US President-elect Donald Trump’s cyber security czar Rudy Giuliani has been ridiculed by cyber experts for running a website on a publishing platform that is years out of date and potentially vulnerable to hackers.
The former New York City mayor was on Friday unveiled by Trump’s transition team as the President-elect’s cybersecurity adviser – meaning Giuliani will play a crucial role in building, strengthening and defending America’s cyber infrastructure.
Giulianisecurity.com, the website for the infosec consultancy firm owned by the former mayor, is powered by a roughly five-year-old build of Joomla!, a publishing platform packed with vulnerabilities. Some of these bugs can be potentially exploited by miscreants using basic SQL vulnerability to compromise the server.
An SQL vulnerability is a security flaw in a database. A hacker inserts malicious content into the database using forms on the website, accessing the website code, or via email. This malicious content compromises the security of the database and gives the hacker unfettered access. An example of such an attack was the Sony hack of 2011, when 1 million accounts and passwords were released online.
Security experts and white hat hackers took to Twitter to ridicule Trump’s cyber guru.
Dan Tentler founder of ethical hacking firm Phobos Group, was the first to point out the severely out-of-date Joomla! version while calling out Giuliani as a ‘cyber grandpa’.
In the almost four years since the Joomla! version used by Giuliani’s site was released, more than a dozen vulnerabilities have been documented in the site’s publishing platform.
“It speaks volumes,” Tentler told tech news site The Register, “Seventy-year-old luddite autocrats who often brag about not using technology are somehow put in charge of technology: it’s like setting our country on fire and giving every extranational hacker a roman candle – or, rather, not setting on fire, but dousing in gasoline.”
Content management system developer Michael Fienen also pulled no punches in pointing out all the security loopholes on Giuliani’s website.
Most alarmingly, the site uses Adobe Flash – an online tool so flawed that Google Chrome has started blocking it by default.
“Our [cyber] offence is way ahead of our defence,” Giuliani told reporters during a conference call on Thursday. “We’ve let our defence fall behind.”
He might have to start with improving the ‘defence’ on his own website.