14 DAY TRIAL // It may be a silly question, but once asked, it's one that hangs around at the back of your head all day, especially if you're a security researcher with the necessary tools and knowledge to find this out.
And this is exactly what Jonathan Lampe did, closely analyzing the websites of each US 2016 presidential candidate, looking for known security loopholes, and ranking candidates based on his findings.
Mr. Lampe, product manager at the InfoSec Institute, described his inquiries as "an indicator of the level of security awareness the candidate and the campaign staff has," a possible sign of the politician's awareness to today's current cyber-threats.
Ben Carson, clear-cut winner
Leveraging on the fact that most candidates launched their platform website on top of WordPress, analyzing all the sites was quite easy, since the same criteria could be used for all.
Some of the details Mr. Lampe studied included checking for HTTPS support, if the candidate was using the latest version of WordPress, if vulnerable software or plugins were detected, if usernames were exposed on the frontend, if the default admin account was present, if the site's folders were navigable, and if sign-in and sign-up pages (forms) were publicly available.
Putting all this criteria together and giving each candidate a grade allowed Mr. Lampe to determine that out of all the candidates still left in the race, Ben Carson would emerge victorious if security experts were the ones that voted.
Trump and Clinton come second
Second on the list came Donald Trump and Hillary Clinton, both with B grades, which is weird since Trump's website was already hacked this year and should not be "technically" considered "secure."
Coming in third, with C grades, we find Jeb Bush and Bernie Sanders, both with some problems on their websites.
You can read an in-depth analysis for each candidate's site in Mr. Lampe's report, and you can also take a look over the image below which includes an expanded list of all candidates, before they pulled out of the race or decided to run as independents. The image is also accompanied by a blog post on Information Security Buzz.
