Slashdot Mirror
Clinton's Private Email System Gets a Security "F" Rating
Penguinisto writes According to a scan by Qualys, Hillary Clinton's personal e-mail server, which has lately generated more than a little controversy in US political circles, has earned an "F" rating for security from the security vendor. Problems include SSL2 support, a weak signature, and only having support for older TLS protocols, among numerous other problems. Note that there are allegations that the email server was possibly already hacked in 2013. (Note: Mrs. Clinton plans on Giving a press conference to the public today on the issue.)
I mean, the only security they seemed to be interested in was keeping the emails out of the hands of people with subpoenas, FOIA requests and such.
Do you have ESP?
IIS with a good config will beat *nix with a terrible config. It's not the tool that the the problem here; it's that the people using it had no clue how.
I have been in the IT field for 30 years and I specialize in information security. Penetration testing and forensic investigations is what I do.
I do not agree with the assessment. Many argue that homes are more vulnerable, but even if it's the average home, it's far easier to find a disgruntled employee in some "cloud" service company and if you look at headlines in recent years like DRM, Target, SONY, and a number of others, you can see they are very vulnerable and for a lot of reasons.
It only takes one person on the inside, to screw things up. Edward Snowden did it with the NSA and Bradley Manning with the CIA.
Most homes are very vulnerable becuase they are all WIFI and not setup correctly. For those that do, they can be more secure. Add secret service to the mix and you have physical security.
Do you really think Clinton set up her own email server? No. She knows a lot of people in the industry and can be very selective. He data also remains under HER control, HER ownership, and if any of you idiots think your "cloud" data is safe, it just proves how inept you are.
I have to give her security grade a 'C', only because I don't have enough information to do a complete assessment.
In my view assuming there was a need for security the entire fault should lie with state dept allowing emails to be sent and received to and from any domains outside of their administrative influence when conducting "official business".
SMTP Email always get an "F" security rating no matter what. Checking whether webmail interface has a secure cert is like making sure the front gate of your castle is locked and secured while east and west gates remain open to the creepers at the gates.
If you treat federal law the way the secretary of state does, you go to prison.
If you treat IRS rules the way the IRS treats IRS rules, you go to prison
If you treat immigration controls the way our immigration authorities do, you go to prison.
If you’re as careless in your handling of firearms as the ATF is, you go to prison.
If you cook your business’s books the way the federal government cooks its books, you go to prison.
Yet cited email as a tertiary reason for firing the African ambassador.
If email truly wasn't that big a deal why was that listed as a reason for his dismissal. I realize you tack on as much as you can to make it stick, but still reflects bad on her now.
Also it's not what every other Secretary of State did, there's a massive difference in setting up a server you own and are the only one to have 24/7 unfettered access vs using a free email provider.
I'm sure that doesn't fit your narrative.
So you are aware there was a memo put out by Pres O. 24 August 2012 concerning use of private email for state business. While I'll agree not illegal and a no-no it does show a disregard for following procedures set out by your superior.
Next up those emails in your inbox purporting member growth work.
I am Bennett Haselton! I am Bennett Haselton!
Yes, she did. It may not have been against the law just yet, but it was certainly against the State Department's own rules already.
The stupid arrangement left communications of the top American diplomat vulnerable — something Russia and other enemies would be happy to exploit on any day, but fine, a President is not supposed to be proficient in communication security.
But we should discard public servants at the first sign of hypocrisy — and that's exactly, what's on display here. And here...
Citations needed.
Lovers gonna love.
In Soviet Washington the swamp drains you.
She did however break clear and unambiguous State Department Rules.
The fact that she is a Hypocrite is a bonus.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
To be fair ... Obama just found out about it via the news media (really!!!)
“The same time everybody else learned it through news reports,” Obama told CBS News.
Next up? "I will get to the bottom of this"
Followed by .. "Not a smidgen of evidence"
And lastly ... "Phony Scandal"
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
The first thing I did when I saw the discrepancies is look for a test date listed on the page, and here it was: ue Mar 10 09:50:02 PDT 2015 .
So this "B" score was earned literally minutes ago. People who are seeing an "F" are probably seeing cached data.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Did not violate any rules regarding email retention
I'm curious. What is your agenda that you think lying about the situation will improve it? I mean, we know that's the historically Clintonian way of handling things when they get busted, but do you really think it helps when other people do it too, when the lies are so obviously debunked?
The 2009 National Archives regulation requires federal officials to use each agency's established communication archiving systems to retain secured copies of all communication. This federal requirement was very much in effect when she was Secretary of State. She never made arrangements to have her official communications mirrored onto State's servers, and when she left, SHE DID NOT PROVIDE COPIES. She only provided a pile of hardcopies of cherry-picked email printouts once congress discovered that she'd been holding out in violation of the Archives requirement. She got busted, and so she put employees of her family business to the task of pawing through records kept on an unsecure server in her house to decide, with her review, what to pass along. And what a shocker, there are gaps of weeks and months in the records they turned over. This is plain violation of the letter and spirit of the 2009 regulation.
She went out of her way to avoid keeping public records available while being the second person in line to the presidency, and while roaming the world accomplishing almost nothing as SoS, except for soliciting hundreds of millions of dollars for her family's enterprise from people who are the antithesis of what she weakly proclaims are her main ideological grounds for wanting now to be the president. So even if you still think that makes her a good choice, that doesn't change her deliberate violating of federal regulations - and that doesn't even get into whether or not even ONE email on that system included the receipt or transmission of even one classified item - what do you think are the odds that the Secretary of State, in exchanging email with her counterparts overseas, and with senior officials in the White House (including the president) never addressed even one classified issue?
Don't disappoint your bird dog. Go to the range.
You're joking, but people would be shocked how much time politicians spend begging for money. A typical congressman spends more time on an average day raising money than he does on legislative business. And if he's successful at fundraising, his reward is to be forced to spend more time raising money for his less successful colleagues. It's actually kind of a big deal.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
The biggest difference is that no one gives a shit about your toy server, but they might have a fuckload of interest in the personal server of a US Senator and Secretary of State. Yes, I believe that State Department is likely to have better security than the random dipshit she seems to have hired who snagged a cheap GoDaddy cert. It's almost certainly going to have better availability, backup, and disaster recovery.
It is absolutely, 100% not acceptable to run state secrets through a personally maintained server that seems to exist only for the legal reason of giving the owner 4th amendment privacy rights. An officeholder acting in official capacity should have zero expectation of privacy from the organizations they work for. I'm "picking on poor ol' Hillary" for having every appearance of attempting to circumvent disclosure laws.
Dewey, what part of this looks like authorities should be involved?
he was as nutty on fiscal policy as modern teabaggers
What makes fiscal responsibility "nutty"? I find the real nuts to be the crowd who thinks we can borrow as much as we like, while completely ignoring inflation.
...only $200m from Soros? May want to count MoveOn.org, DU, Being Liberal, and a whole host of other endeavors he and his buddies have been dumping way more money into... not even counting MSNBC, a goodly chunk of CNN, Verio, et al. Also, check in with Warren Buffett; he's good for (probably) at least a few hundred million or more (probably way, way more.)
Fact is, the system is soaked with money on both sides, so your original point (shitloads of money corrupting/clouding the election process) is valid, but honestly, they *both* suck.
Quo usque tandem abutere, Nimbus, patientia nostra?
Of the four Sec. of States that were around for email usage in the White House (Clinton and earlier). Two did not use email, Albright and Rice. The only other Secretary of State that used email was Colin Powell. He's admitted that he used a personal account for at least some of his official business. His emails are lost he says. Remember though, he was Sec. of State between 2001 and 2005. The means all of his emails are at least 10 years old by now.
More importantly, what previous holders of the office did does not matter here. Why? For at least a couple reasons. First, the push in recent years is for transparency. If previous holders did actions that are considered bad under the need for transparency and record keeping then continuing what they're doing is not right. Arguing that the previous guy did it and saying that absolves you of responsibility is wrong. Second, And pay attention here, Clinton in '07 in a speech railed against "secret emails" of the Bush administration, calling it cronyism and corruption; and then saying more transparency is needed. It's incredibly hypocritical to talk about that and then do what Clinton did.