Rudy (Giuliani) can't fail

By Robert Hackett
January 14, 2017

President-elect Donald Trump has granted Rudy Giuliani, his boisterous and unwavering booster, a consolation prize: a role heading a cybersecurity advisory group.

The former New York City Mayor originally aspired to the rank of Secretary of State as part of Trump’s White House. Giuliani bowed out of the running last year when it became clear he would not land the one job he coveted. On Thursday, a day after the Senate pulled Rex Tillerson, former Exxon CEO and Trump’s pick for the nation’s top ambassadorship, through the ringer at his confirmation hearing, the transition team threw Giuliani a bone. He would be named—well, no title. But he would be “sharing his expertise and insight as a trusted friend” on matters of cybersecurity.

Industry pros immediately called into question Giuliani’s digital defense chops, noting that the website advertising his own security and crisis management consultancy, Giuliani Partners, had glaring vulnerabilities. As various computer sleuths pointed out, the site featured little in the way of fortification: an expired cryptographic certification, lack of encryption, an exposed remote login, outdated software and scripting languages, open server ports, and, yes, Adobe Flash, a notoriously insecure bit of software. The site may as well have been a honeypot for hackers. (As of the writing of this post, the website is no longer online.)

While it’s easy to call out “America’s Mayor” for the absurdity of the contradiction, the truth is, the findings mean little. Commenters have seized the opportunity to paint the incoming “cyberczar” as a neophyte. Poking fun at (and holes in) the carelessness of his website design is amusing, but beside the point. The assignment is, by all indications, obviously ceremonial. And besides, as Robert Graham, CEO, at Errata Security, wrote on his company blog: “There’s nothing on Giuliani’s server worth hacking. The drama over his security, while an amazing joke, is actually meaningless.”

Appearing on Fox & Friends, a Fox News morning show, to reveal his appointment, Giuliani took a moment to praise the Texan candor of Tillerson, his erstwhile rival for the State Department gig. Giuliani commended the ex-oilman’s testimony during his earlier confirmation hearing, paraphrasing him as saying, “We basically don’t have a cyber defense.”

Well, at least on that we can agree.

Robert Hackett

@rhhackett

robert.hackett@fortune.com

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach me via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.


THREATS

*Knock, knock* WhatsApp? A backdoor. A security researcher at the University of California, Berkeley discovered what privacy advocates have described as a “backdoor” in the messaging service, potentially allowing governments and spies to access people’s communications. The vulnerability apparently lies in WhatsApp’s management of security keys when automatically resending undelivered messages. A spokesperson for the company said the story’s claims are “false.” (Guardian, Fortune)

ShadowBrokers, broken Windows. A group of hackers that has been leaking NSA-linked hacking tools has called it quits. For months, the unknown entity, believed to to be Russian, had been running an attack code auction before offering up a “final fuck you” on Thursday, as one of its members wrote in a farewell note. The group dumped a complete backdoor kit targeting Microsoft’s Windows. (Daily Beast)

Microsoft tones down creepiness. The software giant is rolling out a series of changes to its Windows 10 operating system to make it more respectful of people’s privacy. Earlier, critics had panned the software for hoovering up inordinate amounts of customer data with little in the way of warning. The new installation setup will debut first in an early build for beta testers, and next in a big Windows update this spring. (Fortune)

Cellebrite ain’t celebrating. Hackers reportedly stole 900 gigabytes of data from the phone-hacking firm Cellebrite. The Israeli company made headlines early last year when rumors spread that it helped the FBI crack into an iPhone used by one of the San Bernardino shooters. In addition to having U.S. law enforcement customers, Cellebrite appears to sell its wares to regimes in Russia, the United Arab Emirates, and Turkey, the leaked info suggests. (Vice Motherboard)

NSA rules loosen up. In its waning days, the Obama administration has loosened restrictions on NSA intelligence sharing. Now government intel agencies will be able to sift through raw NSA-collected data—including globally intercepted communications—without first applying privacy protections. Former NSA lawyer Susan Hennesey argued the now-finalized change will make it more difficult for the incoming Trump administration to rewrite rules. (New York Times, Wired)

If you need me, I’ll be blowing off steam with an ice cold shower beer this weekend.

Share today’s Data Sheet with a friend:
http://fortune.com/newsletter/datasheet/

Looking for previous Data Sheets? Click here.


ACCESS GRANTED

Fortune‘s Mathew Ingram defends BuzzFeed’s decision to publish a spy-crafted dossier on President-elect Donald Trump.

The case against publishing amounts to arguing that journalists are the only ones who are qualified to see such allegations, and that only a handful of media organizations are entitled to make the decision about what is credible and what isn’t. Like it or not, that isn’t how journalism works any more. Information of all kinds emerges in a variety of ways, and then we all get to apply our critical intelligence to it—in public, in real time. Read more on Fortune.com.



ONE MORE THING

RT for C-SPAN. Viewers tuning into an online feed of the House of Representatives on Thursday were surprised to see video from the Russian news network RT taking over the channel. C-SPAN said the issue was caused by an “internal routing error,” rather than a hack. The interruption lasted about 10 minutes. (Associated Press)

SPONSORED FINANCIAL CONTENT

You May Like