Submitted via IRC for Bytram
US president-elect Donald Trump's freshly minted cyber-tsar Rudy Giuliani runs a website with a content management system years out of date and potentially utterly hackable.
Former New York City mayor and Donald loyalist Giuliani was [...] unveiled by Trump's transition team as the future president's cybersecurity adviser – meaning Giuliani will play a crucial role in the defense of America's computer infrastructure.
Giulianisecurity.com, the website for the ex-mayor's eponymous infosec consultancy firm, is powered by a roughly five-year-old build of Joomla! that is packed with vulnerabilities. Some of those bugs can be potentially exploited by miscreants using basic SQL injection techniques to compromise the server.
This seemingly insecure system also has a surprising number of network ports open – from MySQL and anonymous LDAP to a very out-of-date OpenSSH 4.7 that was released in 2007.
[Editor's note: The website in question appears to have been taken down after this story went public.]
Source: The Register
(Score: 4, Interesting) by Whoever on Saturday January 14 2017, @04:16PM
You can access the website here: http://209.238.99.227/index.php/us/ [209.238.99.227]
(Score: 2) by Nerdfest on Saturday January 14 2017, @04:59PM
Yeah, it looks like they took down the main page. It's all cringe-worthy amateur stuff.
(Score: 2) by Whoever on Saturday January 14 2017, @05:34PM
bradley13 is right [soylentnews.org]. The "cybersecurity business" is merely cover for influence peddling.
(Score: 1) by RS3 on Saturday January 14 2017, @05:40PM
More info: http://toolbar.netcraft.com/site_report?url=http://209.238.99.227/index.php/us [netcraft.com]
(Score: 2) by Bot on Saturday January 14 2017, @07:39PM
no virtual hosting then, so I guess it's a server/vps and it has been probably already pwned by automated attacks and sending spam.
Account abandoned.