Security shambles: Website of Trump’s cybersecurity advisor is as vulnerable as they come
Famously suspicious of “the cyber”, president-elect Trump has installed former New York mayor Rudy Giuliani as his cybersecurity advisor, only for embarrassing details to emerge of Giuliani’s own website’s rampantly inadequate security.
An ostensibly viable choice for the role, Giuliani is the CEO of his own private-sector cybersecurity firm Giuliani Partners, with Trump citing his 16 years of industry experience. Combine this with his spells in political office and Giuliani looked like a commendable candidate.
This was until online users flocked to www.giulianisecurity.com to discover gaping holes in its security system. It’s reminiscent of that scene in The Social Network when Jesse Eisenberg asks Andrew Garfield: “You’re gonna blame me because you were the business head of the company and you made a bad business deal with your own company?” Giuliani – head of a sizeable cybersecurity firm – neglected to secure his own website. For a man brought in to “help the government plan to make us more secure”, such an entry-level gaffe doesn’t bode well.
Indeed, the irony of this faux pas has not gone amiss on commentators, many of whom are regaling readers with details of the website’s laughable credentials: it runs an old version of Joomla (a free, open-source content-management system), sports an outdated version of the script language PHP, and fails to follow an array of basic security practices.
Defendants came to Giuliani’s aid, arguing that the former New York mayor won’t have built the site himself, instead commissioning a generic web designer to create a web page containing basic content. In a blog post, Robert Graham of Errata Security aired his take on the situation: “All this tells us is that Verio/NTT.net is a crappy hosting provider, not that Giuliani has done anything wrong.”
Nonetheless, you’d hope that the man at the helm of US cybersecurity would deign to safeguard his own website. Particularly since during a conference call on Thursday, Giuliani took a stance of mass-accountability: “Our [cyber] offence is way ahead of our defence […] We’ve let our defence fall behind.” Speak for yourself…