Trump's newly appointed cyber security advisor runs chronically insecure website

Giuliani's company offers security consulting from website run on out-of-date FreeBSD operating system and old Joomla CMS

US president-elect Donald Trump has appointed former New York mayor Rudy Giuliani as his special advisor on cyber security.

But within hours of his appointment, security experts were pointing out the glaring insecurities in Giuliani's own security company website, including the use of old, unpatched software, the lack of a firewall and multiple open ports.

Giuliani, a lawyer who graduated from the New York University School of Law, was elected the 107^th Mayor of New York City in January 1994 and served two terms until the end of December 2001.

Since 2002, his company Giuliani Partners has offered security consulting under the Giuliani Security & Safety subsidiary while, at the same time Giuliani also opened a legal practice in Manhattan.

But security specialists were quick to appraise the security of Giuliani's own website - finding it wanting in many basic respects. It runs an old copy of the Joomla open-source content management system on a copy of FreeBSD that was released in 2008. It uses an end-of-life version of PHP, has no firewall and lots of open ports.

Furthermore, its SSL certificate has expired and, perhaps most heinous of all, it runs Adobe Flash.

"Oh yeah, I totally trust this guy to put together a top notch team to protect us from hackers," commented Aquent senior developer Michael Fienen.

Speaking to Motherboard, though, a Giuliani executive suggested that the company's security focus was legal, rather than technical, and aimed at helping the CEO not get fired over security, rather than preventing security breaches.

"If you hired them on a cyber engagement, they are going to tell you what your legal obligations are and how to manage the legal risk related to cyber," the anonymous executive told Motherboard. "Basically, not to prevent a Target [breach], but how to prevent a Target CEO [from] being fired."

On the company's website, it claims: "Giuliani Security & Safety offers corporations, individuals, and governments a comprehensive range of security and crisis management services.

"The firm's domestic and international experts possess a broad range of experience in law enforcement, crisis management, life safety, intelligence gathering, internal investigations, forensic accounting, and security design and architecture."

However, it's unclear for whom the company provides services, especially as its own security would appear to be sorely lacking.