Trump's cyber-guru Giuliani runs ancient 'easily hackable website'
Stunned security experts tear strips off president-elect pick hours after announcement
'Someone should be taken to task for this'
Well, talking nuts and bolts: that website is hosted with a hosting provider. It looks like it has its own IP address based on having a single DNS PTR object (reverse address to the name giulianisecurity.com) which means its unlikely to be in use by other organisations (except maybe his own... who knows.)
That IP address is allocated out of a block of addresses registered to Japanese giant NTT but these could also be provided to NTT’s customers such as web developers/hosting providers etc. Without actively poking at the site – which I’m terrified to do, frankly – it may be shared hosting, may be a VPS, or may be a physically separate dedicated hosting solution. I’m betting it’s a cheap VPS-based ‘dedicated’ solution.
My experience with this kind of hosting means that a nice attack vector is identifying the hosting provider and trying to get allocated a similar hosting solution in the adjacent IP address space, getting root on it (or having it if it’s a VPS) and then using ‘layer 2’ fun and games to redirect the victim site’s traffic to the attacker. This still works amazingly well and is why smart people try to do things like statically publish layer-2 addresses for layer 3 IP gateways (although this is only so effective, really).
For the giulianisecurity.com domain they seem to use Microsoft Office 365 for his email. Not a bad choice. Email security sucks and, unless you know what you’re doing/are a glutton for punishment or are generally my kind of tinfoilhat wearer (hey, friends), it’s best to leave email security to someone reasonably credible.
I also note they use a large trademark monitor company – MarkMonitor.com – for the DNS service provider for the domain name giulianisecurity.com. Which is hilarious. Because, yeah, you’d want to intrude trademark-wise on this guy’s name because it’s such a valuable brand. Like Trump’s, you know?
The reality is someone else makes these choices for him for his business. It’s not like he’s there, updating his ancient and known vulnerable Joomla content management system himself (he’d get props from me if that were the case :)
Anyone truly trying to protect your brand would avoid putting a giant red flag like an unpatched CMS in a commodity hosting environment out there. Whether it’s Giuliani’s company’s responsibility or an outsourced provider’s (very likely) the ‘having ancient Joomla’ in place is a pretty bad look. Someone should be taken to task a bit for this. And if you’re a security and safety company with an understanding of information security threats you’d have threat management programs in place to identify and improve your controls.
For example, if you were undertaking actual security testing of your site I’d wager anyone in infosec – or in IT generally really – would’ve noticed the ancient CMS and its default install remnants using the crappiest, free-est tools out there. So respectfully, Rudy, get someone to patch your shit and seek out some kind of specialist advice.
Snarky comments aside – it really comes down to this greater concern: there’s literally millions of people in infosec who would be better cyber security advisors than Giuliani or whomever his technical advisors are that he’d call on for advice.
So I’d ask – again respectfully – that the president elect cast a slightly wider net than he has to receive ‘cyber’ security advice. As much as most people in infosec are a bunch of opinionated jerks (oh, and we are) we’re all here to help. Just ask a professional. First sign in knowing one? It’s the person who doesn’t use the word ‘cyber’ to prefix everything they say.