According to a security researcher, the Trump Organization’s mail servers run on an outdated version of Microsoft Windows Server.
Hillary Clinton is over in the storm for the violation of its private email server, even Trump has used the case to attack the rival.
The irony of fate, now we are here discussing because also Trump’s staff has some problems with his email servers. According to the security researcher Kevin Beaumont, the Trump Organization’s mail servers run on Microsoft Windows Server 2003 version with Internet Information Server 6 that is no more supported by the company. The researchers also discovered that servers are configured with minimal security.
What does it mean?
Simple, they are an easy target of hackers that can access to the organization’s e-mails servers.
Quick update on Trump corp email servers – all internet accessible, single factor auth, no MDM, Win2003, no security patching. pic.twitter.com/nIMTa9UmdL
Beaumont also discovered the Organization’s Web email access page, he explained that until yesterday morning, the Trump Organization allowed Outlook Web Access logins from webmail.trumporg.com.
According to Sean Gallagher of Ars, the e-mail access page webmail.trumporg.com displays the header for Microsoft Exchange Outlook Web Access (OWA). The analysis of the page HTML source code reveals that site is using an outdated application i.e. March 2015 build of Microsoft Exchange 2007 (SP3 RU16), which is a version known to be affected by many security issues. The login page reveals that the webmail site was running Microsoft Exchange 2007.
Beaumont pointed out that the email service doesn’t use two-factor authentication.
Below the comment sent via email by a spokesperson for the Trump Organization to the Motherboard website, he seems to downplay the problem.
“The Trump Organization deploys best in class firewall and anti-vulnerability technology with constant 24/7 monitoring. Our infrastructure is vast and leverages multiple platforms which are consistently monitored and upgraded using current cyber security best practices.”
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.