How bad is cyber-security czar Giuliani at cyber-security? His company website is a mess
Tim Johnson, The Hill, Jan 15 2017
Trump tapped Rudy Giuliani as his “go to” guy this week on cyber-security, but it turns out that Giuliani’s New York firm could use a little better security of its own. The website for the former New York mayor’s firm, Giuliani Security, is riddled with vulnerabilities, and numerous tech experts cackled over the irony on social media. “You wouldn’t need to be uber-skilled to hack it,” Aaron Hill, a web developer at Cornell University in Ithaca, New York, who was among those bantering about the website’s shortcomings on Twitter, said in a telephone interview. And by afternoon, that may have been the case. The site was periodically unavailable much of the day.
Paul Gilzow, a programmer and security analyst from Columbia, Missouri, tweeted:
A 7-year-old could take that site down.
The Trump transition office announced Thursday morning that Giuliani had been tapped to “lend expertise to cyber-security efforts.” The announcement didn’t offer many details about how Giuliani would fulfill his role, noting simply that hacks are rampant. The statement said:
Cyber-intrusion is the fastest growing crime in Pindostan and much of the world.
The announcement prompted a few programmers to conduct their own free website analysis of giulianipartners.com. Their verdict? Pathetic. Sad. Indeed, some may have tried their hand at a little mischief. “Service temporarily unavailable,” flashed the screen when one visitor sought to browse there in the afternoon. (/It’s fucked now – RB. Jeremiah Grossman, whose profile said he is chief of security strategy for SentinelOne, a cyber-security company, tweeted:
Others came to Giuliani’s defense. Rob Graham, a Georgia-based security analyst, tweeted:
No one returned a query left on an answering machine at the New York firm’s office. While Giuliani could not be reached, he did speak Thursday on CNN about how he would lead a council of business executives from various industries that have suffered cyber-attacks. He said:
This is like cancer. Everybody is studying it. Everybody has solutions. But nobody really talks to each other. Maybe we’ve cured it and don’t know.
In a conference call with reporters later, Giuliani said:
We’ve let our defense fall behind.
If Giuliani has shortcomings on internet security, Trump suggested on New Year’s Eve that “no computer is safe” and that it is better to send sensitive information by courier. Back in September, Trump brought up his son Barron as the computer-savvy one in the family, saying:
I have a son. He’s 10 years old. He has computers. He is so good with these computers, it’s unbelievable. The security aspect of cyber is very, very tough, and maybe it’s hardly doable, but I will say we are not doing the job we should be doing.
To help Giuliani out, a Kansas man, Michael Fienen, began tweeting about the vulnerabilities on his consultancy’s website, and within hours experts had identified more than a dozen problems that security experts consider egregious. Among them:
- The 4-year-old version of the open-source platform on which the website was built, Joomla!, has more than ten known vulnerabilities to hackers.
- The site uses Adobe Flash, which has become so flawed that even Adobe no longer recommends its use.
- The site uses an outdated script language and allows outsiders to access a log-in page for the content management system and the server’s remote log-in system, making the site far less secure.
Those were only a few of the reasons that security analysts gave the site a failing grade. Fienen later tweeted:
Oh yeah, I totally trust this guy to put together a top notch (team) to protect us from hackers.
Another twitter user, @swiftonsecurity, saw an upside for the cybersecurity business, tweeting:
Giuliani cyber-security might be like the tow company who offers to charge for an oil change since you already have ur checkbook out.