Slashdot Mirror
Trump's Cyber Security Advisor Rudy Giuliani Runs Ancient, Utterly Hackable Website (theregister.co.uk)
mask.of.sanity writes from a report via The Register: U.S. president-elect Donald Trump's freshly minted cyber tsar Rudy Giuliani runs a website so insecure that its content management system is five years out of date, unpatched and is utterly hackable. Giulianisecurity.com, the website for Giuliani's eponymous infosec consultancy firm, runs Joomla! version 3.0, released in 2012, and since found to carry 15 separate vulnerabilities. More bugs and poor secure controls abound. The Register report adds: "Some of those bugs can be potentially exploited by miscreants using basic SQL injection techniques to compromise the server. This seemingly insecure system also has a surprising number of network ports open -- from MySQL and anonymous LDAP to a very out-of-date OpenSSH 4.7 that was released in 2007. It also runs a rather old version of FreeBSD. 'You can probably break into Giuliani's server,' said Robert Graham of Errata Security. 'I know this because other FreeBSD servers in the same data center have already been broken into, tagged by hackers, or are now serving viruses. 'But that doesn't matter. There's nothing on Giuliani's server worth hacking.'"
Robert Graham explained it succinctly: http://blog.erratasec.com/2017... .
The real story here is that Giuliani is now a goddamn cybersecurity advisor, not that this personal site is crap. The guy was hired not because of competence but because he spent the entire campaign kissing Trump's ass.
there's nothing else to talk about. /THREAD
Actually the website is apparently ran by a company called datarocket, which has an amazing website designed from the early 90s. (https://whois.icann.org/en/lookup?name=giulianisecurity.com & datarocket.com). I doubt Rudy even know what a webserver really is, let alone how to configure it.
/s
So he will be a great fit as a Cyber Security Advisor.
"So we had to get very, very tough on cyber and cyber warfare. It is a huge problem. I have a son—he’s 10 years old. He has computers. He is so good with these computers. It’s unbelievable. The security aspect of cyber is very, very tough. And maybe, it's hardly doable. But I will say, we are not doing the job we should be doing. But that’s true throughout our whole governmental society. We have so many things that we have to do better, Lester. And certainly cyber is one of them."
I don't respond to AC's.
"giulianisecurity.com’s DNS address could not be found."
Rick B.
Giuliani has been hired to endorse and push laws that further Trump's administration's ability to invade the privacy of those they dislike, and to prosecute those who dare to use technology or the internet to speak out against them.
Require Muslim citizens to register their devices before being allowed to sign up for broadband? Sounds like cybersecurity to me! Emailing someone an article disparaging Trump? Sounds like CYBERTERRORISM right Rudy?
The DNS entry has been removed, but the server continues to run:
http://209.238.99.227/index.ph...
So I am sure all of these anti Trump/Giuliani posts are perfectly content with the job the Obama administration has done, what with the millions of accounts hacked at OPM and hundreds, if not thousands of cyber foreign cyber attacks on US companies and contractors???
Anyone who thinks that Giuliani, a very active public figure, is going to update the Giuliani web site himself is an idiot. He paid someone to put that site together, and if it gets hacked, so what, i'ts not like he is storing classified government documents on it like someone else we know did... Part of any good security is knowing what is worth protecting and what can be isolated and wiped and restored more economically than putting a lot of effort into protection.
This is the way it works in business and how it is supposed to work in government. Trump thinks hacking of US companies/government/contractors is way out of hand. Finds a smart guy (Giuliani) who understands geopolitics and security in general, as well as how to lead a team and get shit done. Hires Giuliani. Giuliani puts together a team of experts to work on guidelines for better protecting the US from hacking and what our response should be for foreign and domestic hacks, how to minimize damage, steps to take to block foreign access to sensitive data and prevent phishing etc. etc. Giuliani has to know very little about the actual implementation of any specific instance of cyber security, his job is by an large as a facilitator to bring the right people together and help cover the bases as the team works together.
If you disagree, please post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like
Unfortunately not. The difference is whether they have more to gain in releasing what they collect, or threatening to release.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I figured it would have to be Joomla. I'm doing maintenance programming on a Joomla site right now, and it's just a complete mess. There is nothing good about any part of the framework and no one should use it for anything. There is no "right way" to do things, and the documentation is beyond awful: obsolete, incomplete, badly written. Beyond the official documentation, most books on Joomla either don't cover the latest major version, or mention it but focus on the legacy interfaces. One is forced to look at the code itself for examples of what to do, and apparently that means make it up as you go along, There is no consistency even in the unit tests, hell, even in which testing framework they're using. And (at least IMO) there is no consistent vision because the fundamental design is crap.
Use of Joomla for any purpose should be a firing offense.
Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
Robert Graham explained it succinctly: http://blog.erratasec.com/2017... .
The real story here is that Giuliani is now a goddamn cybersecurity advisor, not that this personal site is crap. The guy was hired not because of competence but because he spent the entire campaign kissing Trump's ass.
"Thus historian Vincent J. Cannato concluded in September 2006, "With time, Giuliani's legacy will be based on more than just 9/11. He left a city immeasurably better off — safer, more prosperous, more confident — than the one he had inherited eight years earlier, even with the smoldering ruins of the World Trade Center at its heart. Debates about his accomplishments will continue, but the significance of his mayoralty is hard to deny."
You might be correct, in that Giuliani was not hired because of competence, but you are completely incorrect implying that Giuliani is wholly without competance.
And once again, I have to ask: is [what you said] this important? Is *why* someone is hired more important than their competence?
And once again again, I have to ask: compared to what? Is hiring Giuliani any worse than the practices of the previous administration or the runner-up candidate?
For contrast, note that Bush appointed a crony as head of FEMA who completely fell on his face during Katrina, and Obama appointed Caroline Kennedy as ambassador to Japan, who was completely outmastered in our recent Japanese treaty negotiations(*).
Is it useful *at all* to just throw throws random aspersions around?
(*) Resulting in a treaty which is beneficial to Japan, but a very bad deal for America. I have no opinion about Ms. Kennedy, good or bad, only note that she was unqualified for the position, was apparently appointed because of her ties to a famous family dynasty, and America was worse off because of it.
Better a proven executive who knows he needs to consult experts than a 'guru boss' who doesn't need no stink'n experts.
Considering how many Trump cabinet appointees are openly opposed to the missions - or even existence - of the departments he is aiming to appoint them to head, why would it be a surprise that a "cyber security advisor" is running an atrociously insecure site?
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
He's not storing mountains of classified emails on his server.
Well, not anymore.
What makes you two think that that screaming gargoyle Rudy Giuliani even knows how to operate an e-mail client? They might as well assign Sarah Palin to oversee the quality inspection of nuclear weapons production.
How else can you expect to push tougher cybersecurity laws if you can't get compromised at the highest levels?
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Exactly. He can't possibly be any worse than OPM, who while working for Obama, handed all of my sensitive information over to the Chinese.
Every family member's names. Maiden names. Every school I went to. Fingerprints. Medical history. And every detail of my personal life that could possibly be used against me. All handed over to the Chinese. This isn't just the answers to every possible secret question used by every financial site. It is also information that if used against you, and can really leave you in a compromising situation. Not only me, but for some 18 million people who spend their professional lives protecting classified information, and are required to remain anonymous.
Despite all this, ask any of those people where they'd be if they got caught keeping top-secret information on an unsecured server in their bathroom.
In contrast, I'll gladly put up with Rudy's choice for outsourcing a site where there's nothing worth hacking. This post is another lame attempt by the special snowflake BeauHD, who is still upset that his queen lost what she thinks she was entitled to.
Of your points, this is one that I wanted to address because this sort of protectionism is something which really resonates with people who don't think too hard about it. It seems so simple: "Protect American jobs! The only cost is screwing some foreigners! Why haven't we been doing this all along? Our government must be corrupt or stupid or something." It's a topic which demagogues can latch onto, but the only people who protectionism really benefits are the people in control of the industry in question. Even to the peons in that industry the benefit from protectionism is questionable.
Finally, a cogent argument and the start of a discussion.
You say that protectionism seems good on the surface, but ultimately hurts the country.
Firstly, I think you're drawing a black-white distinction between protectionism and globalism, as if there are no middle ground positions or other policies. We could easily be protectionist in one industry and globalist in another, or "slightly" protectionist (through tariffs, for instance), or isolationist (like North Korea) in some circumstances(*).
Secondly, you're repeating an economist meme without citing references or analysis or even rationale, and making your point by making an emotional appeal.
I claim that the economist meme "globalism is better for a country" is false, in the mathematical sense.
I'm familiar with the globalism rationale as set forth by economists, and I agree that the mathematics show that globalism is better, but the analysis is based on a model that makes many assumptions. Even though the mathematics pans out, when the assumptions don't match the model you can't rely on the conclusions.
It's like Nate Silver predicting Hillary would win the election. It was based on sound statistical models with no calculation errors, but the assumptions were faulty.
In the specific case of globalism, the model assumes an economic and citizen equality between the two nations. Specifically, if both nations allow citizens to acquire and keep wealth, the model works as planned. When this is not true, all the wealth flows out of the wealth-building nation and into the poor nation, where it is squandered and lost.
To be even more specific, someone from Poland or Greece could emigrate to the UK and take a high-paying job (lab tech, dentist, programmer, or similar), but a Brit cannot expect to emigrate to Poland or Greece and do the same. Poland and Greece are rife with corruption, which makes it almost impossible to build wealth. For contrast, a Brit and a Norwegian could realistically swap places, in the economic sense.
Someone in China could do the same manufacturing jobs as Americans, but after a lifetime of work would have almost nothing to show: No paid-off house, or car, or retirement funds. Most of the wealth in China goes to the government, which spends it on infrastructure, much of which is unwisely spent.
Furthermore, a Chinese can emigrate to the US and take a job or start a company, but it's impossible for an American to go to China to do this, even if you live there and are married to a local. The difference in model completely reverses the effects of globalism on the US: It puts the US is in decline, while China experiences impressive growth.
And finally, the idea of "good for the country" in the minds of economists is based on the wealth of the corporations. The welfare of the citizenry is an afterthought in these models, as unemployment rate, and that only because of its effect on the corporations.
For these reasons, globalism is a terrible idea even though it's repeated by economists a lot, and even though their mathematics and analysis is correct.
That is my rationale, and the logical underpinnings of why that economic meme is wrong.
If you have a counter argument, I'd like to hear it... but just restating your position or saying "most economists agree" isn't a proper argument, and making an emotional appeal (which you've already done) i
There's no better security than that!
That is not a good thing.
Neither is this current situation.
It seems to have been the thing to do for the last eight years and more. Birther stuff and all that. Going AWOL and all that. Why suddenly expect people to adhere to standards that the current President elect did not adhere to?
Well, Once one "rape victim" comes out to be a total farce.. its kindof hard to believe anything else of said nature. and also anything that people who claimed the rape was true say. Maybe one day the liberal "dont hurt my feelings while i piss on yours" community will realize how fucking stupid and truly hated their kind is in this country.