HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Retired » Retired Forums » 2016 Postmortem (Forum) » It's not the emails. It's...

Fri Oct 16, 2015, 02:12 PM

It's not the emails. It's the server.

The private email server running in Hillary Rodham Clinton's home basement when she was secretary of state was connected to the Internet in ways that made it more vulnerable to hackers while using software that could have been exploited, according to data and documents reviewed by The Associated Press.

Clinton's server, which handled her personal and State Department correspondence, appeared to allow users to connect openly over the Internet to control it remotely, according to detailed records compiled in 2012. Experts said the Microsoft remote desktop service wasn't intended for such use without additional protective measures, and was the subject of U.S. government and industry warnings at the time over attacks from even low-skilled intruders.

Records show that Clinton additionally operated two more devices on her home network in Chappaqua, New York, that also were directly accessible from the Internet. One contained similar remote-control software that also has suffered from security vulnerabilities, known as Virtual Network Computing, and the other appeared to be configured to run websites.

The new details provide the first clues about how Clinton's computer, running Microsoft's server software, was set up and protected when she used it exclusively over four years as secretary of state for all work messages. Clinton's privately paid technology adviser, Bryan Pagliano, has declined to answer questions about his work from congressional investigators, citing the U.S. Constitution's Fifth Amendment protection against self-incrimination.

Some emails on Clinton's server were later deemed top secret, and scores of others included confidential or sensitive information. Clinton has said that her server featured "numerous safeguards," but she has yet to explain how well her system was secured and whether, or how frequently, security updates were applied.


http://bigstory.ap.org/article/467ff78858bf4dde8db21677deeff101/only-ap-clinton-server-ran-software-risked-hacking

This is what I (and a handful of others on this board) have been saying all along. Like Bernie, i don't give two craps about her emails. What I do care about is who had access to her server and what information about our national security could be compromised.

84 replies, 4863 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 84 replies Author Time Post
Reply It's not the emails. It's the server. (Original post)
Fawke Em Oct 2015 OP
upaloopa Oct 2015 #1
randys1 Oct 2015 #3
Fawke Em Oct 2015 #7
upaloopa Oct 2015 #12
Fawke Em Oct 2015 #15
upaloopa Oct 2015 #26
Fawke Em Oct 2015 #58
tex-wyo-dem Oct 2015 #79
840high Oct 2015 #51
cosmicone Oct 2015 #2
Fawke Em Oct 2015 #8
Cali_Democrat Oct 2015 #4
99Forever Oct 2015 #5
Fawke Em Oct 2015 #10
LiberalArkie Oct 2015 #6
Fawke Em Oct 2015 #13
LiberalArkie Oct 2015 #18
jeff47 Oct 2015 #22
LiberalArkie Oct 2015 #25
Hortensis Oct 2015 #9
Fawke Em Oct 2015 #11
winter is coming Oct 2015 #76
randys1 Oct 2015 #77
Maedhros Oct 2015 #14
Fawke Em Oct 2015 #17
Maedhros Oct 2015 #20
yallerdawg Oct 2015 #30
AtomicKitten Oct 2015 #52
Fawke Em Oct 2015 #61
Hortensis Oct 2015 #23
Maedhros Oct 2015 #32
Hortensis Oct 2015 #38
Maedhros Oct 2015 #40
Hortensis Oct 2015 #41
Maedhros Oct 2015 #43
Hortensis Oct 2015 #44
Maedhros Oct 2015 #46
Hortensis Oct 2015 #50
Maedhros Oct 2015 #53
Hortensis Oct 2015 #54
Maedhros Oct 2015 #56
Hortensis Oct 2015 #60
Fawke Em Oct 2015 #64
OilemFirchen Oct 2015 #63
ronnykmarshall Oct 2015 #70
Fawke Em Oct 2015 #62
Uncle Joe Oct 2015 #16
DCBob Oct 2015 #19
Fawke Em Oct 2015 #66
DCBob Oct 2015 #83
JRLeft Oct 2015 #21
Maedhros Oct 2015 #33
JRLeft Oct 2015 #37
Maedhros Oct 2015 #39
Name removed Oct 2015 #24
Maedhros Oct 2015 #35
Name removed Oct 2015 #48
Fawke Em Oct 2015 #65
arcane1 Oct 2015 #27
jberryhill Oct 2015 #28
Cheese Sandwich Oct 2015 #78
Agnosticsherbet Oct 2015 #29
oasis Oct 2015 #31
Dr Hobbitstein Oct 2015 #34
Fawke Em Oct 2015 #69
Dr Hobbitstein Oct 2015 #84
frylock Oct 2015 #36
Fawke Em Oct 2015 #68
frylock Oct 2015 #80
workinclasszero Oct 2015 #42
OregonBlue Oct 2015 #45
Fawke Em Oct 2015 #71
hrmjustin Oct 2015 #47
Fawke Em Oct 2015 #72
hrmjustin Oct 2015 #75
Dem2 Oct 2015 #49
BainsBane Oct 2015 #55
Fawke Em Oct 2015 #74
jfern Oct 2015 #57
DemocratSinceBirth Oct 2015 #59
Codeine Oct 2015 #67
Fawke Em Oct 2015 #73
matt819 Oct 2015 #81
Todays_Illusion Oct 2015 #82

Response to Fawke Em (Original post)

Fri Oct 16, 2015, 02:14 PM

1. You are going to be one of the last people

to be beating this dead horse aren't you?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to upaloopa (Reply #1)

Fri Oct 16, 2015, 02:16 PM

3. No shit, the thread could just as easily be titled "Benghazi, it's not about what we know

but what we dont know"

or something stupid like that

Reply to this post

Back to top Alert abuse Link here Permalink


Response to upaloopa (Reply #1)

Fri Oct 16, 2015, 02:30 PM

7. Yes, but since the FBI doesn't think it's a dead issue,

there's no horse to beat.

I work in IT security. Trust me, this is a BIG deal.

But, proceed Hillary fans: vote for someone who doesn't give a rat's ass about national security.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Reply #7)

Fri Oct 16, 2015, 02:35 PM

12. Look, I sure don't need advice from someone

who is throwing everything they can against the wall desperately hoping something sticks.
I'll bet you the Benghazi committee will be serving tea and cookies at Hillary's testimony next week.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to upaloopa (Reply #12)

Fri Oct 16, 2015, 02:41 PM

15. And I don't need advice for someone who wouldn't know

ntds.dit file from a edb.log file.

It's not about throwing anything against the wall.

This server was probably compromised and that's far scarier to me than Gowdy and his silly Benghazi committee.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Reply #15)

Fri Oct 16, 2015, 03:01 PM

26. It's a dead issue

Reply to this post

Back to top Alert abuse Link here Permalink


Response to upaloopa (Reply #26)

Fri Oct 16, 2015, 05:54 PM

58. This isn't.

It just came out a couple of weeks ago.

Benghazi is a dead issue.

This isn't.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to upaloopa (Reply #26)

Fri Oct 16, 2015, 07:17 PM

79. Hardly a dead issue....

The FBI is investigating whether sensitive information could have been compromised on a private server, the security of which is in question.

The main questions I have:

Why in the world would Hillary want to use a private server for official State Department emails? Why wouldn't she want to just use the official State Department server, which without question is probably one of the most secure servers in the world? This is very risky and stupid and makes me question her judgement.

In addition, why would she want to use a private server knowing that if this were found out (she has many enemies), that it would be used against her in her future political aspirations? At the very least it looks like a stupid and petty move, at worst it looks like she was trying to hide something and may have been illegal on top of the obvious security issues.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to upaloopa (Reply #1)

Fri Oct 16, 2015, 04:46 PM

51. What about FBI?

 

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)

Fri Oct 16, 2015, 02:15 PM

2. ummmmm yeah ...

 

beat the dead horse with a cane now. It was never about beating it with a whip.

New meme -- "It is not the whip, it is all about the cane"

Reply to this post

Back to top Alert abuse Link here Permalink


Response to cosmicone (Reply #2)

Fri Oct 16, 2015, 02:31 PM

8. Not my meme.

I've never cared about Benghazi or the emails.

You can read my posts if you like. It's always been about the server's security with me.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)

Fri Oct 16, 2015, 02:16 PM

4. Question:

 

Did you support Snowden when he compromised national security and stole classified information before fleeing to Russia?

This is what I (and a handful of others on this board) have been saying all along. Like Bernie, i don't give two craps about her emails. What I do care about is who had access to her server and what information about our national security could be compromised.


Since you seem to be so worried about our national security and all.....

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Cali_Democrat (Reply #4)

Fri Oct 16, 2015, 02:23 PM

5. Question

Was Snowden Secretary of State of the United States of America?

If so, what dates did he hold that office?

Thanks

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Cali_Democrat (Reply #4)

Fri Oct 16, 2015, 02:32 PM

10. Yes - because he exposed the problems.

If we had decent whistleblower laws in this country, he wouldn't have had to do that.

But we see what happens to whistleblowers.

http://www.politico.com/story/2013/06/what-happens-to-whistleblowers-092744

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)

Fri Oct 16, 2015, 02:25 PM

6. It is the same thing that IT has to fight executives over. The executives want the "I AM BOSS"

and want to do what they want to do. And sometimes it brings down whole companies to give they what they want instead of the way it needs to be done. Where I used to work, IT made it where everyone's corporate notebook could only access the corp lan and wifi. However we installed DSL wifi access points everywhere for all the iPhones and tablets. The iPhones and tablets could not access the Corp wifi. We operated with the principle of never shall the two meet. It worked pretty well for several years until a VP hacked his corp pc setting around so he could access the internet without the proxy server. He got hit with a virus at home and brought it to work the next day and IT had to turn off the exchange servers to clean it up. CEO took the expenses for the cleanup and downtime out of his departments budget.

Nobody in government state,local or national should be allowed to run their own private systems. Period.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to LiberalArkie (Reply #6)

Fri Oct 16, 2015, 02:36 PM

13. And, yet, the Hillary fans think this is some sort of witch hunt.

I don't know how many times I can post that I don't care about Benghazi or what was in her emails: I care who else had access to that information.

Sometimes things are inconvenient, but when you're someone who has clearance to view national security secrets, maybe, just maybe convenience should take a back seat to security.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Reply #13)

Fri Oct 16, 2015, 02:45 PM

18. I do know the their IT is covering his ass for some reason. I think it was set up for the

convenience of the family, I have no problem with that. But he knows he did not set up up for security and was probably in the dark as to what it was being used for. I don't know of a single person that would set something like what it was being use for without plenty of firewalls and security. I would almost bet he even had logging turned off being a personal family device.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to LiberalArkie (Reply #18)

Fri Oct 16, 2015, 02:54 PM

22. The IT guy is in actual legal jeopardy.

There's basically three ways you can be charged with leaking classified information:
1) Intentionally give it to a foreign government
2) Sell it
3) Negligence

Clinton and company didn't commit a crime - they didn't do any of those three. But the IT guy was extremely negligent.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to jeff47 (Reply #22)

Fri Oct 16, 2015, 02:59 PM

25. Yea, I think that is why he is taking the 5th. (And probably fifth of Crown or Jack Black also)

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)

Fri Oct 16, 2015, 02:31 PM

9. Got it: E-mails clean, so attack her on the server.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Hortensis (Reply #9)

Fri Oct 16, 2015, 02:33 PM

11. I've never cared about Benghazi or her emails.

I've only been concerned with the security of the server.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Reply #11)

Fri Oct 16, 2015, 06:36 PM

76. +1. I didn't get interested in this until the IT guy started talking about taking the Fifth. n/t

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Reply #11)

Fri Oct 16, 2015, 06:38 PM

77. Next you will tell us her home alarm system was the problem.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Hortensis (Reply #9)

Fri Oct 16, 2015, 02:39 PM

14. I work in corporate security for a large financial institution, dealing with cyber-incidents

 

and data extrusion events. Moving confidential information from inside the company network to an outside server that lacks proper security gets people fired - and that's just for relatively harmless data loss, such as customer account numbers or SSNs.

Why should we have lower standards of data security for classified State Department communications, which have the potential to be incredibly damaging if compromised?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Maedhros (Reply #14)

Fri Oct 16, 2015, 02:43 PM

17. Thank you.

I love how Hillary fans conflate the very obvious political-point-scoring Benghazi committee with cyber security.

The two issues are completely different.

I agree the Benghazi crap is Republican grand standing, but the server issue is a whole 'nother kettle of fish.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Reply #17)

Fri Oct 16, 2015, 02:51 PM

20. This is why I consider Hillary supporters to be my political opponents, in a larger sense

 

than just "Bernie v. Hillary." They represent that faction of Democrats that will excuse and rationalize any bad behavior by a Democrat simply because their political understanding starts and ends with "Blue Team v. Red Team." They have such incredibly low expectations of Democratic candidates that "voting for the lesser of two evils" becomes a self-fulfilling prophecy.

In this sense, Hillary is a fantastic bellwether - just look at all the absolute crap (IWR vote, private prison industry coziness, warmongering, Wall Street ties, sleazy campaign behavior, etc.) that they are willing to overlook in service of identity politics. That kind of behavior has nearly killed the Party.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Maedhros (Reply #20)

Fri Oct 16, 2015, 03:10 PM

30. Let me get this straight.

Hillary is worse than Nixon?

Reagan?

George W. Bush?

Any Republican candidate?

Isn't this "Blue Team v. Red Team"?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Maedhros (Reply #20)

Fri Oct 16, 2015, 04:46 PM

52. I know this to be true because

 

... I used to carry their water until about 8 years ago when I got an education here at DU.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Maedhros (Reply #20)

Fri Oct 16, 2015, 06:00 PM

61. Good point.

And one of the reasons the left doesn't really have a party any longer.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Maedhros (Reply #14)

Fri Oct 16, 2015, 02:55 PM

23. Not every technical expert assumes the server ex- President Clinton had installed

to protect his privacy is less secure than a slow, cumbersome, broken system that is not only accessed by many, many people every day and not private but also is routinely bypassed by many who are supposed to use it because of its problems. The ones I've read or heard were more inclined to believe both systems could be hacked.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Hortensis (Reply #23)

Fri Oct 16, 2015, 03:26 PM

32. Hillary's private server existed outside administrative control.

 

That alone makes it less secure.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Maedhros (Reply #32)

Fri Oct 16, 2015, 03:50 PM

38. A standard assumption, but is it valid in this particular case?

As it happens it is pretty normal for government business to be conducted "outside administrative control" because of an antiquated, inadequate and leaky system. Don't forget the many people with access. E-mails sent through it all too often turn into D.C. gossip, and who knows what else.

You know, every person who saw or used Clinton's e-mail address knew she, like many others, was not using the official system (this includes security experts of course), but, even though she was Secretary of State, none of the security experts raised any significant objection (you know, like putting it in a memo and sending appropriate ass-covering copies), and it never became an issue -- until the GOP decided it was time to use it to try to derail her campaign for president.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Hortensis (Reply #38)

Fri Oct 16, 2015, 03:58 PM

40. I agree, this incident reveals an egregious failure by the Obama Administration

 

more than a failure by Hillary. She did something stupid, but the Administration knew about it and failed to take action to correct it.

At the same time, the Obama Administration has been prosecuting everyone they possibly can for even minor incidents of data leakage, improper storage or whistle blowing. They can't do that and, at the same time, allow the White House network to be so poorly managed and secured. How can they expect us to take the prosecutions seriously, when significant security failures are identified yet left unaddressed?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Maedhros (Reply #40)

Fri Oct 16, 2015, 04:06 PM

41. Now, be fair, Maedhros. Obama is prosecuting LEAKERS, not employees who,

as part of their jobs, pass information to valid receivers by phone (breaking a rule) instead of official but slow and cumbersome e-mail.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Hortensis (Reply #41)

Fri Oct 16, 2015, 04:10 PM

43. In my job, I investigate people "who pass information to valid receivers" with no ill intent,

 

yet their inadvertent transgression is just as much as security risk as any other breach.

If Obama wants to get "tough on leakers" because he's concerned about security, then he should be concerned about security.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Maedhros (Reply #43)

Fri Oct 16, 2015, 04:24 PM

44. Noted, but irrelevant. Your intimation that Obama is prosecuting sloppy

but well-meaning and honest employees is not correct.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Hortensis (Reply #44)

Fri Oct 16, 2015, 04:31 PM

46. Not my intimation at all.

 

Obama has used the Espionage Act to prosecute journalists, leakers and whistle blowers more than all previous presidents combined. The ostensible explanation for this is to prevent classified information from falling into the wrong hands. I find it utter hypocrisy to prosecute people like NSA whistle blower Tom Drake, yet allow Hillary to expose her communications to a potential security breach.

https://theintercept.com/2015/08/12/hillary-clinton-sanctity-protecting-classified-information/

When it comes to low-level government employees with no power, the Obama administration has purposely prosecuted them as harshly as possible to the point of vindictiveness: It has notoriously prosecuted more individuals under the Espionage Act of 1917 for improperly handling classified information than all previous administrations combined.

NSA whistleblower Tom Drake, for instance, faced years in prison, and ultimately had his career destroyed, based on the Obama DOJ’s claims that he “mishandled” classified information (it included information that was not formally classified at the time but was retroactively decreed to be such). Less than two weeks ago, “a Naval reservist was convicted and sentenced for mishandling classified military materials” despite no “evidence he intended to distribute them.” Last year, a Naval officer was convicted of mishandling classified information also in the absence of any intent to distribute it.

In the light of these new Clinton revelations, the very same people who spent years justifying this obsessive assault are now scampering for reasons why a huge exception should be made for the Democratic Party front-runner. Fascinatingly, one of the most vocal defenders of this Obama DOJ record of persecution has been Hillary Clinton herself.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Maedhros (Reply #46)

Fri Oct 16, 2015, 04:42 PM

50. NSA "whistleblower" Tom Drake is equivalent to a clerk confirming

a lunch date by phone? If the latter were prosecuted by the Justice Department, I would regard that as "vindictive."

My suggestion is you find more important and effective arguments against HRC. There are plenty. I myself have extremely strong objections to her support of using federal taxpayer dollars to pay for private religious education. The moment I decide another candidate has a better chance of winning the presidency, I'll drop her for that reason alone. Assuming the other guy hasn't done the same egregious thing.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Hortensis (Reply #50)

Fri Oct 16, 2015, 05:23 PM

53. How does a clerk confirming a lunch date by phone relate to this issue?

 

I'm talking about classified State Department communications being conducted from a rogue server, and how such conduct creates a security risk. Further, the pattern of prosecutions by the Obama Administration against whistle blowers seems disingenuous when the same Administration's demonstrated lax attitude toward it's own network security.

You seem to be drifting from the topic.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Maedhros (Reply #53)

Fri Oct 16, 2015, 05:27 PM

54. Let's both do that, shall we? Lots of other good stuff to take on out there. :)

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Hortensis (Reply #54)

Fri Oct 16, 2015, 05:51 PM

56. I do agree that this email/server issue is not a factor in my choice of who to support.

 

But as a security professional, I bristle when I see claims that it's "nothing."

So let's move on...

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Maedhros (Reply #56)

Fri Oct 16, 2015, 05:59 PM

60. Oh, I so understand that. I'm guessing as a security professional

you're constantly confronted with ignorance. I bless my stars I can either turn your stuff over to my son or my employer's tech support, depending.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Maedhros (Reply #56)

Fri Oct 16, 2015, 06:20 PM

64. Same here.

It's not "nothing."

Granted, it probably would not have been discovered if not for the bogus Benghazi investigation, but it's still not "nothing.

I don't actually do the assessments at my company, but, by virtue of marketing the company, I have to write extensively about what our IT security professionals do, so I know the score.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Maedhros (Reply #40)

Fri Oct 16, 2015, 06:20 PM

63. CALL CONGRESS!

RIGHT. FUCKING. NOW.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to OilemFirchen (Reply #63)

Fri Oct 16, 2015, 06:31 PM

70. This is HUGH!!!1111

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Hortensis (Reply #38)

Fri Oct 16, 2015, 06:15 PM

62. Yes. It is valid.

There are layers of security in the federal government's server system.

You might be able to break into the "lobby" of the server and gather the names and personal data of some low-level staffers, but you can bet the national security secrets have additional "locks, guard dogs and protections" that the "lobby" doesn't have.

Think of it like your house. You accidentally leave a window unlocked and a thief gets into your house. He may help himself to your chachkies, television and computer, but your really valuable stuff - your money, your jewels, your diary, whatever you consider valuable - is in a locked room that uses fingerprint scanner to open and in that room is a Rottweiler guarding the locked safe. Chances are, the thief isn't going to get in there.

Hillary's server, from all reports, didn't even have the security one has after changing the locks on the front door of a home you just purchased. They didn't even encrypt the VPN. Any Joe Blow could command her computer directly from the Internet.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)

Fri Oct 16, 2015, 02:42 PM

16. Precisely, Hillary privatized the top official in the State Department's server.



"That's total amateur hour," said Marc Maiffret, who has founded two cybersecurity companies. He said permitting remote-access connections directly over the Internet would be the result of someone choosing convenience over security or failing to understand the risks. "Real enterprise-class security, with teams dedicated to these things, would not do this," he said.

The government and security firms have published warnings about allowing this kind of remote access to Clinton's server. The same software was targeted by an infectious Internet worm, known as Morta, which exploited weak passwords to break into servers. The software also was known to be vulnerable to brute-force attacks that tried password combinations until hackers broke in, and in some cases it could be tricked into revealing sensitive details about a server to help hackers formulate attacks.

"An attacker with a low skill-level would be able to exploit this vulnerability," said the Homeland Security Department's U.S. Computer Emergency Readiness Team in 2012, the same year Clinton's server was scanned.


(snip)

In Clinton's case, Internet addresses the AP traced to her home in Chappaqua revealed open ports on three devices, including her email system. Each numbered port is commonly, but not always uniquely, associated with specific features or functions. The AP in March was first to discover Clinton's use of a private email server and trace it to her home.

Mikko Hypponen, the chief research officer at F-Secure, a top global computer security firm, said it was unclear how Clinton's server was configured, but an out-of-the-box installation of remote desktop would have been vulnerable. Those risks — such as giving hackers a chance to run malicious software on her machine — were "clearly serious" and could have allowed snoops to deploy so-called back doors.

The U.S. National Institute of Standards and Technology, the federal government's guiding agency on computer technology, warned in 2008 that exposed server ports were security risks. It said remote-control programs should only be used in conjunction with encryption tunnels, such as secure VPN connections


http://bigstory.ap.org/article/467ff78858bf4dde8db21677deeff101/only-ap-clinton-server-ran-software-risked-hacking



Aside from the security issues, this kind of practice creates an additional barrier between a politician's actions and governmental accountability and oversight, Hillary was supposed to be working in service to President Obama and he nor the State Dept. had direct access to her official correspondence without going through the private corporations maintaining her server.

Thanks for the thread, Fawke Em.



Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)

Fri Oct 16, 2015, 02:49 PM

19. This comes to mind..

Reply to this post

Back to top Alert abuse Link here Permalink


Response to DCBob (Reply #19)

Fri Oct 16, 2015, 06:23 PM

66. The horse just left the stable a couple of weeks ago.

For the 50th time on this thread, it's not about Benghazi or the emails: it's about cyber security.

The lack of the security on her server was only just discovered a few weeks ago.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Reply #66)

Fri Oct 16, 2015, 07:42 PM

83. So Hillary's lack of cyber security skills means she would not be a good President??

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)

Fri Oct 16, 2015, 02:52 PM

21. I still don't give a shit!

 

Reply to this post

Back to top Alert abuse Link here Permalink


Response to JRLeft (Reply #21)

Fri Oct 16, 2015, 03:28 PM

33. Yet you would have howled to the sky if this had happened to Condoleeza Rice.[n/t]

 

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Maedhros (Reply #33)

Fri Oct 16, 2015, 03:45 PM

37. I don't even like Hillary. There are plenty of reasons to not like her this is a waste of time and

 

time and resources.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to JRLeft (Reply #37)

Fri Oct 16, 2015, 03:51 PM

39. Personally, I see this more as a failure by the Obama Administration for allowing this to happen.

 

In an era when Obama is prosecuting as many people as he possibly can for any incident of whistle blowing or data leakage, he should have been frantically shoring up White House network security and not letting the Secretary of State flout it.

It shows us that Obama is not concerned about security, but with hiding what his Administration is doing from the American people.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)


Response to Name removed (Reply #24)

Fri Oct 16, 2015, 03:33 PM

35. I'm a security professional. My professional judgement in this incidence

 

overrides my support for Bernie. He's being gracious and, in the bigger context, the email issue distracts from Bernie's message, so I understand why he wants to move on.

Politics aside, it's crystal clear that Hillary's use of a private server to manage official State Department communications comprises a serious security shortcoming and exposes some significant ignorance on behalf of Secretary Clinton and her IT staff, as well as on behalf of the Obama Administration.

But, obviously, identity politics trumps cyber security.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Maedhros (Reply #35)


Response to Maedhros (Reply #35)

Fri Oct 16, 2015, 06:22 PM

65. Bravo.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)

Fri Oct 16, 2015, 03:06 PM

27. I was against using unofficial email when the Bush crew was doing it. And now too.

 

Content is irrelevant to me.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)

Fri Oct 16, 2015, 03:07 PM

28. "Hillary Rodham Clinton's home basement"

 


I always like that phrase thrown in for rhetorical effect, as if her home is not guarded 24/7 by armed federal agents due to it also being the home of a former president.

Whether it was electronically secure is a different question.

But the fact that it was in her home, and not just her home but <shudder> THE BASEMENT - is supposed to do what in terms of a rational presentation of relevant facts?

It's a great example of a phrase thrown in for nothing but misplaced shrill effect, and in complete ignorance of the security circumstances attendant to the home of a former president.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to jberryhill (Reply #28)

Fri Oct 16, 2015, 06:40 PM

78. Better than keeping it out in the tool shed I suppose. nt

 

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)

Fri Oct 16, 2015, 03:07 PM

29. When the story starts with a falsehood, in the first sentence,

The rest can not be trusted.
The server was not on her basement.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)

Fri Oct 16, 2015, 03:21 PM

31. Gulp!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)

Fri Oct 16, 2015, 03:33 PM

34. Here we go again.

 

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Dr Hobbitstein (Reply #34)

Fri Oct 16, 2015, 06:28 PM

69. Well, I started at this goal post.

I haven't given one shit about Benghazi or the contents of her emails.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Reply #69)

Fri Oct 16, 2015, 11:39 PM

84. Keep on keeping on.

 

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)

Fri Oct 16, 2015, 03:43 PM

36. You're wasting your time on people that have probably never installed and configured an OS before..

let alone know a damn thing about hardening a server, or network security.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to frylock (Reply #36)

Fri Oct 16, 2015, 06:25 PM

68. They probably think hardening a server is akin to sitting fudge

in the refrigerator to stiffen.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Reply #68)

Fri Oct 16, 2015, 07:29 PM

80. Well now I'm hungry for fudge!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)

Fri Oct 16, 2015, 04:09 PM

42. Keep moving those goal posts

 

Even though Bernie himself say to lay off.

These republician talking points should not be allowed on the democratic underground IMO

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)

Fri Oct 16, 2015, 04:24 PM

45. Given how many times the federal government sites have been hacked in the last few

years, I am willing to bet her servers were actually much, much safer than the feds. I mean they've hacked State Department, DOD, DHS, IRS, etc..... Also, given the number of Shrub loyalists at both State and the CIA, I think she would have been crazy to trust her communications to the State Department system.

It really isn't about national security for the GOP, it's about trying to take down the Clintons. The FBI is currently looking at just how secure her servers were. How much you wanna bet they discover they were safer than their own.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to OregonBlue (Reply #45)

Fri Oct 16, 2015, 06:31 PM

71. Yes, it is.

See my post at No. 62 for an explanation about the difference between someone hacking into one portion of the federal government and being able to get into the depths of the servers where key information is kept.

Just because someone got into dot gov's HR server doesn't mean, with the layers of security, that they're going to be able to get into the inner sanctum.

It's not the same thing at all.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)

Fri Oct 16, 2015, 04:32 PM

47. Perhaps the Republicans can hire you to look into this.

 

You being so concerned and all.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to hrmjustin (Reply #47)

Fri Oct 16, 2015, 06:32 PM

72. I wouldn't be surprised if my company doesn't get consulted.

I wouldn't be the one doing it, however.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Reply #72)

Fri Oct 16, 2015, 06:35 PM

75. Chomping at the bits I see.

 

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)

Fri Oct 16, 2015, 04:34 PM

49. No thanks

BENGHAZI!!!!!!

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)

Fri Oct 16, 2015, 05:34 PM

55. Bernie

Reply to this post

Back to top Alert abuse Link here Permalink


Response to BainsBane (Reply #55)

Fri Oct 16, 2015, 06:34 PM

74. I am, too.

This isn't about her emails.

It's about who accessed her server and got information, if any.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)

Fri Oct 16, 2015, 05:53 PM

57. Lets just wait to see what happens

No need to focus much on this.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)

Fri Oct 16, 2015, 05:56 PM

59. "When all you have is a hammer the whole world looks like a nail."

Have a great weekend.

PEACE
DSB

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)

Fri Oct 16, 2015, 06:24 PM

67. You don't give two tugs of a dead dog's dick

 

about "national security" or anything remotely related. At least be sufficiently honest with yourself to admit that the right-wing media has handed you a convenient two-by-four that you can use to bang on the Clinton campaign for a few more weeks.

It's basic political opportunism; no more, no less.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Codeine (Reply #67)

Fri Oct 16, 2015, 06:33 PM

73. Except that I happen to work for a cyber security firm.

So, you know, your premise goes awry right there.

I do happen to give a shit about cyber security since it pays me.



P.S. I actually found that article doing research for something I was writing for work. I wasn't looking for it, but it came up in the Google searches I do for cyber security news for our blog.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Fawke Em (Original post)

Fri Oct 16, 2015, 07:38 PM

81. Whatever it is

Servers, emails, weak security. I don't care. What we need to see immediately is action. Either she did something criminal if she didn't. The fbi needs to stop dicking around. How long does it fucking take to investigate. It's a wonder there are any federal prosecutions with this kind of dithering.

Reply to this post

Back to top Alert abuse Link here Permalink


Reply to this thread