Donald Trump’s official website suffered from a serious misconfiguration that exposed campaign intern résumés to the public internet according to a report from Chris Vickery of the blog, . After Chris contacted intermediaries to get to the Trump campaign, the problem was fixed. IT security experts from Tripwire, Lieberman Software and Redscan commented below.
Tim Erlin, Senior Director of IT Security and Risk Strategy at Tripwire:
“Cybersecurity isn’t a partisan issue. Both Democrats and Republicans alike are capable of misconfiguring settings and failing to patch vulnerabilities. Campaigns are often difficult entities to secure. They aren’t permanent organizations, and their staff and needs change rapidly. Campaigns do handle sensitive information routinely, and securing that data needs to be part of their charter from the start.”
“The Trump website leak could have happened to anyone – anyone who is more concerned about business results than security. When you put it that way, it sounds as if the Trump campaign was extremely careless with this data, but the sad truth is that’s not the exception, it is the rule. Some person likely set up the system in the most expedient way possible, and no one reviewed the security until someone acted like a bad guy, which is the story of most breaches. There’s also a question here about the design of the system itself encouraging better security in how it walks the user through set up. In the end, this falls to the person hired by Trump to do this configuration, someone who may today be heading towards the iconic “you’re fired” right from the man who made it famous.”
“Vulnerabilities like the one affecting the official website of Donald Trump are all too common, enabling hackers to bypass authorisation controls to access sensitive files.
While in this instance, the breach appears not to have been particularly serious, intrusions like this can be significantly more damaging if hackers research site file naming conventions to conduct wider, more targeted brute force attacks.
A cyber breach can cause severe reputational damage to an individual or organisation so it’s important that websites are regularly penetration tested by security experts to ensure that flaws, such as the one highlighted here, are addressed.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.