President-elect Donald Trump has granted Rudy Giuliani, his boisterous and unwavering booster, a consolation prize: a role heading a cybersecurity advisory group.
The former New York City Mayor originally aspired to the rank of Secretary of State as part of Trump’s White House. Giuliani bowed out of the running last year when it became clear he would not land the one job he coveted. On Thursday, a day after the Senate pulled Rex Tillerson, former Exxon
CEO and Trump’s pick for the nation’s top ambassadorship, through the ringer at his confirmation hearing
, the transition team threw Giuliani a bone. He would be named—well, no title. But he would be “sharing his expertise and insight as a trusted friend”
on matters of cybersecurity.
Industry pros immediately called into question Giuliani’s digital defense chops, noting that the website advertising his own security and crisis management consultancy, Giuliani Partners, had glaring vulnerabilities. As various computer sleuths pointed out
, the site featured little in the way of fortification: an expired cryptographic certification, lack of encryption, an exposed remote login, outdated software and scripting languages, open server ports, and, yes, Adobe Flash, a notoriously insecure bit of software. The site may as well have been a honeypot for hackers. (As of the writing of this post, the website is no longer online
While it’s easy to call out “America’s Mayor” for the absurdity of the contradiction, the truth is, the findings mean little. Commenters have seized the opportunity to paint the incoming “cyberczar” as a neophyte. Poking fun at (and holes in) the carelessness of his website design is amusing, but beside the point. The assignment is, by all indications, obviously ceremonial. And besides, as Robert Graham, CEO, at Errata Security, wrote on his company blog
: “There’s nothing on Giuliani’s server worth hacking. The drama over his security, while an amazing joke, is actually meaningless.”
Appearing on Fox & Friends
, a Fox News
morning show, to reveal his appointment
, Giuliani took a moment to praise the Texan candor of Tillerson, his erstwhile rival for the State Department gig. Giuliani commended the ex-oilman’s testimony during his earlier confirmation hearing, paraphrasing him as saying, “We basically don’t have a cyber defense.”
Well, at least on that we can agree.
Welcome to the Cyber Saturday edition of Data Sheet,
daily tech newsletter.
Fortune reporter Robert Hackett here. You may reach
me via Twitter
(see OTR fingerprint on my about.me
), PGP encrypted email (see public key on my Keybase.io
, or however you (securely) prefer.
Knock, knock WhatsApp? A backdoor.A security researcher at the University of California, Berkeleydiscovered what privacy advocates havedescribed as a “backdoor” in the messaging service, potentially allowing governments and spies to access people’s communications. The vulnerability apparently lies in WhatsApp’s management of security keys when automatically resending undelivered messages. Aspokesperson for the company said the story’s claims are”false.” (
ShadowBrokers, brokenWindows.A group of hackers that hasbeen leaking NSA-linked hacking tools hascalled it quits. For months, theunknown entity, believed to to be Russian, had been running an attack code auctionbeforeoffering upa “final fuck you” on Thursday, as one of its memberswrote in a farewell note. The group dumped a complete backdoor kit targeting Microsoft’s Windows. ( Daily Beast
Microsoft tones down creepiness.The software giant is rolling out a series of changes to its Windows 10 operating system to make it more respectful of people’s privacy. Earlier, critics had panned the softwarefor hoovering up inordinateamounts of customer data withlittlein the way of warning. The new installation setup will debut first in an early build for beta testers, and next in abig Windows update this spring.(
Cellebrite ain’tcelebrating.Hackers reportedly stole 900 gigabytes of data from the phone-hacking firm Cellebrite. The Israeli companymade headlinesearly last year when rumors spread that it helped theFBI crack into an iPhone used by one of the San Bernardino shooters. In addition to having U.S. law enforcementcustomers, Cellebrite appears to sell its wares to regimes in Russia, the United Arab Emirates, and Turkey, the leaked info suggests.( Vice Motherboard
NSA rules loosen up.In itswaning days, theObama administration has loosened restrictions on NSA intelligence sharing. Nowgovernment intel agencies will be able tosift through raw NSA-collected data—including globally intercepted communications—without first applying privacy protections. Former NSA lawyer Susan Hennesey arguedthe now-finalized changewill make it more difficult for the incoming Trump administration to rewrite rules.(
New York Times
If you need me, I’ll be blowing off steamwith an ice cold shower beer
Share today’s Data Sheetwith a friend:
Looking for previous Data Sheets? Click here
‘s Mathew Ingram defends BuzzFeed’s decision to publish a spy-crafted dossier on President-elect Donald Trump.
The case against publishing amounts to arguing that journalists are the only ones who are qualified to see such allegations, and that only a handful of media organizations are entitled to make the decision about what is credible and what isn’t. Like it or not, that isn’t how journalism works any more. Information of all kinds emerges in a variety of ways, and then we all get to apply our critical intelligence to it—in public, in real time.
Read more on Fortune.com
Here’s How Google Is Stepping Up Cloud Security Again
, by Barb Darrow
Why a $500 Tax Break for Security Cameras Is a Bad Idea
, byJeff John Roberts
Ex-NSA Cyber Boss Named Fortinet’s FirstInfo Security Chief
, by Robert Hackett
Palantir’s Bet on Big Pharma
, byMichal Lev-Ram
Rex Tillerson Thinks the U.S. Should Maintain ‘Status Quo’ on Russian Sanctions
, by Madeline Farber
ONE MORE THING
RT for C-SPAN.Viewers tuning into an online feed of theHouse of Representatives on Thursday were surprised to see video from theRussian news network RT takingover the channel. C-SPAN said the issue was caused by an “internal routing error,” rather than a hack. The interruption lasted about 10 minutes. (