Published in News

New US cyber-guru runs ancient 'easily hackable website'

by on16 January 2017


Giuliani is clearly the right bloke for the job


New US cyber-tsar Rudy Giuliani runs a website with a content management system which is so out of date it runs on coal and was designed by Isambard Kingdom Brunel and easy as Sunday morning to hack.

After the election, Donald (Prince of Orange) Trump pondered what job he was going to give the former New York City mayor and Donald loyalist Giuliani and decided that the role of defending America's computer infrastructure would be just the ticket. After all, didn’t he run an info-security consultancy?

However Giuliani Partners and its subsidiary Giuliani Security and Safety do nominally advise clients on cybersecurity, but people who have worked with his firm say the advice is focused more on liability mitigation for companies rather than implementing best security practices. In other words they will help prevent your company CEO from being fired, or your company being sued if you were hacked. The server is probably up to you.

Security experts had a look at the company website Giulianisecurity.com and were a little shocked to see that it was powered by a five-year-old build of Joomla! that is packed with vulnerabilities.

A hacker could exploit some of those bugs which can be potentially exploited by miscreants using basic SQL injection techniques and take down the server. But to make matters worse, the system had a huge number of network ports open – from MySQL and anonymous LDAP to a very out-of-date OpenSSH 4.7 that was released in 2007. It also runs a rather elderly version of FreeBSD.

Apparently the only reason that it has not been hacked is that there is nothing there worth nicking.

Last modified on 16 January 2017
Rate this item
(0 votes)