Security researcher Kevin Beaumont had a look at the mail servers operated by the Trump organization and found a veritable dumpster fire: systems running Windows 2003 (!), unpatched, badly configured.
Beaumont didn’t attempt to penetrate these systems, but they sound ripe for the picking.
Trump and Clinton have traded barbs about their relative information security nous, with Trump describing information security’s alpha and omega as his “10 year old son” and “400 pound guys.”
According to Microsoft’s official website, “Microsoft will no longer issue security updates for any version of Windows Server 2003. If you are still running Windows Server 2003 in your datacenter, you need to take steps now to plan and execute a migration strategy to protect your infrastructure.” Microsoft ended support for that operating system in July 2015.
“It’s rather worse than just using an out of date OS that can’t be kept up to date with security patches as vulnerabilities are discovered,” Professor Alan Woodward, visiting professor at the University of Surrey’s Department of Computer Science, told Motherboard in a Twitter message. “The configuration of the server appears to be somewhat less than ideal.”
Quick update on Trump corp email servers – all internet accessible, single factor auth, no MDM, Win2003, no security patching. pic.twitter.com/nIMTa9UmdL
— Kevin Beaumont (@GossiTheDog) October 17, 2016
Trump Is Running Some Really Insecure Email Servers
[Joseph Cox/Motherboard]