A good way to undermine your “security” brand is to launch a website rife with publicly known exploits.
But how does this even happen? If Rudy Giuliani erred on the side of eye-candy, if he relied on designers instead of infosec specialists, then he’d still have a website built with the most contemporary tools. Designers love new stuff. Instead giulianisecurity.com was built on an end-of-life PHP (5.4) and Joomla (3.1.1). His team exposed LDAP, sshd and mysql — all of which were old and EOL’d.
We can’t trust these people to set up our DVRs, let alone harden our country’s cyber infrastructure. It’s stunning, really.
Stunned security experts tear strips off president-elect pick hours after announcement
UPDATE: The DNS record has been taken down but you can still reach giulianisecurity.com by it’s raw IP address.