Hillary Clinton's private email server lacked basic security feature for months

By Eric Geller - Mar 28, 2016, 2:42pm CT

The server that Hillary Clinton used to conduct official business as secretary of state lacked one of the most basic and important security features for several months.

The server setup, which consisted of two computers running antivirus programs, lacked a digital certificate to authenticate and encrypt its email communications for the first two months of Clinton's term, the Washington Post reported on Sunday.

Website operators install digital certificates on their servers to authenticate their sites. The certificates pair with cryptographic keys and allow Web browsers to start secure browsing sessions, which scramble transmitted data in a way that makes it more difficult for third parties to intercept.

When you visit a website whose owner has installed a security certificate, you see a lock icon near your browser's address bar, and the Web address contains the "https" prefix.

“This means that any emails she sent and received from her browser while connected to this server were not encrypted and could be easily intercepted,” Doug Beattie, vice president of product management for certificate provider GlobalSign, said in an email. “It’s unlikely foreign governments were not actively monitoring her emails, especially when traveling internationally...

Read more:
http://www.dailydot.com/politics/hillary-clinton-private-email-server-state-department-cybersecurity/