back to article Trump's cyber-guru Giuliani runs ancient 'easily hackable website'

US president-elect Donald Trump's freshly minted cyber-tsar Rudy Giuliani runs a website with a content management system years out of date and potentially utterly hackable. Former New York City mayor and Donald loyalist Giuliani was today unveiled by Trump's transition team as the future president's cybersecurity adviser – …

  1. Palpy
    Joke

    Oh Guiliani Shmuliani! Trump --

    -- "knows a lot about hacking". He said so himself. And he uses Twitter with his phone, so that makes him a computer security expert in his own right. Most likely he'll use his immense skills to bring Guccifer to his gnees, and expunge Fancy Bear from existence.

    So Guiliani is just window-dressing. Ugly window-dressing, but still.

    1. LDS Silver badge
      Joke

      IMHO is already a sucess...

      ... Trump didn't put his youngest son as the cyber guru - yah know, young boys knows a lot of computers...

      1. Anonymous Coward
        Thumb Up

        Re: IMHO is already a sucess...

        And this is still better security than Hillary and the DNC had.

        You don't have to outrun the bear, you just have to outrun somebody.

        1. DougS Silver badge

          Re: IMHO is already a sucess...

          There's no evidence Hillary's email server was ever hacked, and didn't most or all of the DNC emails come courtesy of social engineering attacks used to get the passwords of people like Leon Podesta? They could have had the most secure server in the world, but if someone gives up their password or uses the same password there as they do elsewhere that gets hacked, all that security means nothing.

          Yes, hacks like the OPS database are serious and we need to tighten up our "cyber" security. But Guliani's server's security issues have nothing to do with most of the "hacks" that have been in the news the last few years. They had nothing to do with the state department cables, that was an insider. They had nothing to do with Snowden's NSA grab, that was an insider. They had nothing to do with Guccifer, he used social engineering. They had nothing to do with iCloud "celebgate", that was social engineering.

          You can tighten up the security of computer systems, you can make things more difficult for insiders to reduce the ability for an insider to download 'everything' and make a huge data dump. But you can't stop an insider from getting some stuff out, and you can't teach people to not fall victim to social engineering attacks. If you could, there would be no spam.

          State sponsored actors have access to a lot of exploits, but if you could patch them all it would hardly even slow them down. They'd just resort to social engineering, malware, and so forth to get in if they could no longer exploit weaknesses from the outside over the internet.

          1. johnpi

            Re: IMHO is already a sucess...

            Just for the record...

            "There's no evidence Hillary's email server was ever hacked"

            http://foreignpolicy.com/2016/09/02/fbi-an-account-on-clintons-private-email-server-was-hacked/

        2. Sandtitz Silver badge
          FAIL

          Re: IMHO is already a sucess... @troland

          "And this is still better security than Hillary and the DNC had"

          No, you're just wrong or trolling.

          Giuliani Security & Safety is supposedly a "full service security consulting firm". AFAIK neither Hillary nor DNC provide such services.

          giulianisecurity.com (which doesn't even resolve as of now!) got an F from the SSL test whereas Hillary gets an A+ and DNC gets an A with the same test.

          I'm not going to port scan either site nor check the underlying server side software for defects.

          1. Anonymous Coward
            Trollface

            Re: IMHO is already a sucess... @troland

            > No, you're just wrong or trolling.

            Obviously, and I'm not wrong.

            tl;dr it sounds like a "gotta have a website" website. Of course the software isn't super-secure. If they have any opsec sense they assume that, and don't try to hide anything embarrassing there. So unless these politicians are as dumb and corrupt* as the losers, there's nothing to see here.

            * I hope not, but they are politicians...

  2. jaduncan

    The real issue

    Someone with that little clue is very easy to manipulate, and the FBI/CIA/NSA have a very definite list of what they want. He's already authoritarian, so I doubt this is going to go well with regard to civil and digital liberties.

    1. veti Silver badge

      Re: The real issue

      I fear you've put your finger on Rudy's real qualifications: loyalty to the Dear Leader, and an authoritarian streak as wide as the Hudson. He'll have no qualms about siccing the NSA/other TLAs on anyone who makes waves, and who seems disloyal to the regime.

      1. Anonymous Coward
        Anonymous Coward

        Re: The real issue

        Have an upvote for mentioning 'the Dear Leader'.

        The USofA under the incoming Chief will be a place where everyone is wrong but the 'Dear Leader' who won't hessitate to tell you so via Twitter. After all, he said many times in 2016 that he's more intelligent than almost all of the dweebs who elected him.

        He'll brush any mention of the Russian dossier under the carpet. Anyone who talks about it will get sent to the North Shore of Alaska to work on a new Hotel and Golf Resort for Trump (joking).

        1. Stoneshop Silver badge
          Boffin

          Re: The real issue

          After all, he said many times in 2016 that he's more intelligent than almost all of the dweebs who elected him.

          Not that hard to achieve. If his voters have a median IQ of 95 with a maximum spread of 10, then an IQ of 106 will fully satisfy that condition.

        2. Anonymous Coward
          Anonymous Coward

          Re: The real issue

          "The USofA under the incoming Chief will be a place where everyone is wrong but the 'Dear Leader' who won't hessitate to tell you so via Twitter. After all, he said many times in 2016 that he's more intelligent than almost all of the dweebs who elected him."

          And was he wrong?

        3. anonymous boring coward Silver badge

          Re: The real issue

          "After all, he said many times in 2016 that he's more intelligent than almost all of the dweebs who elected him"

          That doesn't say much though, does it?

      2. tr1ck5t3r

        Re: The real issue

        These spook agencies are playing a double game.

        If you knew you were being spied on 24/7 by the state in an overt manner, then the population would be up in arms.

        So as always, what the Corporates & Govt do is lie to you, to make you feel less angst ridden by the thought you are being spied on 24/7 for criminal and corporate monitoring purposes.

        You know when you tell "white" lies to your kids as they grow up, because you dont want to pop their bubble or believe they wouldnt understand it?

        Well guess what, the corporates & Govt do it to you as well, thats why parts of it operate in secrecy.

        So with this in mind, now you know why Giuliani doesnt give a stuff.

        How many bugs are just moving backdoors? Getting people to patch their systems is just part of the ploy for your make believe cyber security when really your systems can be accessed instantly with a moments notice.

        How many OS's exists?

        Its just only a select few know this exists, because its all part of the corporate govt charade you and billions of others around the world buy into every second of the day facilitated often by you, when you boss gets you to do something you shouldnt, often because their boss asked them to do something they shouldnt have sometimes because a big customer or supplier asked needed a favour.

        You know how it works, you've done it yourself if you really think about it!

    2. Anonymous Coward
      Anonymous Coward

      Re: The real issue

      Could have been a bait and switch. But I would be reluctant to give them the benefit of intelligence there.

    3. macjules Silver badge

      Re: The real issue

      Definite case of misspelling I think. "cybersecurity adviser" should possibly be "cyber security adviser"?

      He's more machine now than man. Twisted and evil

      1. Primus Secundus Tertius Silver badge

        Re: The real issue

        @macjules

        "cybersecurity adiser" is OK by MS Office spellcheck, the grand arbiter in these matters.

        1. John Brown (no body) Silver badge
          Terminator

          Re: The real issue

          "cybersecurity adiser" is OK by MS Office spellcheck, the grand arbiter in these matters.

          Maybe you missed the subtle change of meaning created when splitting the word.

          Is he a "cyber security" advisor or a cyber "security advisor"?

  3. Alistair Silver badge
    Windows

    Ayudame! Go CyberGulie Go!

    Watch as CyberGulie jumps on his CyberJet to fly down to the CyberBorder to inspect the BrandNew CyberWall being built by modern CyberAmerican warrior workers and paid for by CyberMexican CyberPesos!

    /sarc

    <the above in Dora the explorer voiceover>

    Okay. The fun part here is that Prez.Tweeter.Trump actually at one time had something that was called a "reality TV" show. This presidency is going to be more hysterically entertaining than that disaster of prime time. The only reason it isn't *FUNNY* is that it *IS* real.

    <Hysteria != Humour>

    1. John Brown (no body) Silver badge

      Re: Ayudame! Go CyberGulie Go!

      "Prez.Tweeter.Trump"

      I'm not sure why, but the phrase Tweeter Trump brought to mid an image of Cooter the tow truck guy from The Dukes of Hazard (original series).

  4. Anonymous Coward
    Anonymous Coward

    Big Brother Security to the rescue

    Okay, it's not a good sign for Rudy's security business. But please, someone tell me when it became the government's job to enhance the nation's civilian cyber security? Isn't that best left in the hands of the private sector anyway? And if it is, then why all the trumped up outrage? Seems like some doth protest too much, about the wrong topic anyway.

    1. O RLY

      Re: Big Brother Security to the rescue

      Quoting Big John: "But please, someone tell me when it became the government's job to enhance the nation's civilian cyber security?"

      I guess it depends on how broadly one interprets "provide for the common defence", which is one of the explicit goals in creating the framework for the US federal government. If that phrase from the Preamble to the Constitution includes nation's cyber security, then 1789.

      1. Anonymous Coward
        Facepalm

        Re: Big Brother Security to the rescue @O RLY

        > I guess it depends on how broadly one interprets "provide for the common defence"

        C'mon bro. Cyberwar isn't real war. It's a weasel word invented to shift blame away from the real culprits.

        To the extent that our enemies can adversely impact the lives of citizens by hacking, it's solely the fault of companies and governments that made us vulnerable by foisting insecure, unnecessary IT crap upon us.

    2. smartypants

      Re: Big Brother Security to the rescue

      Big John,

      The soon-to-be leader of the most armed country in the world has hired yet another person who clearly knows nothing about his remit.

      That's the big deal. Do try to keep up.

      1. Doctor Syntax Silver badge

        Re: Big Brother Security to the rescue

        "another person who clearly knows nothing about his remit."

        Given those reports about his own website I think he's about to learn something PDQ, even if only how little he knows. The skiddies won't be able to resist. The downside is that once he's paid someone to sort it out he'll think he's an expert.

    3. Milton Silver badge

      Re: Big Brother Security to the rescue

      If the government's job is to protect its citizens from foreign military adventurism - which it manifestly is - why would safeguarding your cybersecurity be any less its duty?

    4. Captain Badmouth

      Re: Big Brother Security to the rescue

      Big John is stuck for something positive to say here, as he should be.

      1. Anonymous Coward
        Facepalm

        Re: Big Brother Security to the rescue

        So, everyone who responded to my question DOES think it's the government's job to get involved with private web security? And I'm the the one who doesn't get it?

        What a perfect example of government's heavy influence over the attitudes of the masses. Probably all that government-run early school training. Trust Big Daddy government, kiddies, it's for your own good!

        Seriously people, we do NOT want government running our personal cyber-security. Really. What goes on in Rudy's business is totally immaterial to that issue. Personally I don't think Trump should be hiring anyone who was mayor of New York. Rudy can't be much of a conservative if he wins elections in that leftist paradise.

        1. O RLY

          Re: Big Brother Security to the rescue

          "What a perfect example of government's heavy influence over the attitudes of the masses. Probably all that government-run early school training. Trust Big Daddy government, kiddies, it's for your own good!"

          Hardly. I'm a believer in limited government, but I think the US government should do the things it's tasked to do by the people through the Constitution. I don't want the government to have sole responsibility for my personal cyber-security any more than I intend for the government to provide all of my physical security. Just as while I don't want or need to see tanks protecting my cities directly, I know that if $ENEMY attacks my city or family, there are people and tools equipped to respond with appropriate fury. What I DO want is the knowledge that the people tasked with those duties have the skills and experience to do them. I have no doubt that General Mattis is well-suited to be an outstanding SecDef; his record as a warrior monk speaks for itself. I have significant doubt that Rudy is suited to the task of advising the President on protecting government networks and whatever else fits under "White House Cyber Security Advisor". His company's website is part of his advertisement of capabilities. If it's less secure than my blog, he shouldn't do the job that the President-elect has asked him to do.

          As to the question you asked initially, yes, I think the government has a duty to provide some modicum of cyber security. They definitely should protect their own networks. In fact, there's an agency whose putative purpose is just that already. (Or maybe there's No Such Agency.) They've been too busy spying on everyone to prevent someone from stealing all of the personnel records from the OPM, for example. Giuliani's CV is that of a good federal prosecutor, a mediocre mayor who was cast into the national spotlight because of 9/11, and then a few consulting gigs. None of that indicates he has the skills necessary to the task asked.

    5. Anonymous Coward
      Coat

      Re: Big Brother Security to the rescue

      35 downvotes for Big John? How can so many people be so wrong? Did Buzzfeed link to this comment section?

      Government enhancing cybersecurity is like a fox enhancing henhouse security. Well, an incompetent fox.

      Hackers are happy to find cybersecurity problems, and that's actually a good thing because it teaches people (albeit the hard way) to look after their own security.

    6. Anonymous Coward
      Anonymous Coward

      Re: Big Brother Security to the rescue

      Big John, not sure what line of business you are in, but I'm in the Power Supply industry. The quick answer to your question is ... we're in an increasingly connected world, our companies want to squeeze as much profit as possible out of what they sell, cyber security is expensive and unless someone at the top level (i.e Government) kicks butt the necessary security to keep your country going won't happen. In other words .. leave it to the private sector and although something may happen, it will happen slowly until a big disaster strikes. It's only until the Ukraine hacks happened that many in the power industry sat up and started putting money into CyberSecurity.

      Your statement is almost akin to "It's up to the private sector to manage our nation's security so let's put Lockheed Martin in charge of the military"

      Your government imposes certain requirements on anyone supplying stuff to your energy industry. This is a good thing

      1. Anonymous Coward
        Anonymous Coward

        Re: Big Brother Security to the rescue

        I wasn't really talking about critical infrastructure, but okay.

        So your thinking is that everyone's web security is government's job, because the private sector can't be trusted to do it and will leave us at the mercy of the black hats? Isn't that always the argument whenever people want the government to fix a problem? "Can't trust the free market to do anything right, they're all monkeys."

        Yet generally it turns out it pretty crappy when government does big stuff. I could site many, many examples. Okay, there are examples of things government does well. I understand Arpanet came in pretty handy. But that wasn't an all-encompassing project like being envisioned here.

  5. bobajob12
    Coat

    I know someone who is free right now

    There are some folks who are probably looking for work right now. Previous experience: running a mail server for a VIP called HRC. Learnt about bleachbit from reddit. May speak a little Russian.

  6. fwadman

    Site is down this morning ... I guess someone over there is ready the el reg ..

    1. Graham Anderson

      missing the www

      The posted link has no www - if you include it, the site is up http://www.giulianisecurity.com

      1. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        Re: missing the www

        I like how it has an Espanol option. Presumably for Mexicans.

        At least we know who's going to pay to fix it ...

  7. Frumious Bandersnatch Silver badge
    Windows

    jeez

    It's like Time Magazine elected 4chan as pesron of the yare or something.

    All military operations in urban terrain from here on? It's pronounced CYBA!

    (the piano^Hclavier has been drinking ... not me)

    1. Stevie Silver badge

      Re: jeez

      That was Time Out. And they were suggesting that it be thrown in the river Yare. I agree.

  8. MNGrrrl

    Yeah, no surprise

    This is a guy who called his 10 year old son a computer genius. So if this guy doesn't work out, maybe he'll hire his kid. Trump doesn't care about intelligence... he calls everyone who is loyal to him a genius, just, really, just the best, the very best. And of course, anyone who isn't... is stupid, an idiot, etc.

    I'm pretty sure when it comes to this guy's intelligence... the wheel is turning but the hampster is dead.

    1. Rich 11 Silver badge

      Re: Yeah, no surprise

      the wheel is turning but the hampster is dead.

      The wheel is turning but the hamster escaped out of one ear and took up residence on top of his head.

      1. Anonymous Coward
        Anonymous Coward

        Re: Yeah, no surprise

        Up-voted, Brilliant...

        But then Rich 11 came along... Uuuuge, brillianter! Up-votes for everyone!

    2. Captain Badmouth
      Coat

      Re: Yeah, no surprise

      As regards his vocabulary and use of superlatives etc. read this :

      http://www.politico.com/magazine/story/2015/08/donald-trump-talks-like-a-third-grader-121340

      Mine's the one with the copy of Viz in the pocket.

    3. anonymous boring coward Silver badge

      Re: Yeah, no surprise

      "This is a guy who called his 10 year old son a computer genius."

      In fairness though, compared to his dad he very likely is a computer genius.

      And so is my son (almost 12), compared to Trump.

      1. Anonymous Coward
        Alert

        Re: Yeah, no surprise

        Yeah, how dare Trump presume to be President when he knows next to nothing about computers! The nerve of some people!

        1. Jamie Jones Silver badge

          Re: Yeah, no surprise

          Yeah, how dare Trump presume to be President when he knows next to nothing about computers! The nerve of some people!

          There is a big difference between not knowing something, and not knowing you don't know something.

          If I was President, and one of the things needing doing was to ensure the wellfare of the elder-fruit eating fruitbat on the East-Side, you can be sure it would be done well.

          I know nothing about fruitbats, but I'd find someone who seems to knows enough, who can then find an expert on the subject.

          If I totally screwed up my appointment to this important role, I'd expected to be ridiculed on my fruit-bat ignorance.

  9. smartypants

    Which is the Trump hire that isn't "the worst choice as X"?

    There must be one, if only because it's sometimes hard in a short period of time to identify that ideal worst choice!

    (Having said that, looking at our own cabinet right now, we don't come across that well either. What happens when someone as talented as Boris meets one of these trumpidors. Do they just go into a room, check nobody's listening, then burst into laughter?)

    1. GrapeBunch Bronze badge

      All should be considered as "bargaining position" nominees. The people he really wanted will be the people sitting at the cabinet table in, oh, March.

      Is it possible that Giuliani Security is running up-to-date secure software that identifies itself as old and insecure? After all, it could not help security if any Tom, Dmitri or Kim can find out the exact level of the software you're actually running. Asking not as an expert but as a babe-in-the-woods.

      1. Jamie Jones Silver badge

        You are totally correct about the software having a fake identifier. . It could also be a server run by a l33t guru who just prefers that version, which is his own personal patched fork.

        I know that when I was running web software like phpbb and wordpress, none of the exploits that came out would work on my systems due to my own setups.

        There is much more to the security of a machine (both good and bad) than simply the id of some application.

        However, in this case, looking at the evidence presented - the poor SSL/TLS rating being the smoking gun - doesn't bode well.

  10. jake Silver badge

    You just can't make this stuff up :-)

    The writers over at Beach Blanket Babylon must feel like they are on a paid vacation with all the free material Chump is providing.

  11. John Smith 19 Gold badge
    FAIL

    A *lot* of infosec seems to be about "process"

    OK so he doesn't know how to update a CMS but he should have someone who

    a)Checks for updates

    b)Installs them

    c)Checks the new install does not have the same vulns.

    The point his company does not seem to have such a person in place is not a good sign.

    There are 2 philosophies on IT web sites. Keep your best devs for you clients or showcase your best work on your own site. Both are reasonable PoV. But as a customer I'm thinking "If you can't look after your own site, why the hell would I let you look after mine (along with Ex Mayor of NY == IT Guru ??)

  12. Milton Silver badge

    Klueless geriatrix rool, ko

    But it's hardly, uh, 'unpresidented' for the Orange Cretin to appoint yet another ignorant geriatric white lizard to whisper into his ass whatever he wants to hear, is it?

    We should get used to the idea of this Circus of Buffoons providing hilarious entertainment until impeachment. Though it'll be easier to laugh until their arrogance and stupidity starts to get people killed.

    1. John Smith 19 Gold badge
      Unhappy

      "this Circus of Buffoons providing hilarious entertainment until impeachment. "

      Whereupon The D will tell you :-

      a) I did a brilliant job

      b) I was betrayed by those around me.

      c) My advisors were just not smart enough to carry out my vision.

      d) You knew what I was like when you elected me. IOW It's on you (the voters).

      e) All of the above.

      Trump is what the American people asked for. Time will tell if he's what they wanted.

      But f**k me sideways it's cold day in Hell when the best the only 2 parties with a serious shot at holding the Oval Office can spew up is Hilary and Donald. Sounds like the name of a quite dire sitcom. Lazily written, implausibly plotted, unconvincingly acted. :-(

      "Circus of Buffoons" Hmm. I like that.

      1. Steve Davies 3 Silver badge

        Re: "this Circus of Buffoons providing hilarious entertainment until impeachment. "

        you missed out the word that the 'Dear Leader' loves.

        Tremendous

        I wonder how many times he'll use it in his speech on the 20th? Everything is 'Temendous' acoording to him.

      2. Stoneshop Silver badge
        Devil

        Re: "this Circus of Buffoons providing hilarious entertainment until impeachment. "

        Trump is what the American people asked for.

        The popular vote numbers suggest that's not quite the case.

        But f**k me sideways it's cold day in Hell when the best the only 2 parties with a serious shot at holding the Oval Office can spew up is Hilary and Donald.

        Why choose the lesser of two evils? Chtulhu for President: let Putin try to manipulate HIM.

      3. CrazyOldCatMan Silver badge

        Re: "this Circus of Buffoons providing hilarious entertainment until impeachment. "

        Whereupon The D will tell you :-

        a) I did a brilliant job

        b) I was betrayed by those around me.

        Sounds *remarkably* like the stuff that German politicians were saying in (roughly) 1935..

        1. Mark 85 Silver badge

          Re: "this Circus of Buffoons providing hilarious entertainment until impeachment. "

          Sounds *remarkably* like the stuff that German politicians were saying in (roughly) 1935..

          Yep. However The Big T himself has invoked Godwin's law repeatedly in his Tweets/Twits. I guess it's to get us used to the concept.

          1. Captain Badmouth
            Happy

            Re: "this Circus of Buffoons providing hilarious entertainment until impeachment. "

            Been posted before, but worth repeating :

            A 94-year-old Prophecy is Fulfilled:

            H.L. Mencken (born 1880 – died 1956) was a journalist, satirist, critic and Democrat. He wrote the editorial below while working for the Baltimore Evening Sun, which appeared in the July 26, 1920 edition.

            “As democracy is perfected, the office of the President represents, more and more closely, the inner soul of the people. On some great and glorious day, the plain folks of the land will reach their heart’s desire at last and the White House will be occupied by a downright fool and complete narcissistic moron.”

            —H.L. Mencken, the Baltimore Evening Sun, July 26, 1920

            1. John Smith 19 Gold badge
              Unhappy

              "the White House will be occupied by a downright fool and complete narcissistic moron"

              Wow 97 years.

              Kind of amazing the Republic lasted that long.

        2. John Smith 19 Gold badge
          Unhappy

          "Sounds *remarkably* like the stuff that German politicians were saying in (roughly) 1935.."

          1935 or 1945?

      4. mstreet

        Re: "this Circus of Buffoons providing hilarious entertainment until impeachment. "

        What the American people asked for indeed . A society that yearly becomes more self-centered and narcissistic, and equates Hollywood with reality, has elected a selfish, narcissistic reality TV host as there leader. I don't get the surprise or shock. this is democracy working how it was supposed to*.

        * And also an example of why Plato thought it unlikely to work on a large scale.

  13. Eponymous Cowherd

    Right man for the job

    "there’s literally millions of people in infosec who would be better cyber security advisors than Giuliani"

    Putin couldn't have chosen a better person if he'd picked him himself.....

    Hang on a minute..........

    1. Loyal Commenter Silver badge

      Re: Right man for the job

      "Dance for me little puppet man"

      (in best Russian accent)

  14. imanidiot Silver badge
    Meh

    Awhhhhhh, how sweet

    You all seem to be under the impression qualifications and skills actually matter when it comes to being appointed a cushy upper echelon position in politics.

    Let me help you out of your dream. It simply matters who you know, what you have done for them in the past and most importantly what you can do for them in the future.

    1. Doctor Syntax Silver badge

      Re: Awhhhhhh, how sweet

      "It simply matters who you know, what you have done for them in the past and most importantly what you can do for them in the future."

      It's the American Way.

      1. ecofeco Silver badge

        Re: Awhhhhhh, how sweet

        Oh it's pretty much the same almost everywhere.

        Patronage is the rule in politics, not the exception.

  15. crediblywitless

    Maybe it's a honeytrap?

    1. Graham Dawson

      I was thinking the same thing.

      Balance of probabilities?

      1. John Smith 19 Gold badge
        Unhappy

        Balance of probabilities?

        Never subscribe to cunning what simple ignorance and laziness can explain.

        Looks like a badly maintained website because it is a badly maintained website.

        1. Anonymous Coward
          Anonymous Coward

          Re: Balance of probabilities?

          Never ascribe to cunning what simple ignorance and laziness can explain.

          FIFY. Apologies for being a pedant, but you may need to have a word with your auto-incorrect about this :).

          1. simon_c

            Re: Balance of probabilities?

            Or more succinctly:

            Cockup over conspiracy.

            1. paulll

              Re: Balance of probabilities?

              Hanlon's Razor...

        2. Graham Dawson

          Re: Balance of probabilities?

          Why not both? Incompetent conspiracy, the worst of both worlds.

    2. Nolveys Silver badge
      Meh

      Maybe it's a honeytrap?

      Maybe it's a honey wagon.

      1. frank ly Silver badge

        It's owned by a honeybadger.

        1. Loyal Commenter Silver badge

          whose boss looks like the honey monster

  16. Anonymous Coward
    Anonymous Coward

    I wonder

    Do the Ruskies have footage of Giuliani also paying prostitutes to piddle on each other?

    Shared interests, you know. The White House could become the Golden (Shower) House

    1. John Smith 19 Gold badge
      Unhappy

      "Do the Ruskies have footage of Giuliani also paying prostitutes to piddle on each other?"

      Obviously depends if that's his sort of thing.

      Plenty of other embarrassing s**t they can record him doing instead.

      Cross dressing, crushing, sounding, adult babies etc.

      The trouble with this "dodgy dossier" (to coin a phrase) is it sounds like the sort of thing Trump would do and 'ol straight-as-a-die Putin would get him recorded doing.

      But is it real, or is it just written just to sound real?

      1. Doctor Syntax Silver badge

        Re: "Do the Ruskies have footage of Giuliani also paying prostitutes to piddle on each other?"

        "But is it real, or is it just written just to sound real?"

        Does it make a difference?

        1. lglethal Silver badge
          Go

          Re: "Do the Ruskies have footage of Giuliani also paying prostitutes to piddle on each other?"

          Considering all the sh&t that Trump did and said on the campaign trail, and of which there is actual evidence, which didnt seem to bother either Trump or his supporters one bit, I have to ask the question - would the dossier (assuming its real) have any sort of effect on Trump? He seems like he has no shame anyway, so blackmail of the prostitute variety wouldnt seem to have much of a hold over him. Hell it might even increase his Support with certain members of the electorate...

          1. Anonymous Coward
            Anonymous Coward

            Re: "Do the Ruskies have footage of Giuliani also paying prostitutes to piddle on each other?"

            He seems like he has no shame anyway, so blackmail of the prostitute variety wouldnt seem to have much of a hold over him.

            > Wrecks whole countries then does the victim spiel and tells America to "stay strong" on his "Imma outta here" address

            OK

            > Invites ladies of the night on piss on aforementioned messiah's sleeping place while he watches

            NOT OK

            Mainstream-Media Induced Value Scale Detected

        2. Anonymous Coward
          Anonymous Coward

          Re: "Do the Ruskies have footage of Giuliani also paying prostitutes to piddle on each other?"

          "But is it real, or is it just written just to sound real?"

          Does it make a difference?

          It does to the tree. And to the forest.

    2. LDS Silver badge

      The White House could become

      Probably Trump decided to become president when he looked at the old whitehouse.com website...

      1. Anonymous Coward
        Anonymous Coward

        Re: The White House could become

        Probably Trump decided to become president when he looked at the old whitehouse.com website...

        You could be right. Given those released comments it's entirely possible that he thought that that was was was happening in the White House, and so motivated him to run for president.

        It all makes sense now!

    3. Anonymous Coward
      Anonymous Coward

      Re: I wonder

      I believe the correct phrase is "trickle down economics"

      1. ecofeco Silver badge

        Re: I wonder

        Trickle down indeed.

        J6P has been getting pissed on for decades.

  17. Potemkine Silver badge

    Welcome to the New Era

    .. where it matters more to look like than to be, where bragging is considered the new ethic, where fantasy is favored over reality, where lies matter much more than truth.

    Let's run into the wall head first, it will be so fun

    1. Mark 85 Silver badge

      Re: Welcome to the New Era

      As one who has repeatedly run his head into the brick wall at work.... it's only fun and only feels good when you stop. Obviously the voters here haven't figured this out yet.

  18. Will Godfrey Silver badge
    Meh

    What's the fuss about?

    Situation normal (worldwide). Government official has no clue about what he's supposed to be managing.

  19. Sonny Jim

    Aaand it's gone

    Was up about an hour ago, now the name fails to resolve for me.

    EDIT: Actually it's still up, just that the name doesn't resolve any more

    (209.238.99.227)

    1. cyclical

      Re: Aaand it's gone

      And actually doesn't look like anyone has managed to pwn it yet, at least it's not been defaced yet.

    2. Florida1920 Silver badge

      Re: Aaand it's gone

      EDIT: Actually it's still up, just that the name doesn't resolve any more

      (209.238.99.227)

      It's only in English and Spanish. Rudyevich must have taken it offline to add Russian.

      1. G.Y.

        CYA Re: Aaand it's gone

        Thus, the hackers can hack as before, but the general public won't get to the site ...

  20. STZ

    A great slogan for the next election ...

    Let's make America reasonable again !

    1. John Smith 19 Gold badge
      Unhappy

      "Let's make America reasonable again !"

      You'll have to remind me the last time America was reasonable.

      That's a goal so far above the current state of practice in US politics as to be almost inconceivable

      Alert State : Delusional.

      1. STZ

        Re: "Let's make America reasonable again !"

        Roosevelt's New Deal policy is said to have been pretty reasonable (very few of us will have direct experience, as this was back in the 1933 to 1938 timeframe). But I'm sure some more recent examples of reasonable US politics can be found as well, eg. protecting West Berlin during the cold war.

        1. John Smith 19 Gold badge
          FAIL

          Re: "Let's make America reasonable again !"

          "Roosevelt's New Deal policy is said to have been pretty reasonable (very few of us will have direct experience, as this was back in the 1933 to 1938 timeframe). "

          So 7 decades ago.

          " protecting West Berlin during the cold war."

          That would be the Berlin airlift of 1948.

          However as a practical matter military planners gave West Berlin a survival time of hours should WWIII start. It was surrounded by East Germany. For some reason it also meant residents were exempted from compulsory military service, which attracted a lot of young people to the city.

          More recently the US has been home to $T (1x10^12) deficits, repeatedly dead locked decision making in both houses (because of a system that ran district councils in the 17th century does not really work for the biggest economy in the 21st), multiple bank bailouts and multiply misguided foreign invasions, at least one of which blatantly lined the pockets of one former SecDef.

          Let us not forget the infection of the US Legal system that is THE PATRIOT Act and the continual running of the Guantanamo Bay prison, most of whose inmates were never subject to due process .

          (if you were offered a bounty equal to 2 years pay wouldn't you be thinking about who you knew who looked a bit "suspicious"? Especially if you had a friend in the local police force to do the arresting.) as well as the vast personal data hoover that is the NSA, which shows no restraint and no signs of being restrained by any outside body and which has already caused the DEA to lie about its sources since to admit they were the source would admit it spied on US citizens.

          I haven't gotten onto the assorted collection of SEL's that is the Religious Right who will no doubt continue to ensure the US has the highest rate of teenage pregnancy of any "developed" country.

          Reasonable? to misquote Rorschach "I'd expect more sensible behavior from a Romanian orphanage full of retarded children".

        2. Destroy All Monsters Silver badge

          Re: "Let's make America reasonable again !"

          > Roosevelt's New Deal policy is said to have been pretty reasonable

          Forcing people to burn farm produce "to keep prices high" while no.one can actually pay for the stuff can only be described as "reasonable" in the wishy-washy liberal mindset. I think a fat bullet between the eyes is the only way to respond to that kind of "reasonableness".

          More in "The Roosevelt Myth" by John Flynn, an observer of those sad times. Read it.

    2. Destroy All Monsters Silver badge

      Re: A great slogan for the next election ...

      Let's make America reasonable again !

      How exactly do you intend to get back to the times of Calvin Coolidge?

      1. Doctor Syntax Silver badge

        Re: A great slogan for the next election ...

        "How exactly do you intend to get back to the times of Calvin Coolidge?"

        Well, there are plenty of voters here in the UK who think it's possible to get back to....when was that exactly?

  21. Anonymous Coward
    Anonymous Coward

    And now for something positive (in desperation)

    It's not Ted Cruz after all.

    1. Anonymous Coward
      Anonymous Coward

      Re: And now for something positive (in desperation)

      ...but it might soon be Mike Pence.

      1. Anonymous Coward
        Anonymous Coward

        ...but it might soon be Mike Pence.

        The South African who lectured on Physics for the Open University in the 70's?

        Pity. Seemed like an OK guy.

        1. Anonymous Coward
          Anonymous Coward

          Re: ...but it might soon be Mike Pence.

          From Wikipedia:

          "In a 2002 statement on the floor of the House (reported in the Congressional Record), Pence told his colleagues "... I also believe that someday scientists will come to see that only the theory of intelligent design provides even a remotely rational explanation for the known universe."

          1. John Smith 19 Gold badge
            Coat

            "someday scientists will..see that only.. intelligent design.. rational explanation.. universe."

            Making America reasonable again, Trump style.

            Good luck with that hope.

  22. lansalot
    Mushroom

    simple

    Build a (fire)wall - and make the hackers pay for it!

  23. foo_bar_baz
    Trollface

    You've all been had.

    It's a honeypot.

    Looks like I was beat to it. Never mind, this post is staying.

    1. keithpeter
      Windows

      Re: You've all been had.

      Evidence for your position: who the freekin' hades needs a CMS to manage 17 pages? The News page is averaging less than one post a month.

      Strikes me a decent template and static html in a defensively configured server would be best for an actual corporate calling card.

      A touch of the mfws would not go amiss

      1. John Smith 19 Gold badge
        Thumb Up

        A touch of the mfws would not go amiss

        I have not heard of mfws before.

        Impressive.

        1. keithpeter
          Windows

          Re: A touch of the mfws would not go amiss

          Recycling Zed Shaw's Programming, MFker meme. Shaw has written a load of tutorials, and provided a template for other people to write tutorials in the same style, so he isn't just braw shit.

          A gentler and more polite version is at https://justinjackson.ca/words.html

      2. ecofeco Silver badge

        Re: You've all been had.

        How did I forget mfws?

        Thanks for the reminder.

  24. Tom 7 Silver badge

    Giving early 19thC guitarists a bad name.

    Even if Mauro was the first mod.

  25. Static Cat

    Braindead

    As I've said before, it all makes Braindead look like a documentary.

  26. Chris Hexter

    Service Temporarily Unavailable

    oops...

  27. Stevie Silver badge

    Bah!

    Rudy Giuliani. The man who was known as Mayor Squeegee on September 10th, untill those behind the WTC attacks handed him his bullet-proof halo. This despite putting the city's crisis management central control facility under its biggest target. This despite his being warned that all those eggs shouldn't be left in that particular basket.

    1. Destroy All Monsters Silver badge
      Windows

      Re: Bah!

      This despite putting the city's crisis management central control facility under its biggest target.

      I don't think it is reasonable to accuse skeletor of not having clairvoyance powers (ok, maybe the hit on WTC a few years prior should have given a hint, but apparently the whole Clinton + Bush administration didn't twig on anything either; it's just that immediately everyone knew the Saudi[MEMORY HOLE VIOLATION DETECTED, CONTENT REDACTED]).

      The only ones with clairvoyance are the Ruskies as they compile kompromat on future presidential hopefuls that haven't even decloaked yet.

  28. CheeseTriangles
    Holmes

    Guru?

    "Our guru, based in Australia"...

    A Computer security guru based in Australia... Hmm.

    I wonder if the guru has ever been pwned?

    1. Anonymous IV

      Re: Guru?

      No doubt El Reg locating their computer security guru in Australia was simply to throw people off the scent.

      Obviously she lives in New Zealand!

  29. fLaMePrOoF

    Site is now down, what a surprise...

  30. Destroy All Monsters Silver badge
    Facepalm

    Someone who is someone runs a website somewhere somehow

    Meanwhile, #RealNews:

    US watched ISIS rise in Syria and hoped to ‘manage’ it — Kerry on leaked tape

    1. Anonymous Coward
      Anonymous Coward

      Re: Someone who is someone runs a website somewhere somehow

      Hush, US & European intervention in civil disorder in North Africa and the Middle East during the 'Arab "spring"' was wicked cool, nothing bad occurred, nothing to see... perfect 8 years.

  31. Anonymous Coward
    Anonymous Coward

    so was it in use? Or just another site grave yard someone didn't remember to cancel?

  32. WibbleMe

    Yes, but since he's the Pres Elect you can expect storm troopers knocking on your front door 5 mins after messing with it.

  33. schafdog

    I know words. I have best words

    I think they match each other. The 'Dear Leader' cannot pick somebody smarter since he is afraid to look dumb.

    America you are good at something: "Bombing small countries especially with brown people " (George Carlin)

  34. Version 1.0 Silver badge

    el reg suggestion

    Can we headline all Trump related article with a picture of a train wreck please.

    1. Destroy All Monsters Silver badge

      Re: el reg suggestion

      Not so hasty - the train is just leaving the station.

      I hope you have your Ray Bans.

      1. ukgnome Silver badge

        Re: el reg suggestion

        Yeah but the station is on fire - as is the train

        1. Destroy All Monsters Silver badge

          Re: el reg suggestion

          Where is Tom Cruise looking at burning trains leaving the station when you need him?

  35. Florida1920 Silver badge
    Childcatcher

    OMG he's running Flash

    'Nuff said.

  36. adam payne Silver badge

    "This seemingly insecure system also has a surprising number of network ports open – from MySQL and anonymous LDAP to a very out-of-date OpenSSH 4.7 that was released in 2007."

    You couldn't make this stuff up!

    #captainpicarddoublefacepalm

  37. Eclectic Man

    And fo rhis next trick

    He pardons Bernie Madof and makes him head of the SEC.

    1. Destroy All Monsters Silver badge

      Re: And fo rhis next trick

      Jews would nix that, Bernie ripped too many of those off.

      1. Destroy All Monsters Silver badge

        Re: And fo rhis next trick

        Wow people are actually downvoting this. Must not really know how the world works.

        myvirgineyes.jpg

    2. ecofeco Silver badge

      Re: And fo rhis next trick

      You just THINK you're joking...

  38. Lion

    Insider only

    From what I have read on this appointment, Giuliani's role is unofficial and undefined. The Prez-elect is one of those characters who needs to pad his inner circle with those he knows really well and trusts to a fault. His family and close friends are like his force field.

    The Twumpster has shown a distrust and disdain for all US intelligent agency intel and has a penchant for conspiracy theories. I think Giuliani's responsibilities will be totally void of plugging security holes - he will probably focus on how the administration should react to countries and individuals that unleash cyber attacks on the US. There are government departments that will address industrial espionage and infrastructure vulnerability while Giuliani will probably be a mere filter for the Prez. on what the spy agencies conclude and recommend. Can't see him expert in any other advisory capacity.

    1. Destroy All Monsters Silver badge
      Facepalm

      Re: Insider only

      > has a penchant for conspiracy theories

      Seen what's going on right now, I would say this "penchant" is hardly unwarranted.

      Definitely more tangible than Clinton's fabled "vast right-wing conspiracy" (then a suicide occurs).

  39. Crazy Operations Guy

    Putting on my tinfoil hat

    I'm going to assume that this company doesn't actually do anything but is rather a front to accept bribes and kickbacks he is owed after abusing his power as Mayor to benefit his buddies.

    No one rational would hire a security company that apparently lacks the ability to host its own web servers and email (Yes, security is hard, but isn't that -why- you would hire these guys?) unless you have some other compelling reason to chose them. To me, a security company's website should have perfect security, I should be able to throw MetaSploit and its ilk at their public resources and have it come back squeaky clean.

    -The website is probably hosted with that particular provider because they had a pre-made hosting+email image and was never updated, which would be why it still runs Dovecot for email despite email being hosted elsewhere

    -They are probably using Mark Monitor since it anonymizes exactly who owns the domain, it may very well be some off-shore outfit running in a tax haven that is owned/operated by non-existent people and/or some lawyers.

  40. DV Henkel-Wallace

    A good choice with a simple explanation

    Putin specified an incompetent to make sure that the Russians could get in whenever they want.

  41. bombastic bob Silver badge
    Devil

    The media as a clue-bat

    well, isn't it the media's JOB to point out discrepancies? Seems that the list of vulnerabilities is kinda like a CLUE-BAT. It also seems they haven't been paying attention to their web server for a while.

    Being FreeBSD, it has some inherent security advantages, even being 6.x. Being old, it would be more difficult to craft a successful crack using buffer overruns or SQL injection. [this doesn't mean someone has not ALREADY done it].

    And if the "open SSH port" doesn't allow root logins (default for FreeBSD since 'forever'), and uses proper authentication methods, it shouldn't matter much. [in some Linux distros I've had to MANUALLY shut off root ssh logins so yeah, I always check]

    The rest of the problems are fixable by updating the OS and the packages they run.

    Shouldn't be too hard to fix. And it's FreeBSD. That gives it a slight advantage security-wise. Linux-specific cracks won't work, and if it wasn't configured by an IDIOT, it should be reasonably secure 'out of the box'. Additionally, if the ssh logins all have 'guest' level access, you'd have to su to a 'wheel' group user before attempting to crack the root password. It's an extra layer, yeah.

    And for all we know, all of that is running in a JAIL. Yeah. It'd be fun to find out for certain.

    And... do you think MAYBE it might be a HONEYPOT? Just a thought... [or if not, it SHOULD be]

    (Just a bit of 'benefit of the doubt' for Giuliani's company - after all, it IS running FreeBSD!)

  42. Cynic_999 Silver badge

    Storm in a teacup

    The site in question is just an advertisement, and ISTM there would be little harm done if it were hacked to death. I don't have motion detectors, trembler switches, 360 degree IR illuminated CCTV surveillance and titanium locks on my dustbin - that doesn't mean that I am ignorant about security.

    Obviously now that it has made the news, the site is attractive to people who want to deface it to prove a point, but until now there was nothing to attract anyone to *want* to hack it, so no need to go to any trouble whatsoever to make it secure when the worst that could happen was something that would slightly annoying.

    And why anyone thinks that an advertising site should never allow unsecured connections is beyond me.

    1. ecofeco Silver badge
      Facepalm

      Re: Storm in a teacup

      Did you miss the part that it's a website promoting... wait for it... security?

      And you don't see the irony in that?

      1. Cynic_999 Silver badge

        Re: Storm in a teacup

        "

        Did you miss the part that it's a website promoting... wait for it... security?

        And you don't see the irony in that?

        "

        No more than an in-store advert for the latest UHD television being displayed on a crappy low-def monitor or an advert for a sports car on the side of a slow lorry.

  43. JLV Silver badge

    Pretty worrying appointments...

    http://arstechnica.com/science/2017/01/trump-asks-vaccine-critic-to-chair-committee-on-vaccine-safety/

    Robert Kennedy Jr.

    A Washington insider? Ah, most surely not.

    Not that I agree with the "1933 started out just like this..." crowd. But the appointments so far have mostly been of two types:

    - rank crowd-pleasers to deliver red meat to his supporters. see EPA, Justice... Kennedy.

    - connected insiders like Giulani and the Goldman Sachs crowd. His family. Those, if anything, represent a massive bait-and-switch to his supporters, who were promised not to have the elites run things for them.

    At this rate, I wonder how it's going to compare to CheneyBush's legendary pick of yes-men. And the consequences thereof.

    #2s might be a screw-you to the voters, but they may be competent as well.

    Re. #1: putting people with fundamentally incompetent views in charge... I struggle to see the upside.

    1. ecofeco Silver badge

      Re: Pretty worrying appointments...

      There is no upside except to unfriendly foreign powers.

  44. aqk
    Holmes

    Rudy, I need more security!

    I just tried browsing www.giulianisecurity.com

    and it gave me

    =====================================================

    Your connection is not secure

    The owner of giulianisecurity.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

    Learn more…

    Report errors like this to help Mozilla identify and block malicious sites

    giulianisecurity.com uses an invalid security certificate. The certificate is only valid for the following names: *.securesites.com, securesites.com The certificate expired on Friday, December 2, 2016 15:24. The current time is Friday, January 13, 2017 10:06. Error code: SSL_ERROR_BAD_CERT_DOMAIN

    ==========================================================

    This surely must be the fault of my Firefox!

    If not, should I report Rudy to Mozilla? Or to Trump?

  45. johanjanssens

    Rudy, oh Rudy here are 10 tips to secure your Joomla site

    The golden rule: "Backup often, update always! Here are 10 tips more tips to improve your Joomla site security: https://www.incapsula.com/blog/10-tips-to-improve-your-joomla-website-security.html

    Need help, get in touch with our community at http://www.joomla.org and we are glad to assist you.

    Johan Janssens - Joomla co-founder

    http://about.me/johanjanssens

  46. Walter Bishop Silver badge
  47. Anonymous Coward
    Anonymous Coward

    The problem with the Internet is lack of accountability. There is no accountability because of the anonymity.

    It would be better if web sites required that the user identify themselves in a verifiable way. It's like caller ID without the spoofing. When someone calls on the phone, you can look at their ID and you are not required to answer it. Similarly, if you don't want to give out your ID, you should be able to block it but, if you do, the site that you want to deal with doesn't necessarily have to deal with you.

    The problem we have no is that there are not verifiable ID's of devices so if you require device ID, you can't talk to anyone.

    Sites could allow access to anyone except when they want to do certain activities. The authorization for those activities should not be based on passwords. They need to be tied to specific hardware (you can't modify the settings of a site if you are not trying to do the modification from a recognized device.

    Anyway, there are lots of things that we can do to improve security of the internet but we need to have a lot more hardware identifiers to make it less susceptible to social engineering problems.

    Just because people and devices are identifiable, it doesn't necessarily subject people to

  48. razorfishsl

    They need that guy from Die Hard 4 ,

    he seemed to know what he was doing..

  49. Livemike

    What do you expect from the guy who didn't even know about "blowback" but tried to school Ron Paul. He actually said he was shocked that anyone believed in blowback but the official 9/11 report said exactly that happened.

    1. Hargrove

      BRAVO!

      Just ask a professional. It’s the person who doesn’t use the word ‘cyber’ to prefix everything they say.

      Truly insightful comment. Of course it eliminates virtually anyone working in, for, or around the US government, beginning first and foremost with the idiots in Congress who stepped in it by deciding that the answer was to legislate that things be secure. This in turned spawned an entire industry operating on the premise that certification is better than competence, and that by collecting enough data, in enough different data bases, big data analytics will magically optimize the government's IT infrastructure and achieve cybersecurity.

      Coincidentally, I ran into a friend yesterday who has recently gotten into the cybersecurity business. He had been in the anti-tamper business. The name means what it implies, and includes various methods of preventing exploitation of classified hardware/software resources by physical destruction. This obviously a narrow and specialized market, most consumers objecting as they do to things bursting into flames. It is, however, a handy feature for military operations.

      He told me that anti-tamper was now part of cybersecurity. I asked him, "And, how long did it take you to find out that this was simply a ploy to transfer your funding to a bunch of IT contractors who don't actually do anything."

      He gave me a funny look, and said, "We got a 14 million dollar program. The budget for anti-tamper work was zeroed out."

      Similarly, requirements for information assurance--ensuring the quality of service, reliability, and, yes, security, necessary to provide the right information for real-time command and control--were subsumed under "cybersecurity." These are attributes of a system where the physical layer matters, and where we face daunting challenges that are largely being ignored, by a generation of technological nitwits who talk about "unlimited" (some use the term "infinite") bandwidth as though it were something real.

      My impression is that cybersecurity is simply another cash cow for special interests who have found a source of revenue exempt from the onerous burden of having to meet hard performance specifications. A field where perception is reality, and anything that can be asserted, however idiotic, is as good as the truth.

      From that perspective, Giuliani's appointment makes perfect sense.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019