Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Saturday January 14 2017, @11:15AM   Printer-friendly
from the new-wordpress-site-will-be-up-tomorrow dept.

Submitted via IRC for Bytram

US president-elect Donald Trump's freshly minted cyber-tsar Rudy Giuliani runs a website with a content management system years out of date and potentially utterly hackable.

Former New York City mayor and Donald loyalist Giuliani was [...] unveiled by Trump's transition team as the future president's cybersecurity adviser – meaning Giuliani will play a crucial role in the defense of America's computer infrastructure.

Giulianisecurity.com, the website for the ex-mayor's eponymous infosec consultancy firm, is powered by a roughly five-year-old build of Joomla! that is packed with vulnerabilities. Some of those bugs can be potentially exploited by miscreants using basic SQL injection techniques to compromise the server.

This seemingly insecure system also has a surprising number of network ports open – from MySQL and anonymous LDAP to a very out-of-date OpenSSH 4.7 that was released in 2007.

[Editor's note: The website in question appears to have been taken down after this story went public.]

Source: The Register


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Interesting) by Whoever on Saturday January 14 2017, @04:16PM

    by Whoever (4524) on Saturday January 14 2017, @04:16PM (#453809) Journal

    You can access the website here: http://209.238.99.227/index.php/us/ [209.238.99.227]

    Starting Score:    1  point
    Moderation   +2  
       Interesting=1, Informative=1, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 2) by Nerdfest on Saturday January 14 2017, @04:59PM

    by Nerdfest (80) on Saturday January 14 2017, @04:59PM (#453832)

    Yeah, it looks like they took down the main page. It's all cringe-worthy amateur stuff.

    • (Score: 2) by Whoever on Saturday January 14 2017, @05:34PM

      by Whoever (4524) on Saturday January 14 2017, @05:34PM (#453846) Journal

      Yeah, it looks like they took down the main page. It's all cringe-worthy amateur stuff.

      bradley13 is right [soylentnews.org]. The "cybersecurity business" is merely cover for influence peddling.

  • (Score: 1) by RS3 on Saturday January 14 2017, @05:40PM

    by RS3 (6367) on Saturday January 14 2017, @05:40PM (#453847)
  • (Score: 2) by Bot on Saturday January 14 2017, @07:39PM

    by Bot (3902) on Saturday January 14 2017, @07:39PM (#453882) Journal

    no virtual hosting then, so I guess it's a server/vps and it has been probably already pwned by automated attacks and sending spam.

    --
    Account abandoned.