Hillary Clinton is over in the storm for the violation of its private email server, even Trump has used the case to attack the rival.
The irony of fate, now we are here discussing because also Trump’s staff has some problems with his email servers. According to the security researcher Kevin Beaumont, the Trump Organization’s mail servers run on Microsoft Windows Server 2003 version with Internet Information Server 6 that is no more supported by the company. The researchers also discovered that servers are configured with minimal security.
What does it mean?
Simple, they are an easy target of hackers that can access to the organization’s e-mails servers.
Quick update on Trump corp email servers – all internet accessible, single factor auth, no MDM, Win2003, no security patching. pic.twitter.com/nIMTa9UmdL
— Kevin Beaumont (@GossiTheDog) 17 ottobre 2016
Beaumont also discovered the Organization’s Web email access page, he explained that until yesterday morning, the Trump Organization allowed Outlook Web Access logins from webmail.trumporg.com.
According to Sean Gallagher of Ars, the e-mail access page webmail.trumporg.com displays the header for Microsoft Exchange Outlook Web Access (OWA). The analysis of the page HTML source code reveals that site is using an outdated application i.e. March 2015 build of Microsoft Exchange 2007 (SP3 RU16), which is a version known to be affected by many security issues. The login page reveals that the webmail site was running Microsoft Exchange 2007.
Beaumont pointed out that the email service doesn’t use two-factor authentication.
Below the comment sent via email by a spokesperson for the Trump Organization to the Motherboard website, he seems to downplay the problem.
“The Trump Organization deploys best in class firewall and anti-vulnerability technology with constant 24/7 monitoring. Our infrastructure is vast and leverages multiple platforms which are consistently monitored and upgraded using current cyber security best practices.”
[adrotate banner=”9″]
(Security Affairs – e-mail servers, cyber security)