- Jun 3, 2002
Twitter commentary on #cybergrandpa pretty much sums up competence of Trump admin:The person or people who set up Giulianisecurity.com — which as of Friday afternoon is offline — made no effort to fortify the site from hackers and had not updated the software since it was downloaded in 2012, said Dan Tenter founder of security company Phobos Group. (This problem was first reported by Gizmodo.)
While on a plane from his mobile device, Tenter was able to pull up a browser and quickly see "read me" files that even the most basic web administrator would remove from view to make it harder for an attacker to compromise a website, he said.
"This is really, really, really basic — it barely even qualifies as security," he said. "Those files give you all the information you need to do nefarious things."
With such lax security, someone could easily compromise the site and set up a backdoor to infect visitors, or use this vulnerability to get access to Giuliani himself or his clients, said Tenter. (Giuliani Security could not immediately be reached for comment.)
"This is horrifying," he said. "This organization that bills itself as a security company has taken zero time to harden its own website."
Others agreed. "The list of vulnerabilities associated with Mr. Giuliani's website shows that he's got a bit of an uphill battle when it comes to convincing this community that he's the real deal," wrote Eric O'Neill, national security strategist for Carbon Black.
As the news spread following the announcement of Giuliani's new role on Thursday, #cybergrandpa trended on Twitter and software experts piled on the criticism of the website and Giuliani's cybersecurity credentials.