations free passes. Seriously, Clinton is a result of what the "oversight" committees have let run loose and wild for decades. The entire point of the three branches of government were controls and oversights, so we have 13 embassy attacks with 60 dead prior to Benghazi, ZERO, ZERO investigations or people held accountable, status-quo oh well, more peons where they came from. We have the Bush administration using RNC servers for government correspondence to avoid FOI too and contrary to what you all may believe, the RNC is not the government, it is simply a political organization (you can start one too if you wanted!), nothing done or said, no one held accountable.

      If you think Trump is an outsider and will not fall victim to the above you would be mistaken; Trump did not get to where he is without rubbing elbows with the political and financial elite; I mean shit, Trump by his own admissions is one of the financial elite as he says he is worth billions of dollars (definitely got a taxpayer bail out, by not paying nearly a billion dollars in taxes, sounds like an elitist to me). If we have learned anything over the last decade and a half (thank you Mr. Snowden) that the elite think they can do whatever they want. Trump is a prime example of this (as is Clinton).

      Trump also claims that he is the best at everything because he hires the best people; this email server may contain nothing that can be used against Trump (whether publicly of privately), but it does show a lack of critical thinking. Out of one side of his mouth he is taking Hillary to task about her insecure email environment that was compromised with sensitive material on it, and the other side of his mouth he is so arrogant he has not even tried to clean his own house...

      Bottom line: If Trump gets in, we are totally and utterly fucked, if Hillary gets in, we are a lot less fucked, but still fucked...

      Reach around anyone?

    3. Re:As much as I dislike Trump ... by smooth+wombat · · Score: 4, Insightful

      And yet time and again Clinton is used to point out this or that even though he hasn't been president for well over a decade.

      Make your mind up. If the lies and criminal acts of Bush and Cheney can't be used in a discussion than neither can Bill Clinton.

      And no, crimes of past president's are not irrelevant. They are very relevant since they show the hypocrisy of people who will excuse those crimes but suddenly become appalled when someone else does the exact same thing. If you didn't consider it a crime then you can't consider it a crime now.

      You can't have it both ways hypocrite.

      --
      We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
  3. Re:Let's repeat it again, Hillary fans... by PopeRatzo · · Score: 4, Interesting

    Trump isn't the Secretary of State and don't handle classifieds documents.

    UNDERSTOOD ?

    Donald Trump is being given national security briefings, so who knows?

    --
    You are welcome on my lawn.
  4. trumporg.com? by rduke15 · · Score: 4, Funny

    He couldn't decide between getting an .org or a .com domain, so he took trumporg.com?
    Anyway, trumpcom.org is still available if someone has an idea of something to do with it...

    $ whois trumpcom.org
    NOT FOUND
    >>> Last update of WHOIS database: 2016-10-19T23:47:43Z

  5. Re:You Trump supporters and your damn facts by vux984 · · Score: 4, Informative

    So what if he is just a private citizen and doesn't even have access to (supposedly) secure government servers.

    Nobody is expecting him to be using servers audited and monitored by the NSA.

    They expect him to be using servers that aren't running EOL versions of Windows 2003. Because, in Trump's own word's...

    "Iâ(TM)m going to surround myself only with the best and most serious people. We want top of the line professionals."

    I

  6. This changes the hacks by dirk · · Score: 4, Interesting

    So this certainly puts a different spin on the DNC and Clinton email hacks. It certainly looks more and more like they were politically motivated. A curious child could hack this setup and yet there has been no release of documents from the Trump campaign's email servers. If it truly was about just sharing information, why would they not attack both sides? The longer it goes, the more it looks like someone (or someones) is purposely trying to influence the election with the hacks and leaks. If Wikileaks was really about just releasing information, why would they be slowly releasing the hacked emails over time before the election instead of just releasing them all at once? IT's not like the scrub person information from them, so what is the purpose of slowly dishing them out if not to keep it in the news and influence people?

    --

    "Information wants to be expensive" - Stewart Brand, the same guy who said "Information wants to be free"
  7. Yeah, it's SOOO hard to hack old IIS servers. by Xenographic · · Score: 4, Insightful

    Are you actually trying to make people here on Slashdot believe that it takes a state actor to hack an old IIS server?

    Are you actually telling me that none of the people worried that Trump will start a nuclear war would be willing or able to dump the contents of an old IIS server if they could find anything juicy in there?

    I bet someone already DID steal it and are having trouble finding anything more interesting than the stuff he puts on Twitter. I wonder if CNN will try to tell us that looking through a Trump dump is illegal if they ever get one?