Rudy Giuliani, the former New York mayor who is now appointed by President-elect Donald Trump as his special advisor on cybersecurity is facing a potentially embarrassing faux pas.
Security experts have, within hours of Rudy Giuliani’s appointment as the next President’s special advisor on cybersecurity, pointed to significant insecurities in the website of Giuliani’s own security firm, Giuliani Partners.
The website was found to be running without a firewall, multiple open ports and an old copy of the Joomla open-source CMS (content management system) on a copy of FreeBSD released in 2008. It also uses an end-of-life version of PHP, security sleuths quickly determined.
The glaring security deficiencies don’t stop there. The website’s SSL certificate has expired and a huge red flag – the website runs the staggeringly vulnerable Adobe Flash.
Since 2002, the former NY mayor’s company, Giuliani Partners, has offered security consulting under the banner Giuliani Security & Safety, a subsidiary.
A senior developer at cybersecurity firm Aquent discovered and summed up the vulnerabilities as follows:
To recap on Rudy Giuliani leading the nation’s cybersecurity efforts, here are the Cliff Notes on Giuliani Security:
– Expired SSL
– Doesn’t force https
– Exposed CMS login
– Uses Flash
– Using EOL’d PHP version (5.4.x)
– SSL Lab grade of F
– Using Joomla 3.1.1 (released in April, 2013 – current is 3.6.5)
– SSH exposed to public access
– FreeBSD 6 (released in 2008)
– Open ports, so many open ports…
An industry executive with previous experience with Giuliani’s company has pointed to the company’s security focus from a legal perspective, rather than a technical one.
Speaking anonymously to Motherboard, the cybersecurity executive from New York stated:
If you hired them on a cyber engagement, they are going to tell you what your legal obligations are and how to manage the legal risk related to cyber. Basically, not to prevent a Target [breach], but how to prevent a Target CEO being fired.
BlackBerry is a notable example of a company that has seen security consulting from Giuliani.
Image credit: Pexels.
