Former New York City Mayor Rudolph W. Giuliani has been appointed as a cyber security advisor for the President-elect Donald Trump, but it appears that he never actually checked the security defenses of his own company’s website.
Giuliani is going to head a new Cybersecurity Working group for the President-elect, and "will be sharing his expertise and insight as a trusted friend concerning private sector cyber security problems and emerging solutions developing in the private sector," the Trump’s Transition Team announced Thursday.
Trump administration has appointed Giuliani after citing his 16 years of experience "providing security solutions in the private sector," but the news met online criticism with many users on Twitter asking:
‘What does the former New York mayor know about cyber security?’
As the news broke, online users started scanning his website "www.giulianisecurity.com" and found that the site for Giuliani Security & Safety is simply a disaster.
The site runs on an old version of Joomla! — a free, open-source content management system (CMS) — which is vulnerable to more than a dozen flaws.
The website also uses an outdated version of the script language PHP, uses an expired SSL certificate, runs over a 10-year-old version of FreeBSD OS server and even fails to follow other basic security practices.
According to Robert Graham of Errata Security, Giuliani did not build the site himself; instead he "contracted with some generic web designer to put up a simple page with just some basic content."
"There’s nothing on Giuliani’s server worth hacking. The drama over his security, while an amazing joke, is actually meaningless," Graham said in a blog post. "All this tells us is that Verio/NTT.net is a crappy hosting provider, not that Giuliani has done anything wrong."
Although it really doesn’t matter who has created the website, if you are in cyber security business to "help the government plan to make us more secure," such ignorance hardly inspires confidence in the expertise of that person.
Giuliani is the CEO of his own private-sector cybersecurity venture, Giuliani Partners, which is an international cyber security consulting firm that claims to offer "a comprehensive range of security and crisis management services."
What Giuliani Partners actually does is not known, because the company promotes its crime reduction successes in countries, but not its cybersecurity work.
The venture recently struck a deal with BlackBerry to provide companies and governments cyber security support by assessing infrastructures, identifying potential cyber security vulnerabilities, addressing gaps and securing endpoints "with the goal of offering another channel to bring customers to a new standard of security."
This clearly suggests that the company is doing something right.
Much details about Giuliani’s role in the Trump administration were not immediately available. We’ll update the story with new developments.