Former NY mayor Rudolph Giuliani has been in the security business since leaving the mayor’s job in 2001 and is now the cybersecurity czar for President Trump.
After he was nominated, security experts checked out his website.
The web site, GiulianiSecurity.com is a tad bit unsecure.
The site is built using Joomla, a low end content management system. That’s probably OK, EXCEPT that the version that they were running was released in 2012 – kind of like an antique in the software world. In the last four plus years Joomla has released many, many patches and new versions. None of them installed.
The site was also running a version of PHP that was released in 2013.
Within a few minutes experts were able to find 41 publicly known vulnerabilities and 19 publicly known exploits. Not a good show for a security company.
Also, the (HTTPS) SSL certificate was expired. Qualys Labs scored it with a grade of “F”.
The site went down for a few hours after the experts began scoping it out and supposedly came back up.
But today, it is down again.
Giuliani’s role in the Trump administration will be to come up with a strategy for companies to improve their cyber security. Trump has given him 90 days to come up with a plan. It will be very interesting to see what he comes up with.
According to Politico, this is a volunteer gig so he doesn’t fall under the ethics rules that apply to government employees. He is not resigning from his security company nor from the law firm of of Greenberg Traurig, where he chairs the global cybersecurity practice. In an interview Giuliani downplayed any conflict of interest. On the other hand, in an interview he acknowledged that some of the people that he introduces to Trump might be people he has business ties to.
Stay tuned for details in a few months.