Slashdot Mirror
Trump's Cyber Security Advisor Rudy Giuliani Runs Ancient, Utterly Hackable Website (theregister.co.uk)
mask.of.sanity writes from a report via The Register: U.S. president-elect Donald Trump's freshly minted cyber tsar Rudy Giuliani runs a website so insecure that its content management system is five years out of date, unpatched and is utterly hackable. Giulianisecurity.com, the website for Giuliani's eponymous infosec consultancy firm, runs Joomla! version 3.0, released in 2012, and since found to carry 15 separate vulnerabilities. More bugs and poor secure controls abound. The Register report adds: "Some of those bugs can be potentially exploited by miscreants using basic SQL injection techniques to compromise the server. This seemingly insecure system also has a surprising number of network ports open -- from MySQL and anonymous LDAP to a very out-of-date OpenSSH 4.7 that was released in 2007. It also runs a rather old version of FreeBSD. 'You can probably break into Giuliani's server,' said Robert Graham of Errata Security. 'I know this because other FreeBSD servers in the same data center have already been broken into, tagged by hackers, or are now serving viruses. 'But that doesn't matter. There's nothing on Giuliani's server worth hacking.'"
Robert Graham explained it succinctly: http://blog.erratasec.com/2017... .
The real story here is that Giuliani is now a goddamn cybersecurity advisor, not that this personal site is crap. The guy was hired not because of competence but because he spent the entire campaign kissing Trump's ass.
there's nothing else to talk about. /THREAD
Does his server contain highly classified e-mail messages too?
Actually the website is apparently ran by a company called datarocket, which has an amazing website designed from the early 90s. (https://whois.icann.org/en/lookup?name=giulianisecurity.com & datarocket.com). I doubt Rudy even know what a webserver really is, let alone how to configure it.
/s
So he will be a great fit as a Cyber Security Advisor.
"So we had to get very, very tough on cyber and cyber warfare. It is a huge problem. I have a son—he’s 10 years old. He has computers. He is so good with these computers. It’s unbelievable. The security aspect of cyber is very, very tough. And maybe, it's hardly doable. But I will say, we are not doing the job we should be doing. But that’s true throughout our whole governmental society. We have so many things that we have to do better, Lester. And certainly cyber is one of them."
I don't respond to AC's.
other than his professional reputation.
"giulianisecurity.com’s DNS address could not be found."
Rick B.
[P]If someone wants to prove a point they can hack it. Someone will have an egg on their face, another will look bad, maybe someone will get fired, and some meetings will be scheduled to fix it. [/p]
[P] Call me if he starts trying to run an email server to pass classified infomartion to skirt federal record keeping rules on that same box, THEN you might have a story. [/p]
lets all have a good laff at this dude using vbb tags on the ole slashdot
Giuliani has been hired to endorse and push laws that further Trump's administration's ability to invade the privacy of those they dislike, and to prosecute those who dare to use technology or the internet to speak out against them.
Require Muslim citizens to register their devices before being allowed to sign up for broadband? Sounds like cybersecurity to me! Emailing someone an article disparaging Trump? Sounds like CYBERTERRORISM right Rudy?
Knew
with a K
The DNS entry has been removed, but the server continues to run:
http://209.238.99.227/index.ph...
beware!
4wdloop
Is that guy something; or is that guy something? I mean, you gotta give this crew credit. They are so fucking good... Know what he's looking at?
Us. The L.A.P.D. The Police Department. We just got made...
Hanna
Heat (1995)
So I am sure all of these anti Trump/Giuliani posts are perfectly content with the job the Obama administration has done, what with the millions of accounts hacked at OPM and hundreds, if not thousands of cyber foreign cyber attacks on US companies and contractors???
Anyone who thinks that Giuliani, a very active public figure, is going to update the Giuliani web site himself is an idiot. He paid someone to put that site together, and if it gets hacked, so what, i'ts not like he is storing classified government documents on it like someone else we know did... Part of any good security is knowing what is worth protecting and what can be isolated and wiped and restored more economically than putting a lot of effort into protection.
This is the way it works in business and how it is supposed to work in government. Trump thinks hacking of US companies/government/contractors is way out of hand. Finds a smart guy (Giuliani) who understands geopolitics and security in general, as well as how to lead a team and get shit done. Hires Giuliani. Giuliani puts together a team of experts to work on guidelines for better protecting the US from hacking and what our response should be for foreign and domestic hacks, how to minimize damage, steps to take to block foreign access to sensitive data and prevent phishing etc. etc. Giuliani has to know very little about the actual implementation of any specific instance of cyber security, his job is by an large as a facilitator to bring the right people together and help cover the bases as the team works together.
If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
Am sure they already have some 'interesting' videos of the Donald in action.
Unfortunately not. The difference is whether they have more to gain in releasing what they collect, or threatening to release.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I figured it would have to be Joomla. I'm doing maintenance programming on a Joomla site right now, and it's just a complete mess. There is nothing good about any part of the framework and no one should use it for anything. There is no "right way" to do things, and the documentation is beyond awful: obsolete, incomplete, badly written. Beyond the official documentation, most books on Joomla either don't cover the latest major version, or mention it but focus on the legacy interfaces. One is forced to look at the code itself for examples of what to do, and apparently that means make it up as you go along, There is no consistency even in the unit tests, hell, even in which testing framework they're using. And (at least IMO) there is no consistent vision because the fundamental design is crap.
Use of Joomla for any purpose should be a firing offense.
Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
Wow . . . so this is just like that time Obama hired a tax cheat to be his first US Secretary of the Treasury!
Dear god, please don't let them release any video of Huma chewing Hillary. Stuff of nightmares.
Rudy Giuliani has no idea what FreeBSD even is. He probably thinks it's someone that wants what he calls a handout. On the part of FreeBSD being insecure, the article is just wrong. It has far fewer holes than Linux
It seems most of Trump's appointments have been for people who are the opposite of the best choice for the job.
Robert Graham explained it succinctly: http://blog.erratasec.com/2017... .
The real story here is that Giuliani is now a goddamn cybersecurity advisor, not that this personal site is crap. The guy was hired not because of competence but because he spent the entire campaign kissing Trump's ass.
"Thus historian Vincent J. Cannato concluded in September 2006, "With time, Giuliani's legacy will be based on more than just 9/11. He left a city immeasurably better off — safer, more prosperous, more confident — than the one he had inherited eight years earlier, even with the smoldering ruins of the World Trade Center at its heart. Debates about his accomplishments will continue, but the significance of his mayoralty is hard to deny."
You might be correct, in that Giuliani was not hired because of competence, but you are completely incorrect implying that Giuliani is wholly without competance.
And once again, I have to ask: is [what you said] this important? Is *why* someone is hired more important than their competence?
And once again again, I have to ask: compared to what? Is hiring Giuliani any worse than the practices of the previous administration or the runner-up candidate?
For contrast, note that Bush appointed a crony as head of FEMA who completely fell on his face during Katrina, and Obama appointed Caroline Kennedy as ambassador to Japan, who was completely outmastered in our recent Japanese treaty negotiations(*).
Is it useful *at all* to just throw throws random aspersions around?
(*) Resulting in a treaty which is beneficial to Japan, but a very bad deal for America. I have no opinion about Ms. Kennedy, good or bad, only note that she was unqualified for the position, was apparently appointed because of her ties to a famous family dynasty, and America was worse off because of it.
Better a proven executive who knows he needs to consult experts than a 'guru boss' who doesn't need no stink'n experts.
So Trump spouted off over and over that he would surround himself with the best people for the job. So far I've seen the absolute opposite. Not one single person Trump has put into position is even remotely qualified for that position.
Why is some old dumb fucker with no technical background or skills running a "security" company to begin with?
Why is some uneducated trained monkey butcher, er I mean neurosurgeon, going to be the head of HUD?
The problem for them would be that Trump probably doesn't care much if this leaked, so he can not be blackmailed this way as long as there are no minors involved. And I thought the democrats were so respectfull to u usual sexual orientations, and see them now crying about piss sex. UImagine the uproar if someone would suggest Trump was gay.
Considering how many Trump cabinet appointees are openly opposed to the missions - or even existence - of the departments he is aiming to appoint them to head, why would it be a surprise that a "cyber security advisor" is running an atrociously insecure site?
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Dear god, please don't let them release any video of Huma chewing Hillary. Stuff of nightmares.
You sound like you would love that video of Donald Trump, coked out of his skull, sitting naked in the middle of a bed in the Moscow Ritz Carlton Hotel's presidential suite getting peed on by a dozen Moscow street walkers. Just the visual you need to convince you to vote for him again in 2020.
Apparently he can't even do that.
Why would anyone engrave "Elbereth"?
He's not storing mountains of classified emails on his server.
Well, not anymore.
What makes you two think that that screaming gargoyle Rudy Giuliani even knows how to operate an e-mail client? They might as well assign Sarah Palin to oversee the quality inspection of nuclear weapons production.
How else can you expect to push tougher cybersecurity laws if you can't get compromised at the highest levels?
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Exactly. He can't possibly be any worse than OPM, who while working for Obama, handed all of my sensitive information over to the Chinese.
Every family member's names. Maiden names. Every school I went to. Fingerprints. Medical history. And every detail of my personal life that could possibly be used against me. All handed over to the Chinese. This isn't just the answers to every possible secret question used by every financial site. It is also information that if used against you, and can really leave you in a compromising situation. Not only me, but for some 18 million people who spend their professional lives protecting classified information, and are required to remain anonymous.
Despite all this, ask any of those people where they'd be if they got caught keeping top-secret information on an unsecured server in their bathroom.
In contrast, I'll gladly put up with Rudy's choice for outsourcing a site where there's nothing worth hacking. This post is another lame attempt by the special snowflake BeauHD, who is still upset that his queen lost what she thinks she was entitled to.
It's almost like Trump wants the dumbest and most awful people he can find to run the country. It falls apart and we are all stuck yelling "Wolverines!"
The First Trophy Wife will surely defend his sexual proclivities.
but we're not talking about Obama, we're talking about Giuliani and Trump. You know, the shmucks your kind just elected.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Of your points, this is one that I wanted to address because this sort of protectionism is something which really resonates with people who don't think too hard about it. It seems so simple: "Protect American jobs! The only cost is screwing some foreigners! Why haven't we been doing this all along? Our government must be corrupt or stupid or something." It's a topic which demagogues can latch onto, but the only people who protectionism really benefits are the people in control of the industry in question. Even to the peons in that industry the benefit from protectionism is questionable.
Finally, a cogent argument and the start of a discussion.
You say that protectionism seems good on the surface, but ultimately hurts the country.
Firstly, I think you're drawing a black-white distinction between protectionism and globalism, as if there are no middle ground positions or other policies. We could easily be protectionist in one industry and globalist in another, or "slightly" protectionist (through tariffs, for instance), or isolationist (like North Korea) in some circumstances(*).
Secondly, you're repeating an economist meme without citing references or analysis or even rationale, and making your point by making an emotional appeal.
I claim that the economist meme "globalism is better for a country" is false, in the mathematical sense.
I'm familiar with the globalism rationale as set forth by economists, and I agree that the mathematics show that globalism is better, but the analysis is based on a model that makes many assumptions. Even though the mathematics pans out, when the assumptions don't match the model you can't rely on the conclusions.
It's like Nate Silver predicting Hillary would win the election. It was based on sound statistical models with no calculation errors, but the assumptions were faulty.
In the specific case of globalism, the model assumes an economic and citizen equality between the two nations. Specifically, if both nations allow citizens to acquire and keep wealth, the model works as planned. When this is not true, all the wealth flows out of the wealth-building nation and into the poor nation, where it is squandered and lost.
To be even more specific, someone from Poland or Greece could emigrate to the UK and take a high-paying job (lab tech, dentist, programmer, or similar), but a Brit cannot expect to emigrate to Poland or Greece and do the same. Poland and Greece are rife with corruption, which makes it almost impossible to build wealth. For contrast, a Brit and a Norwegian could realistically swap places, in the economic sense.
Someone in China could do the same manufacturing jobs as Americans, but after a lifetime of work would have almost nothing to show: No paid-off house, or car, or retirement funds. Most of the wealth in China goes to the government, which spends it on infrastructure, much of which is unwisely spent.
Furthermore, a Chinese can emigrate to the US and take a job or start a company, but it's impossible for an American to go to China to do this, even if you live there and are married to a local. The difference in model completely reverses the effects of globalism on the US: It puts the US is in decline, while China experiences impressive growth.
And finally, the idea of "good for the country" in the minds of economists is based on the wealth of the corporations. The welfare of the citizenry is an afterthought in these models, as unemployment rate, and that only because of its effect on the corporations.
For these reasons, globalism is a terrible idea even though it's repeated by economists a lot, and even though their mathematics and analysis is correct.
That is my rationale, and the logical underpinnings of why that economic meme is wrong.
If you have a counter argument, I'd like to hear it... but just restating your position or saying "most economists agree" isn't a proper argument, and making an emotional appeal (which you've already done) i
Call me if he starts trying to run an email server to pass classified infomartion to skirt federal record keeping rules on that same box, THEN you might have a story.
You mean if he inappropriately revealed classified information, like worthless piece of shit Trump's national security advisor Michael Flynn?
There's no better security than that!
So, Bush and Obama were both shitty Presidents. I think that has been firmly established. Should we just give worthless piece of shit Trump a pass since the other Presidents were shitty, too?
Hillary put one of her big donors on a government intelligence advisory board, even though he had no relevant experience.
Yes, we can give Trump a pass on appointing Giuliani.
And also, why are you insulting our president?
Hillary lost.
Get over it.
Trophy wife, you say ...
It little behooves the best of us to comment on the rest of us.
I cant seem to visit the site. Either its been hacked or overloaded?
Does someone who heads a cyber-security company have to actually be an admin w/ a good cyber-security certification? That's like demanding that Gates be a whiz at C++ programming and win APIs, or that Jobs should have been a whiz at Objective-C or AppBuilder. Rudy has a security company of his own, and he's recently added cyber-security as an area of focus in their mission. Question is - how much has he outsourced to the company hosting his site vs having his in-house admins managing it?
The server is FreeBSD based, which is not a bad choice. Question is - how essential is it that the FreeBSD version be made current? And how easy is it if they are running FreeBSD - the CLI version, as opposed to PC-BSD? Would it had been better had they based it on OpenBSD? From the summary above, it looks like the organization has let the data center manage that configuration, but if they took that expertise in-house, to what extent could they get rid of the holes in question?
I wouldn't touch that server you know it's protected by the Russian Mob. They are friends via Trump.
"Make America Great Again!" Hackers need love too! As much as oil execs, business execs, people that abuse the environment, anyone that holds loans to Trumps' companies that he will NEVER talk about to his kids while in office *sic* believe him! BELIIIIIIIIIEVE HIM!
Indeed, an LDAP directory answers there, but it has little to say:
$ ldapsearch -xLLLh 209.238.99.227 -s base -b '' +
(nothing!)
You would think that the first thing you would do after accepting the job as cyber security poster child would be to run out and make sure your shit was secure. Being a political appointee I would not expect Rudy J to do it himself, but at least hire someone competent to do a review for you.
errr....umm...*whooosh* *whoosh* Is this thing on ?
I would put a nice honeypot out as a front end and wait to see what beasts came to visit. Even better I might then 'leak' to the media how vulnerable it was just to make sure. Then again they could just be fucking idiots.
He's not storing mountains of classified emails on his server.
- yet
Well, Once one "rape victim" comes out to be a total farce.. its kindof hard to believe anything else of said nature. and also anything that people who claimed the rape was true say. Maybe one day the liberal "dont hurt my feelings while i piss on yours" community will realize how fucking stupid and truly hated their kind is in this country.
Maybe one day the liberal "dont hurt my feelings while i piss on yours" community will realize how fucking stupid and truly hated their kind is in this country.
Yes, this. Think about it, over 50% of American states dislike liberals so much that when presented with the false choice of Hillary to Trump, they chose Trump anyway...
while (sig==sig) sig=!sig;
Trump: What's the difference between a chickpea and a garbanzo bean?
Me: IDK, what's the difference between a chickpea and a garbanzo bean?
Trump: I never paid money to have a garbanzo bean on my face.
https://www.youtube.com/watch?... 9/11 Suspects: Rudy Giuliani [corbettreport]
Democrats: "What an idiot!" Republicans: "What a genious, a honeypot!" Me: "WTF?"
"Trump!!", the new Godwin.
He's too ignorant to even ask his contractor to make it secure, but is a cybersecurity advisor? He probably knows nothing on the topic. That's the issue,
Learn to love Alaska
Giuliani is the obvious choice for cybersecurity - we all know that fundamentally, computers operate on a series of 9s and 11s.
Perfectly Normal Industries
LOL
I am eagerly awaiting you to release the contents of your tax returns. The president is not required in any way to release their tax returns, and you only want to see them so you can feel smug, so why should he release it?
When will Hillary submit to the FOIA and records acts by actually turning over the emails she sent and received as is required of government employees at the level of the Sec of State? Why aren't you crowing about how she hasn't done something yet that is actually legally required of her? Why do you care so much about a tax return that doesn't even matter, and isn't required to be released legally?
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
https://www.fbi.gov/news/press...
From the group of 30,000 e-mails returned to the State Department, 110 e-mails in 52 e-mail chains have been determined by the owning agency to contain classified information at the time they were sent or received. Eight of those chains contained information that was Top Secret at the time they were sent; 36 chains contained Secret information at the time; and eight contained Confidential information, which is the lowest level of classification. Separate from those, about 2,000 additional e-mails were “up-classified” to make them Confidential; the information in those had not been classified at the time the e-mails were sent.
2? Are you calling James Comey and the FBI, and all the government agencies involved liars?
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Why would we put Tina Fey in charge of Russia's nuclear inspections?
http://www.snopes.com/politics...
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
You are the exact people I was talking about. Can you bring true proof to any of what you claim trump is? Highly doubt it