Slashdot Mirror
Trump's Cyber Security Advisor Rudy Giuliani Runs Ancient, Utterly Hackable Website (theregister.co.uk)
mask.of.sanity writes from a report via The Register: U.S. president-elect Donald Trump's freshly minted cyber tsar Rudy Giuliani runs a website so insecure that its content management system is five years out of date, unpatched and is utterly hackable. Giulianisecurity.com, the website for Giuliani's eponymous infosec consultancy firm, runs Joomla! version 3.0, released in 2012, and since found to carry 15 separate vulnerabilities. More bugs and poor secure controls abound. The Register report adds: "Some of those bugs can be potentially exploited by miscreants using basic SQL injection techniques to compromise the server. This seemingly insecure system also has a surprising number of network ports open -- from MySQL and anonymous LDAP to a very out-of-date OpenSSH 4.7 that was released in 2007. It also runs a rather old version of FreeBSD. 'You can probably break into Giuliani's server,' said Robert Graham of Errata Security. 'I know this because other FreeBSD servers in the same data center have already been broken into, tagged by hackers, or are now serving viruses. 'But that doesn't matter. There's nothing on Giuliani's server worth hacking.'"
The Russians are only interested in hacking Democrats servers.
Where would that get them? Being able to blackmail the current Republican administration and the current Republican dominated congress would be much more useful.
Robert Graham explained it succinctly: http://blog.erratasec.com/2017... .
The real story here is that Giuliani is now a goddamn cybersecurity advisor, not that this personal site is crap. The guy was hired not because of competence but because he spent the entire campaign kissing Trump's ass.
there's nothing else to talk about. /THREAD
Does his server contain highly classified e-mail messages too?
Giuliani has been hired to endorse and push laws that further Trump's administration's ability to invade the privacy of those they dislike, and to prosecute those who dare to use technology or the internet to speak out against them.
Require Muslim citizens to register their devices before being allowed to sign up for broadband? Sounds like cybersecurity to me! Emailing someone an article disparaging Trump? Sounds like CYBERTERRORISM right Rudy?
So I am sure all of these anti Trump/Giuliani posts are perfectly content with the job the Obama administration has done, what with the millions of accounts hacked at OPM and hundreds, if not thousands of cyber foreign cyber attacks on US companies and contractors???
Anyone who thinks that Giuliani, a very active public figure, is going to update the Giuliani web site himself is an idiot. He paid someone to put that site together, and if it gets hacked, so what, i'ts not like he is storing classified government documents on it like someone else we know did... Part of any good security is knowing what is worth protecting and what can be isolated and wiped and restored more economically than putting a lot of effort into protection.
This is the way it works in business and how it is supposed to work in government. Trump thinks hacking of US companies/government/contractors is way out of hand. Finds a smart guy (Giuliani) who understands geopolitics and security in general, as well as how to lead a team and get shit done. Hires Giuliani. Giuliani puts together a team of experts to work on guidelines for better protecting the US from hacking and what our response should be for foreign and domestic hacks, how to minimize damage, steps to take to block foreign access to sensitive data and prevent phishing etc. etc. Giuliani has to know very little about the actual implementation of any specific instance of cyber security, his job is by an large as a facilitator to bring the right people together and help cover the bases as the team works together.
If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
I figured it would have to be Joomla. I'm doing maintenance programming on a Joomla site right now, and it's just a complete mess. There is nothing good about any part of the framework and no one should use it for anything. There is no "right way" to do things, and the documentation is beyond awful: obsolete, incomplete, badly written. Beyond the official documentation, most books on Joomla either don't cover the latest major version, or mention it but focus on the legacy interfaces. One is forced to look at the code itself for examples of what to do, and apparently that means make it up as you go along, There is no consistency even in the unit tests, hell, even in which testing framework they're using. And (at least IMO) there is no consistent vision because the fundamental design is crap.
Use of Joomla for any purpose should be a firing offense.
Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
Just because someone is good at getting city bureaucrats in line doesn't mean they know jack squat about information security. I've dealt with lots of very successful people who run large businesses in various industries, and are very good at that. They're good in their field, but they don't know infosec. The ones who realize that (and that it's important) hire people who do know it... something Giuliani clearly hasn't done.
I certainly don't expect Giuliani himself to go code up a solution or configure his servers himself. I do expect that he ought to know the importance of hiring good people, and of showing people that you know what you're talking about. Would you hire a plumber who has a broken toilet he can't/won't fix in his own shop's bathroom?
Considering how many Trump cabinet appointees are openly opposed to the missions - or even existence - of the departments he is aiming to appoint them to head, why would it be a surprise that a "cyber security advisor" is running an atrociously insecure site?
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Exactly. He can't possibly be any worse than OPM, who while working for Obama, handed all of my sensitive information over to the Chinese.
Every family member's names. Maiden names. Every school I went to. Fingerprints. Medical history. And every detail of my personal life that could possibly be used against me. All handed over to the Chinese. This isn't just the answers to every possible secret question used by every financial site. It is also information that if used against you, and can really leave you in a compromising situation. Not only me, but for some 18 million people who spend their professional lives protecting classified information, and are required to remain anonymous.
Despite all this, ask any of those people where they'd be if they got caught keeping top-secret information on an unsecured server in their bathroom.
In contrast, I'll gladly put up with Rudy's choice for outsourcing a site where there's nothing worth hacking. This post is another lame attempt by the special snowflake BeauHD, who is still upset that his queen lost what she thinks she was entitled to.
Of your points, this is one that I wanted to address because this sort of protectionism is something which really resonates with people who don't think too hard about it. It seems so simple: "Protect American jobs! The only cost is screwing some foreigners! Why haven't we been doing this all along? Our government must be corrupt or stupid or something." It's a topic which demagogues can latch onto, but the only people who protectionism really benefits are the people in control of the industry in question. Even to the peons in that industry the benefit from protectionism is questionable.
Finally, a cogent argument and the start of a discussion.
You say that protectionism seems good on the surface, but ultimately hurts the country.
Firstly, I think you're drawing a black-white distinction between protectionism and globalism, as if there are no middle ground positions or other policies. We could easily be protectionist in one industry and globalist in another, or "slightly" protectionist (through tariffs, for instance), or isolationist (like North Korea) in some circumstances(*).
Secondly, you're repeating an economist meme without citing references or analysis or even rationale, and making your point by making an emotional appeal.
I claim that the economist meme "globalism is better for a country" is false, in the mathematical sense.
I'm familiar with the globalism rationale as set forth by economists, and I agree that the mathematics show that globalism is better, but the analysis is based on a model that makes many assumptions. Even though the mathematics pans out, when the assumptions don't match the model you can't rely on the conclusions.
It's like Nate Silver predicting Hillary would win the election. It was based on sound statistical models with no calculation errors, but the assumptions were faulty.
In the specific case of globalism, the model assumes an economic and citizen equality between the two nations. Specifically, if both nations allow citizens to acquire and keep wealth, the model works as planned. When this is not true, all the wealth flows out of the wealth-building nation and into the poor nation, where it is squandered and lost.
To be even more specific, someone from Poland or Greece could emigrate to the UK and take a high-paying job (lab tech, dentist, programmer, or similar), but a Brit cannot expect to emigrate to Poland or Greece and do the same. Poland and Greece are rife with corruption, which makes it almost impossible to build wealth. For contrast, a Brit and a Norwegian could realistically swap places, in the economic sense.
Someone in China could do the same manufacturing jobs as Americans, but after a lifetime of work would have almost nothing to show: No paid-off house, or car, or retirement funds. Most of the wealth in China goes to the government, which spends it on infrastructure, much of which is unwisely spent.
Furthermore, a Chinese can emigrate to the US and take a job or start a company, but it's impossible for an American to go to China to do this, even if you live there and are married to a local. The difference in model completely reverses the effects of globalism on the US: It puts the US is in decline, while China experiences impressive growth.
And finally, the idea of "good for the country" in the minds of economists is based on the wealth of the corporations. The welfare of the citizenry is an afterthought in these models, as unemployment rate, and that only because of its effect on the corporations.
For these reasons, globalism is a terrible idea even though it's repeated by economists a lot, and even though their mathematics and analysis is correct.
That is my rationale, and the logical underpinnings of why that economic meme is wrong.
If you have a counter argument, I'd like to hear it... but just restating your position or saying "most economists agree" isn't a proper argument, and making an emotional appeal (which you've already done) i