Trump Organization is using horribly insecure email servers

If you thought Former Secretary of State Hillary Clinton's private email server was a mess, Donald Trump's company is running email servers that look like a dumpster fire by comparison.

Security researcher Kevin Beaumont said in a tweet on Monday that the Trump Organization, the parent company of the alleged billionaire's portfolio of realty, steaks, golf, and hotels, is running a set of email servers that are horribly outdated and long past the end-of-life, meaning they haven't received security patches in over a year.

Beaumont said he found that the company's email system is running the decade-old Windows Server 2003 and Internet Information Servers 6, both of which haven't been supported in over a year.

Both sets of software are so old that Microsoft no longer patches even known security vulnerabilities. Instead, users should upgrade. Patches remain as one of the best ways for preventing hackers from exploiting security flaws.

A spokesperson for Trump, now the Republican presidential candidate, could not be reached on Tuesday.

Beaumont, a British citizen who can't vote in the upcoming US election, was summarily hounded by Trump supporters on Twitter, who among other things accused him of hacking. (The data he gathered is publicly accessible; many web browsers, including Chrome, allow users to check what software is running on a web server.)

Among the tweets of abuse he received, one pro-Trump user claimed to have reported Beaumont to the FBI.

In his own set of tweets, Michael Morisy, founder of investigative outlet MuckRock, said that the unsubstantiated accusation that Beaumont in any way did anything illegal "misses some fundamentals of modern security".

"If your posture is that bad, you're already pwned," he said. "There's good reasons that infosec talks openly about security holes, and framing frank discussion as malicious hurts security in the long run," he added.

Disclosing improves the chances of fixing the issues, said Morisy.

ZDNET INVESTIGATIONS

Researchers say a breathalyzer has flaws, casting doubt on countless convictions

Lawsuits threaten infosec research — just when we need it most

NSA's Ragtime program targets Americans, leaked files show

Leaked TSA documents reveal New York airport's wave of security lapses

US government pushed tech firms to hand over source code

Millions of Verizon customer records exposed in security lapse

Meet the shadowy tech brokers that deliver your data to the NSA

Inside the global terror watchlist that secretly shadows millions

198 million Americans hit by 'largest ever' voter records leak

Britain has passed the 'most extreme surveillance law ever passed in a democracy'

Microsoft says 'no known ransomware' runs on Windows 10 S — so we tried to hack it

Leaked document reveals UK plans for wider internet surveillance

• Researchers say a breathalyzer has flaws, casting doubt on countless convictions
• Lawsuits threaten infosec research — just when we need it most
• NSA's Ragtime program targets Americans, leaked files show
• Leaked TSA documents reveal New York airport's wave of security lapses
• US government pushed tech firms to hand over source code
• Millions of Verizon customer records exposed in security lapse
• Meet the shadowy tech brokers that deliver your data to the NSA
• Inside the global terror watchlist that secretly shadows millions
• 198 million Americans hit by 'largest ever' voter records leak
• Britain has passed the 'most extreme surveillance law ever passed in a democracy'
• Microsoft says 'no known ransomware' runs on Windows 10 S — so we tried to hack it
• Leaked document reveals UK plans for wider internet surveillance