Donald Trump Running Insecure Email Servers (theregister.co.uk) 445
Donald Trump has slammed Hillary Clinton for using private email servers numerous times, but it turns out his inboxes aren't that secure either. From a report on The Register: Security researcher Kevin Beaumont discovered the Trump organization uses a hopelessly outdated and insecure internet setup. Servers on the Trump Organization's domain, TrumpOrg.com, are using outdated software, run Windows Server 2003 and the built-in Internet Information Server 6 web server. Microsoft cut off support for this technology in July 2015, leaving the systems unpatched for the last 15 months. In addition, Beaumont said he'd found that emails from the Trump Organization failed to support two-factor authentication. That's particularly bad because the Trump Organization's web-based email access page relies on an outdated March 2015 build of Microsoft Exchange 2007, he says. "Windows Server 2003, IIS 6 and Exchange 2003 went end of life years ago. There are no security fixes. They don't have basics down," the UK-based researcher concludes. Beaumont's findings are based simply on inspecting publicly available information rather than actively scanning for vulnerabilities or attempting to gain access to insecure systems, a point lost on Trump supporters who have reported him to the Feds.
Comment removed (Score:5, Insightful)
Re:But . . . (Score:5, Insightful)
Exactly. Thread closed.
Re: (Score:2)
Re: But . . . (Score:5, Informative)
Re: (Score:2)
As Sonny and Cher once sang, "the thread goes on..."
Re:But . . . (Score:4, Insightful)
It shows that he is at least as incompetent as she is. In fact it's part of a pattern of behaviour, where he claims to have the best people but it turns out to be untrue, e.g. Trump University.
It's also rather interesting that the Russians or whoever hacked the DNC looking to weaken their campaign, but didn't hack him even though they easily could have. Or more likely they did, but didn't release the stolen data.
Not uninteresting (Score:4, Insightful)
Exactly. Thread closed.
Just because he is not secretary of state does not mean that it's uninteresting that his e-mail servers are not secure.
It does bring up an interesting question: so, why are only DNC email being leaked? If the Trump servers are also insecure, why aren't we seeing leaks of them?
Re: (Score:2)
There maybe not be any documents on his server if someone so decides.
Re:But . . . (Score:5, Insightful)
Re: But . . . (Score:2)
He may still have hired the best people but did he license the best software? Apparently not.
Re: (Score:3)
This story puts the lie to that.
Does it? Or maybe he hired people who were smart enough to obfuscate the identity of a server by claiming it's something else. Or do you believe that neither were people trying to hack trump, nor could they figure out how to break IIS 6 on an obsolete unsupported OS? /Posted from Mosaic 2 running Windows 95. Honest.
Re:But . . . (Score:5, Insightful)
Sure, what would a multi-billion dollar organization need security for? That makes sense.
Re: (Score:3, Insightful)
Re: (Score:3, Informative)
Hillary was responsible for deaths at Beghazi.
How many hearings did the Republicans hold on this issue? They investigated it over and over. And they came up with nothing. If they had found anything they would have run with it. And yet here you are, still fucking that chicken.
Re: (Score:3)
Don't be silly. Russia's paid trolling agency is headquartered in St. Petersburg [nytimes.com], not Moscow.
Re:But . . . (Score:5, Insightful)
Exactly right. This article REEKS of whiny liberal finger pointing. When he's Secretary of State and hides an email server in his bathroom at his house, then you have a scandal. Kevin Beaumont comes off like a juvenile, as do the author and anyone citing this "article" as some kind of "gotcha" moment.
But liberals, who claim keeping a server in your bathroom closet when your the Secretary of State is a "non issue", will undoubtedly continue to show their hypocrisy with this.
Also (Score:3, Funny)
The man can't even hide his bald head. If there was anything juicy to leak, you'd think they'd have already leaked it by now because it's pretty clear that he has a server that anyone could've robbed ages ago.
If you want juicy Hillary quotes, you read her FBI files or the Podesta dump. If you want juicy Trump quotes, you can just read his damn Twitter feed.
Re: (Score:2)
Ah but the Putin State paid hackers (Fancy Bear) weren't unleashed on the Trump organization.
Yeah, it's SOOO hard to hack old IIS servers. (Score:5, Insightful)
Are you actually trying to make people here on Slashdot believe that it takes a state actor to hack an old IIS server?
Are you actually telling me that none of the people worried that Trump will start a nuclear war would be willing or able to dump the contents of an old IIS server if they could find anything juicy in there?
I bet someone already DID steal it and are having trouble finding anything more interesting than the stuff he puts on Twitter. I wonder if CNN will try to tell us that looking through a Trump dump is illegal if they ever get one?
Re: (Score:2)
He has been receiving security briefings. I have been hearing lots of people say that he's emailing himself details of all the fabulous tremendously important secret knowledge, you would not believe.
A kind of Godwin's law. . . (Score:2)
Trump is not the Secretary of State
So he automatically gets a free pass and is measured by lower standards? You must do a great job hiring people for your business. . .
Irregardless, saying our voting system is rigged without any credible evidence has invoked a kind of Godwin's law in my mind. . . For anyone who cares about our democracy, the primary goal at this point should be to make sure Trump loses by a large enough margin that any claim of a rigged election would be laughable.
Otherwise, these last couple months will seem like a VA
Re: (Score:2)
Guess you can tell your grandchildren that you were being a grammar Nazis when the Trump Nazis' took over. . .
Re: (Score:2)
Your link says the word is non-standard and suggests you use regardless instead.
Re: (Score:3)
Re:But . . . (Score:5, Insightful)
Trump is not the Secretary of State. He doesn't have the country's classified documents on his server.
Precisely! It's not like Trump has overridden the State Department and insisted in substituting their secure servers for his insecure ones. It just happens that his organization uses servers that it bought way back 12 years ago, and didn't consider it worthwhile getting onto the Microsoft upgrade treadmill. Can't say that I would fault them.
But they might do well to look into migrating to either Linux or one of the BSDs, so that this is not an issue going forward
Re: (Score:3)
you can't fault him/them??
seriously?
public facing email servers that run OLD MS software and its 'not a big deal'?
what planet do you live on? because here on earth, it IS a big deal.
it shows he does not care (his people, that is) or they are short-changed funding (that's worth noting) and attention to detail is not something his org values (also worth noting).
all this matters. its a statement about his management and what his people (that he hires) care about; or even worse, are ABLE to understand enough
Re: (Score:2)
you can't fault him/them??
seriously?
public facing email servers that run OLD MS software and its 'not a big deal'?
what planet do you live on? because here on earth, it IS a big deal.
it shows he does not care (his people, that is) or they are short-changed funding (that's worth noting) and attention to detail is not something his org values (also worth noting).
all this matters. its a statement about his management and what his people (that he hires) care about; or even worse, are ABLE to understand enough to care about.
the guy has more money than anyone would ever need, and yet he cheaps out on software updates on PUBLIC FACING SERVERS.
stupid. beyond stupid. its actually reckless.
NOT THE KIND OF GUY I WANT RUNNING MY COUNTRY.
yes, this detail does matter. especially when he's so fond of throwing dirt on other peoples' mistakes.
Of course I don't fault them. You are looking at it as a techie - someone who knows plenty about server OSs. His staff may not be that type at all. They may have thought - okay, we paid $$$ for this server in 2003, and it's still working fine for our emails, web server and so on, so why change? You're assuming a lot about what they know, and then projecting your biases against him and staff.
And GP is right. He's not running the State Department. Private citizens or businesses are at full liberty to
Re: (Score:2)
Precisely! It's not like Trump has overridden the State Department and insisted in substituting their secure servers for his insecure ones.
No-one is pretending that Trump's email is as important as the Secretary of State, but it makes his claims a little weak when he is guilty of similar things.
Re: (Score:2)
Additionally it's not illegal for Trump to run a private e-mail server, let alone a bad one. The media is glossing over a lot of the facts lately. It's sad that FoxNews has actually become 'fair and balanced' and for GOP-slanted news you have to go over to something like Infowars.
Re: But . . . (Score:3)
Re: (Score:3)
Re:But . . . (Score:5, Informative)
As if the Secretary of State even had access to the truly classified documents...
Yes, the SoS does have access to such. And is regularly briefed on stuff that's much, much more sensitive than merely "classified." The person holding that job is on the short list of people in line for the presidency if a small number of particularly bad things happen.
The documents Clinton had slopping around on her home computer included things that were considered so sensitive that the intel community insisted not on merely having the contents redacted, but on the documents not even being abstractly described (in terms of dates, to/from info, let alone the actual content).
Re:But . . . (Score:5, Insightful)
House Chairman on the intelligence committee has a very high clearance and there were many of the documents that even he wasn't cleared for. The fact that she had highly classified material on the private server is indisputable. The only dispute is whether it was a crime or not. Basically the FBI accepted her explanation that she's an idiot and I have to agree, she is. Arrogance is it's own kind of stupidity.
Re: (Score:3)
I know how they work. He stated that he didn't have a "high enough clearance" to read the damn things. I don't know what it was or what classification it was as he couldn't even really talk about what little they let him know about it. Evidently Mrs. Clinton didn't know how they work. I expect her briefing got pencil whipped.
Re: (Score:2)
They stated that they didn't think she "intended" to break the law. If you want to have some fun try that defense if you ever get arrested. Let me know how that works for you.
Re: (Score:2)
You seem to think that Hilliary is like us nothings. Let me explain so that even an AC like you can understand. People like Hilliary, and for those partisan liberals out there I will include Dick Cheney, are not the same as us. They are our betters. Elite and enlightened people who are special and not subject to such mundane things as laws. Try to understand that you have no right to question or object to these superior individuals.
Re: (Score:2)
http://www.politifact.com/truth-o-meter/statements/2016/oct/18/donald-trump/fbi-director-james-comey-says-donald-trump-has-it-/
Petraeus deliberately leaked material even more sensitive than Manning did, but not as a whistleblower exposing crimes, instead as an outright criminal with the motive of getting laid by a journalist. No jail for him. No jail for Hillary's mistakes in procedure either (or Powell,
Re: (Score:2)
The worst part is that a former 4-star general just pled guilty to lying to the FBI when he was being investigated for possibly leaking classified information.
TANJ.
Re:You Trump supporters and your damn facts (Score:5, Informative)
So what if he is just a private citizen and doesn't even have access to (supposedly) secure government servers.
Nobody is expecting him to be using servers audited and monitored by the NSA.
They expect him to be using servers that aren't running EOL versions of Windows 2003. Because, in Trump's own word's...
"Iâ(TM)m going to surround myself only with the best and most serious people. We want top of the line professionals."
I
Re: (Score:2)
Re: (Score:3)
I'd get a laugh if Trump's IT people did it on purpose, trolling for a sucker that thinks he's an easy target. What better way to get some fool to download and open a doc, and unleash a trojan horse.
Re: (Score:2)
..but the only thing that trump has openly admitted to that will be his policy is tax breaks for the rich and corporations!
As much as I dislike Trump ... (Score:5, Insightful)
These allegations are different from the Clinton allegations. They point to possible incompetence in maintaining a private email system, in contrast to allegations of violating govenment policies and regulations regarding a government official. Had Trump done something like this while working in government rather than campaigning for office, the allegations would hold more weight.
Re: (Score:2)
The character flaw is being discussed not the overdone issue of a fuckup with email procedure that Hillary, Powell, Rice and many others saw as beneath their notice (also a character flaw - one Trump shares - rules for the workers don't apply to the boss).
Re: (Score:2)
Re: (Score:2)
Ha! Yeah, if there's one thing I know, it's that The Classy And Luxurious Donald Trump(tm) would never try to monetize the office of President Of The United States. No, no, his sole motivation in this and everything else he does is to help people, not build a "personal brand", whatever that even means. That's what he is, he's just a big helper. We should call him President Helper. But, don't worry, because even if he doesn't get elected you'll still be able to watch him help people every day on The Cla
Re: (Score:2)
Did you actually have a point, or an argument, or a logical argument besides "I don't like Trump"? Budding Cicero, you are.
On the one hand we have Hillary trading uranium rights for CGI donations, and on the other we have... well. you don't like Trump. Do you have a college degree? Ask for your money back.
Re: (Score:2)
Don't get angry at me man, I'm agreeing with you that Trump would never try to monetize the job. You made a fantastic point there which is obviously based in reality and backed up by all of the behavior we've witnessed from Donald J. Trump over the past 30 or 40 years (video evidence of Donald Trump helping someone [youtube.com]), and as you can clearly see from my comment I am agreeing with you. I'm not mocking it in any way. Just spitballing here.
On the one hand we have Hillary trading uranium rights for CGI donations, and on the other we have... well. you don't like Trump. Do you have a college degree? Ask for your money back.
Let me guess. You're actually planning on casting a vote for one of t
Re: (Score:2)
Re: (Score:2)
Voting for the (R) or the (D), especially when both of them are downright horrible candidates, only ensures that we'll have more of the same into the future.
To put it another way, "Don't blame me, I voted for Kodos."
Re: (Score:2)
Re: (Score:3)
If his team can't do the job now, why would we expect them to do any better if they get elected
Because "his team" isn't going to be the people running the elaborately secure IT infrastructure that protects internal/secure communications at the White House. Which you know. So what's your point, exactly, other than spreading FUD?
Re: (Score:2)
Hopefully he'll have the good sense to use the White House IT staff for his government email in the unlikely event he's elected. Mrs. Clinton didn't avail herself of the professional IT available to her because she wanted control over her email since she was conducting business and personal as one.
Re: (Score:2)
> If his team can't do the job now, why would we expect them to do any better if they get elected?
Well, normally one would expect government IT to set up and archive his email, rather than having him use a secret, private email.
But it's rather interesting that you think the president should be keeping private records of their work email....
Re: (Score:2)
Re:As much as I dislike Trump ... (Score:5, Informative)
Got it.
Re:As much as I dislike Trump ... (Score:5, Insightful)
And yet time and again Clinton is used to point out this or that even though he hasn't been president for well over a decade.
Make your mind up. If the lies and criminal acts of Bush and Cheney can't be used in a discussion than neither can Bill Clinton.
And no, crimes of past president's are not irrelevant. They are very relevant since they show the hypocrisy of people who will excuse those crimes but suddenly become appalled when someone else does the exact same thing. If you didn't consider it a crime then you can't consider it a crime now.
You can't have it both ways hypocrite.
Re: (Score:3)
Re:As much as I dislike Trump ... (Score:4, Insightful)
When someone points out Hillary's crimes there is always someone that pops up with "well Bush did this" or Cheney did that...the crimes of past presidents are irrelevant to discussion. We're talking about Hillary being a criminal, stay on topic
Except in law it does matter, because the law has to be consistent. So if want to convict Hillary, you'll also have to line up Colin Powell, Condi Rice, and George W Bush.
The simple fact is everyone did it, including Trump, which is why it's a non-issue. You can't convict them all.
Re: (Score:2)
And most commentators describe her email server as 'insecure' not because it *was* insecure, but because it wasn't an official Department of State server. It may have been, but I have some skill in managing email servers, not enough to trust myself installing and managing one that would be assured of attack by state-level actors, and I doubt I could get up to speed to do so in a month. I also would trust only those who had specific experience, and PRN is not one of those.
In fact, not using a DoS server is
Re: As much as I dislike Trump ... (Score:2)
Like a cloth? For wiping servers?
Re: (Score:2)
I think even the most sheltered elite has a passing knowledge of hammers and their uses. I'd be shocked to see her wield one as I'm sure she has peons to do that.
Re: (Score:2)
Except the White House/State Department told her she could set up her own server.
No, they did not. You are lying, on behalf of the serially lying candidate you mysteriously want to support.
There isn't a single record of her asking State's security/IT people if she could use her own server. They are on record saying that if they had ever been asked, they would have emphatically refused to support such a foolish strategy. Her own staff at State and the IT people there went on record many times saying how much they thought she needed to avoid what she did, and there are memos from thei
Re: (Score:2)
Further: she was required to turn over all of her records on the day she left office, allowing the State archivists to decide what was personal and what was the property of the public. She chose not to do that, and when ultimately subpoen
Re:As much as I dislike Trump ... (Score:5, Insightful)
Except the White House/State Department told her she could set up her own server.
And the fact that past administrations did the same damn thing. Shit, I still want those 22 million Bush era emails back.Nay, the email situation, the Benghazi attacks (another right wing hack job) stems from decades of mismanagement and unfortunately the old saying holds true: "Here is the new boss, who is the same as the old boss".
I would take the Clinton email situation a little more seriously if The Congress didn't target her specifically to take down and give previous administrations free passes. Seriously, Clinton is a result of what the "oversight" committees have let run loose and wild for decades. The entire point of the three branches of government were controls and oversights, so we have 13 embassy attacks with 60 dead prior to Benghazi, ZERO, ZERO investigations or people held accountable, status-quo oh well, more peons where they came from. We have the Bush administration using RNC servers for government correspondence to avoid FOI too and contrary to what you all may believe, the RNC is not the government, it is simply a political organization (you can start one too if you wanted!), nothing done or said, no one held accountable.
If you think Trump is an outsider and will not fall victim to the above you would be mistaken; Trump did not get to where he is without rubbing elbows with the political and financial elite; I mean shit, Trump by his own admissions is one of the financial elite as he says he is worth billions of dollars (definitely got a taxpayer bail out, by not paying nearly a billion dollars in taxes, sounds like an elitist to me). If we have learned anything over the last decade and a half (thank you Mr. Snowden) that the elite think they can do whatever they want. Trump is a prime example of this (as is Clinton).
Trump also claims that he is the best at everything because he hires the best people; this email server may contain nothing that can be used against Trump (whether publicly of privately), but it does show a lack of critical thinking. Out of one side of his mouth he is taking Hillary to task about her insecure email environment that was compromised with sensitive material on it, and the other side of his mouth he is so arrogant he has not even tried to clean his own house...
Bottom line: If Trump gets in, we are totally and utterly fucked, if Hillary gets in, we are a lot less fucked, but still fucked...
Reach around anyone?
Far be it for me to defend the moron... (Score:3, Insightful)
Re: (Score:3)
Re: (Score:2)
Trump has very typical email servers. *yawn*
I've seen banks with the same shit.
trumporg.com? (Score:5, Funny)
He couldn't decide between getting an .org or a .com domain, so he took trumporg.com?
Anyway, trumpcom.org is still available if someone has an idea of something to do with it...
$ whois trumpcom.org
NOT FOUND
>>> Last update of WHOIS database: 2016-10-19T23:47:43Z
Re:trumporg.com? (Score:4, Insightful)
He couldn't decide between getting an .org or a .com domain, so he took trumporg.com?
He is involved in several hundred business ventures and holdings. Collectively, those companies are and have for a long time been referred to as "The Trump Organization." And it's a business, so a .com domain of a shortened version of his company's familiar name makes sense. All of which you know, so the question is why you're pretending to be dumb so you can toss out some lame, faux-misinformed ridicule in hopes of scoring a couple of pointless points with low information readers.
Classified documents. (Score:3)
The cyber (Score:2)
Re: (Score:2)
>> Does anyone really expect technical competence from
Dude of course not, but it doesn't matter, that's common-or-garden technical expertise that he could and should hire, rather than learn himself. Its not like Trump is ever going to be wasting time configuring/administering his own server, just like he's not going to be repairing his own cars.
Whatever incompetent muppet is being paid to set up/run that shit for him should be pretty fucking embarrassed though. If I was Trump I'd have already fired th
Private sector (Score:2)
Do US brands really want yet more US gov inside their networks?
In the US political orgs still have the freedom to run any hardware and software they want.
Its the US gov workers who actually have to be security aware.
"Penguins for President?" "Web server/platform combinations 2004 presidential candidates "
http://www.linuxjournal.com/ar... [linuxjournal.com]
In the US you still have the party political freedom to run a political campaign.
Linux, Microsoft, Apache, Free
Two factor authentication? (Score:2)
"...he'd found that emails from the Trump Organization failed to support two-factor authentication..."
How does an email support two factor authentication?
Re: (Score:2)
If you have to ask you don't understand it.
Re: (Score:2)
Webmail, as in a site to get your email, can support two-factor authentication. But the summary says that emails failed to support two-factor authentication. Email, by itself, doesn't have any authentication, single or two factor.
Are they asking to be hacked? (Score:4, Informative)
Seems like they just put out a call to be hacked:
The Trump Organisation responded to Beaumont’s criticism by putting out a statement to the media saying that its web setup is shielded behind a firewall.
The Trump Organization deploys best in class firewall and anti-vulnerability technology with constant 24/7 monitoring. Our infrastructure is vast and leverages multiple platforms which are consistently monitored and upgraded using current cyber security best practices.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
you're funny, I've seen medical and bank systems just like Trump's
Apples and Oranges (Score:2)
I'm no Trump fan, but there are many reasons why him running insecure servers for his current business isn't even close to Clinton running insecure servers when she was Secretary of State.
What are the chances? (Score:2)
What are the chances that all that org's e-mail is public by tomorrow morning?
Pretty good I'd think. Lots of hacker types around who read. Wouldn't take much to crack that box.
As a SE, if the contract fell my way, I'd have them completely offline for an upgrade on an emergency basis. Let the mail backup on the secondary- assuming his admin is smart enough to have done it right.
I'd bet dinner with a friend they are cracked by morning. If Trump had a decent IT staff they would not be in this condition.
This changes the hacks (Score:5, Interesting)
So this certainly puts a different spin on the DNC and Clinton email hacks. It certainly looks more and more like they were politically motivated. A curious child could hack this setup and yet there has been no release of documents from the Trump campaign's email servers. If it truly was about just sharing information, why would they not attack both sides? The longer it goes, the more it looks like someone (or someones) is purposely trying to influence the election with the hacks and leaks. If Wikileaks was really about just releasing information, why would they be slowly releasing the hacked emails over time before the election instead of just releasing them all at once? IT's not like the scrub person information from them, so what is the purpose of slowly dishing them out if not to keep it in the news and influence people?
Old =/= Insecure (Score:2)
Mathematics is either flawed or not; math doesn't tarnish or rust or break. It was either secure to begin with, or insecure all along. The only difference is that if it's insecure and new there's a chance no one knows the flaw yet and perhaps you fix it before anyone finds it. But it could be secured (eg by sufficiently advanced firewall rules), and if it's secure it's secure. On that note, I wouldn't mind reading the Trump emails if anyone has them. I'd bet either Wikileaks or the New York Times would be w
Blame (Score:2)
Is Netcraft's report accurate? (Score:2)
Obligatory Jack Nicholson as the Joker clip (Score:2)
Re:Let's repeat it again, Hillary fans... (Score:4, Interesting)
Donald Trump is being given national security briefings, so who knows?
Re: (Score:2)
Donald Trump is being given national security briefings, so who knows?
You sound like you do. What do you know?
And what do you know about how Hillary Clinton is currently handling her private email, right now? Because she's also a private citizen at the moment, and is ALSO receiving those briefings. And we see that her and her organization and her party's very cozy relationship with it are all leaking their emails like running water. So why aren't you dishing out some snark in that direction, where there's actual evidence of foreign parties poking around and coming up with
Re: (Score:2)
I doubt they email the briefings to him.
Seriously,
Re: (Score:2)
You think they want to be in the same room with him? They probably just leave some NY Daily News clippings on his doorstep, ring the bell and run away.
Re: (Score:2)
Trump isn't the Secretary of State and don't handle classifieds documents.
UNDERSTOOD ?
Yes, I understand that Trump "don't handle classifieds documents". Thanks for the clarification.
Trump also doesn't use email (Score:2)
Trump also doesn't use email. Like, at all.
Re: (Score:2)
Trump isn't the Secretary of State and don't handle classifieds documents. UNDERSTOOD ?
I'm not generally a grammar nazi, but seeing a Trump supporter post like this is pretty damn funny.
Re: (Score:2)
UNDERSTOOD?
Re: (Score:2)
He's going for the big job and who knows what he has on that server that could undermine him and the United States when he's in office. It also demonstrates how unsuitable he is for the job if he's doing the very thing he's been attacking his opponent over ad nauseam.
UNDERSTOOD ?
Re: (Score:2)
Since when is Trump handling highly classified information that should be part of public record through personal accounts in order to hide bribery?
Re: (Score:2)
Don't see that electoral math has fuck-all to do with who would, if elected, be more likely to nuke someone.
Re: (Score:2)
Going right into the frying pan, huge targets right on the border to the south and the North Warning Radar System stations are along the north and its costal radar to your east and west. It'll be like Dolby Surround Sound for you, but with nuclear fireballs.