The website of America's new cyberczar — former New York Mayor Rudy Giuliani — is running on outdated, unprotected software that even the most basic attacker could breach, said security researchers.
The person or people who set up Giulianisecurity.com — which as of Friday afternoon is offline — made no effort to fortify the site from hackers and had not updated the software since it was downloaded in 2012, said Dan Tentler founder of security company Phobos Group. (This problem was first reported by Gizmodo.)
While on a plane from his mobile device, Tentler was able to pull up a browser and quickly see "read me" files that even the most basic web administrator would remove from view to make it harder for an attacker to compromise a website, he said.
"This is really, really, really basic — it barely even qualifies as security," he said. "Those files give you all the information you need to do nefarious things."
With such lax security, someone could easily compromise the site and set up a backdoor to infect visitors, or use this vulnerability to get access to Giuliani himself or his clients, said Tenter. (Giuliani Security could not immediately be reached for comment.)
"This is horrifying," he said. "This organization that bills itself as a security company has taken zero time to harden its own website."
Others agreed. "The list of vulnerabilities associated with Mr. Giuliani's website shows that he's got a bit of an uphill battle when it comes to convincing this community that he's the real deal," wrote Eric O'Neill, national security strategist for Carbon Black.
As the news spread following the announcement of Giuliani's new role on Thursday, #cybergrandpa trended on Twitter and software experts piled on the criticism of the website and Giuliani's cybersecurity credentials.
At least some people are bullish on Giuliani Security — the firm just partnered with Blackberry and worked with the 2016 Olympic Commission. In his role, Giuliani will be able to use his big name to tap top cybersecurity minds to advise the president.