Trump's cyber-guru Giuliani runs ancient 'easily hackable website'

US president-elect Donald Trump's freshly minted cyber-tsar Rudy Giuliani runs a website with a content management system years out of date and potentially utterly hackable.

Former New York City mayor and Donald loyalist Giuliani was today unveiled by Trump's transition team as the future president's cybersecurity adviser – meaning Giuliani will play a crucial role in the defense of America's computer infrastructure.

Giulianisecurity.com, the website for the ex-mayor's eponymous infosec consultancy firm, is powered by a roughly five-year-old build of Joomla! that is packed with vulnerabilities. Some of those bugs can be potentially exploited by miscreants using basic SQL injection techniques to compromise the server.

This seemingly insecure system also has a surprising number of network ports open – from MySQL and anonymous LDAP to a very out-of-date OpenSSH 4.7 that was released in 2007.

Security gurus are right now tearing strips off Trump's cyber-wizard pick. Top hacker Dan Tentler was first to point out the severely out-of-date Joomla! install.

...

"You can probably break into Giuliani's server," said Robert Graham of Errata Security. "I know this because other FreeBSD servers in the same data center have already been broken into, tagged by hackers, or are now serving viruses.

"But that doesn't matter. There's nothing on Giuliani's server worth hacking."

http://www.theregister.co.uk/2017/01/13/giuliani_joomla_outdated_site/