Slashdot Mirror
Clinton's Private Email System Gets a Security "F" Rating
Penguinisto writes According to a scan by Qualys, Hillary Clinton's personal e-mail server, which has lately generated more than a little controversy in US political circles, has earned an "F" rating for security from the security vendor. Problems include SSL2 support, a weak signature, and only having support for older TLS protocols, among numerous other problems. Note that there are allegations that the email server was possibly already hacked in 2013. (Note: Mrs. Clinton plans on Giving a press conference to the public today on the issue.)
Funny - I clicked on the link and the rating is a B. No ambiguity about it and not the result of a hasty recent security update (the site was assessed on Sat Mar 07 22:39:37 PST 2015). Where does this headline and summary come from?
I mean, the only security they seemed to be interested in was keeping the emails out of the hands of people with subpoenas, FOIA requests and such.
Plus, it's in her house, so she gets 4th Amendment protections as well, which is pretty smart.
But Qualsys's SSL scan grade is relevant to a server open to the public. Looking at the generated report, the main problem, in a situation where the client software is highly controllable and very likely hand-configured, is the lack of perfect-forward-secrecy ciphersuites. And that only helps prevent future attacks, not past ones (she's "retired" at the moment).
If somebody wanted to attack this system, attacking TLS would not be the way to do it - the configuration is good enough to make so many other vectors much cheaper attacks. I see the engineer used GoDaddy as the SSL vendor. This doesn't speak well for the budget of the project which has implications for the degree of configuration hardening that was done, which is especially crucial for a Windows machine.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Nonsense. LBJ, despite getting mired in the Vietnam War, had many effective strengths as a politician. I believe here, Jeb Bush is referring to LBJ's ability to get bipartisan support for his legislation. While I don't have a problem with politicians who can "work across the aisle", I find this suspiciously like George W. Bush, who said much the same thing and then abandoned bipartisanship for a significant part of his tenure.
In comparison, I find Hillary Clinton's casual and persistent corruption and selective rule breaking to be a worse thing than Jeb Bush's choice of role models. Still I wouldn't be broken up, if neither ever was ever elected president.
I'd say leaving office apparently broke and then making shitloads-times-fuckloads of money later, is a sign of a successful president.
Well, then President Clinton neatly skirts any accusation of being successful by that metric: http://www.washingtonpost.com/...
They left office not just with millions, but also with the White House dinnerware: http://abcnews.go.com/Politics...
http://www.politico.com/story/...
Actually, that IRS the dog ate my email somewhat failed.
It turns out that asking IT to look for backups of the email is more productive than looking for it personally. Its just a matter of time needed to sort through it if anyone in government is still interested.
He data also remains under HER control, HER ownership
That's cute, except that it's not her data. That data is owned by the American people via its government, as are all official communications. When you're an officeholder, you don't "own" your official email.
Dewey, what part of this looks like authorities should be involved?