"Secure" Trump website defaced by hacker claiming to be from Iraq
Source: Ars Technica
Someone calling themselves "Pro_Mast3r" managed to deface a server associated with President Donald Trump's presidential campaign fundraising on Sunday, The server, secure2.donaldjtrump.com, is behind Cloudflare's content management and security platform, and does not appear to be directly linked from the Trump Pence campaign's home page. But it does appear to be an actual Trump campaign serverits certificate is legitimate, but a reference to an image on another site is insecure, prompting a warning on Chrome and Firefox that the connection is not secure.
The page, now displaying an image of a man in a fedora, displays the following text:
Hacked By Pro_Mast3r
Attacker Gov
Nothing Is Impossible
Peace From Iraq
The source code contains a link to javascript on a now-nonexistent Google Code account, masterendi, previously associated with the hacking of at least three other websites. As Italian IT journalist Paolo Attivissimo pointed out, an archive of the script shows it to be a snow animation script, not malware.
Read more: https://arstechnica.com/security/2017/02/secure-trump-website-defaced-by-hacker-claiming-to-be-from-iraq/
Image of the hack:
The server - http://secure2.donaldjtrump.com/ -was still offline at time of posting. Trump's other servers are still operational.
Which all goes to prove that bragging about your yuuuge abilities to counter hackers is just waving a red rag at a bull.
http://www.politico.com/tipsheets/morning-cybersecurity/2017/02/trump-claims-credit-for-rnc-computer-security-218809
Meanwhile, Trump is still using his old, unsecured phone for some communications, possibly the one he was using when his Twitter account was hacked in 2013, his "cyber tsar" Giuliani was one of 14 Trump staffers who had their passwords leaked during 2012-2016, and Giuliani's own commercial website is rumored to be far from secure ...
George II
(67,782 posts)ProudLib72
(17,984 posts)LOCK HIM UP! tRUMP FOR PRISON 2017!
turbinetree
(24,703 posts)were are these two ass***es-----------------
We did not forget ass****s, no we have not
Denzil_DC
(7,246 posts)Last edited Mon Feb 20, 2017, 10:25 AM - Edit history (1)
Trump's cyber-guru Giuliani runs ancient 'easily hackable website'...
Giulianisecurity.com, the website for the ex-mayor's eponymous infosec consultancy firm, is powered by a roughly five-year-old build of Joomla! that is packed with vulnerabilities. Some of those bugs can be potentially exploited by miscreants using basic SQL injection techniques to compromise the server.
This seemingly insecure system also has a surprising number of network ports open from MySQL and anonymous LDAP to a very out-of-date OpenSSH 4.7 that was released in 2007. It also runs a rather old version of FreeBSD.
Security gurus are right now tearing strips off Trump's cyber-wizard pick. Top hacker Dan Tentler was first to point out the severely out-of-date Joomla! install.
"It speaks volumes," Tentler told The Register, referring to Giuliani's computer security credentials, or lack of, and fitness for the top post. "Seventy-year-old luddite autocrats who often brag about not using technology are somehow put in charge of technology: it's like setting our country on fire and giving every extranational hacker a roman candle or, rather, not setting on fire, but dousing in gasoline."
http://www.theregister.co.uk/2017/01/13/giuliani_joomla_outdated_site/
BumRushDaShow
(129,182 posts)I noticed that Ghouliani suddenly disappeared and went silent.
zentrum
(9,865 posts)...from Iraq (i.e. "terrorists" so called) helps the Rump agenda of demonizing Islam, more than it helps us unmask him as incompetent.
This hack plays into his "be-very-afraid-the-Muslims-coming!" rhetoric.
Couldn't they just hack him and not tie it to a banned Muslim country?
Honeycombe8
(37,648 posts)Doesn't have to be a Muslim or anyone meaning real harm. The hacker didn't do anything other than temporarily hack the site.
Or it could be from someone in Kansas. Can't tell.
Pretty sure it's not from Russia.
Denzil_DC
(7,246 posts)I haven't posted it here, because the hacker deleted the Tweet in which he earlier claimed responsibility for it, so I see no reason to compound his foolishness (plus it might fall foul of DU's TOS).
He's not a big player, and yes, this isn't a major hack, just a temporary defacement, but it does show the dangers of hubris, especially where cybersecurity's concerned - a hacker just has to get lucky once, those running the sites have to remain lucky all the time. Future hacks could be a lot more serious
Honeycombe8
(37,648 posts)LenaBaby61
(6,976 posts)That's exactly what I was thinking.
That nazi bannon would think nothing about telling that ignorant ass clown tRumputin to start a war "somewhere," or tell him to really ratchet up his anti-Muslim rhetoric over something like this
zentrum
(9,865 posts)...for war. He's more insane than Orange because he's fine with being maniacal.
Chicago1980
(1,968 posts)BumRushDaShow
(129,182 posts)Eugene
(61,914 posts)Now he'll deny saying that.
Achilleaze
(15,543 posts)Republicans and their Tax-&-Draft-Dodging Genital Grabber should stop lying to honest American citizens. Now.