Donald Trump running insecure email servers

But he's got a yuge firewall, folks... the best kind of firewall


US presidential candidate Donald Trump’s criticism of rival Hillary Clinton's use of a private email server while Secretary of State appeared to have rebounded on him.

Security researcher Kevin Beaumont discovered the Trump organisation uses a hopelessly outdated and insecure internet setup.

Servers on the Trump Organization's domain, TrumpOrg.com, are using outdated software, run Windows Server 2003 and the built-in Internet Information Server 6 web server. Microsoft cut off support for this technology in July 2015, leaving the systems unpatched for the last 15 months.

In addition, Beaumont said he'd found that emails from the Trump Organization failed to support two-factor authentication. That’s particularly bad because the Trump Organization's web-based email access page relies on an outdated March 2015 build of Microsoft Exchange 2007, he says. “Windows Server 2003, IIS 6 and Exchange 2003 went end of life years ago. There are no security fixes. They don't have basics down,” the UK based researcher concludes.

Beaumont’s findings are based simply on inspecting publicly available information rather than actively scanning for vulnerabilities or attempting to gain access to insecure systems, a point lost on Trump supporters who have reported him to the Feds.

The Trump Organisation responded to Beaumont’s criticism by putting out a statement to the media saying that its web setup is shielded behind a firewall.

The Trump Organization deploys best in class firewall and anti-vulnerability technology with constant 24/7 monitoring. Our infrastructure is vast and leverages multiple platforms which are consistently monitored and upgraded using current cyber security best practices.

Beaumont dismissed this line of defence as hopelessly weak. “That's a bit like saying it's okay to install WordPress and leave it unpatched forever because there's a firewall,” the researcher said on Twitter before satirising the stance.

The email server issue follows a Trump campaign cloud-based server config snafu that left interns' CVs exposed that surfaced last month. ®


Keep Reading

Microsoft confirms pursuit of TikTok after Satya Nadella chats to Donald Trump

‘Appreciates President Trump’s personal involvement’ and promises so much security, you’ll be tired of securing

Dutch officials say Donald Trump really did protect his Twitter account with MAGA2020! password

And no, we’re not going to prosecute the bloke who found out

Donald Trump thought-bubbles an Alibaba ban as Chinese clouds clam up about Clean Cloud plan

President says ‘other’ Chinese companies could feel the ban-hammer

Three middle-aged Dutch hackers slipped into Donald Trump's Twitter account days before 2016 US election

The Orange One was using a password breached four years previously

Former HP CEO and Republican Meg Whitman – who split HP with mixed success – says Donald Trump can't run a business

Vows to vote for Democrat Joe Biden instead - as will ex-HP chief Carly Fiorina

Trump administration says Russia behind SolarWinds hack. Trump himself begs to differ

Microsoft’s analysis of hack suggests someone else had a crack at SolarWinds in 2019 when next-level 'DLL hell' followed likely developer pipeline compromise

One man is standing up to Donald Trump's ban on US chip tech going to Huawei. That man... is Donald Trump

President slams his own administration's 'ridiculous' China crackdown

After Dutch bloke claims he hacked Trump's Twitter by guessing password, web biz says there's 'no evidence'

It's saying something when it's easy to believe the US President's passphrase was maga2020!

Biting the hand that feeds IT © 1998–2021