Slashdot Mirror
Clinton's Private Email System Gets a Security "F" Rating
Penguinisto writes According to a scan by Qualys, Hillary Clinton's personal e-mail server, which has lately generated more than a little controversy in US political circles, has earned an "F" rating for security from the security vendor. Problems include SSL2 support, a weak signature, and only having support for older TLS protocols, among numerous other problems. Note that there are allegations that the email server was possibly already hacked in 2013. (Note: Mrs. Clinton plans on Giving a press conference to the public today on the issue.)
I mean, the only security they seemed to be interested in was keeping the emails out of the hands of people with subpoenas, FOIA requests and such.
Do you have ESP?
Before Obama I thought anyone who didn't have the name of Bush or Clinton would be a good choice (dynasty issues). Apparently it is not enough to elect someone with a different last name than Bush or Clinton. The only sensible choice is to elect someone without a last name. Which one of these would you vote for? President Gaga. President Madonna. President the Artist formerly known as Prince. President Xzibit. President [Your Choice].
Funny - I clicked on the link and the rating is a B. No ambiguity about it and not the result of a hasty recent security update (the site was assessed on Sat Mar 07 22:39:37 PST 2015). Where does this headline and summary come from?
Did not violate any rules regarding email retention - rules were created after. Did what every other Secretary of State did in regards to email. Bush was president - so no, Hillary is not a bad choice.
Bad H! She should have used them gov't servers, which are D-
Table-ized A.I.
I just checked and it says "F" in a bright red box.
SSL Report: mail.clintonemail.com (64.94.172.146)
What IP address did YOU see? Maybe there's more than one server being polled?
I have been in the IT field for 30 years and I specialize in information security. Penetration testing and forensic investigations is what I do.
I do not agree with the assessment. Many argue that homes are more vulnerable, but even if it's the average home, it's far easier to find a disgruntled employee in some "cloud" service company and if you look at headlines in recent years like DRM, Target, SONY, and a number of others, you can see they are very vulnerable and for a lot of reasons.
It only takes one person on the inside, to screw things up. Edward Snowden did it with the NSA and Bradley Manning with the CIA.
Most homes are very vulnerable becuase they are all WIFI and not setup correctly. For those that do, they can be more secure. Add secret service to the mix and you have physical security.
Do you really think Clinton set up her own email server? No. She knows a lot of people in the industry and can be very selective. He data also remains under HER control, HER ownership, and if any of you idiots think your "cloud" data is safe, it just proves how inept you are.
I have to give her security grade a 'C', only because I don't have enough information to do a complete assessment.
I don't know whether to moderate you as Flamebait or Insightful, so I'll just leave this here.
No sig? Sigh...
In my view assuming there was a need for security the entire fault should lie with state dept allowing emails to be sent and received to and from any domains outside of their administrative influence when conducting "official business".
SMTP Email always get an "F" security rating no matter what. Checking whether webmail interface has a secure cert is like making sure the front gate of your castle is locked and secured while east and west gates remain open to the creepers at the gates.
If you treat federal law the way the secretary of state does, you go to prison.
If you treat IRS rules the way the IRS treats IRS rules, you go to prison
If you treat immigration controls the way our immigration authorities do, you go to prison.
If you’re as careless in your handling of firearms as the ATF is, you go to prison.
If you cook your business’s books the way the federal government cooks its books, you go to prison.
Obama wasn't a good choice either. I do not expect the President to be an IT professional, but being the "leader of the free world" he should be at least looking at the "From:" line of emails he receives. We know he uses email, as much was made of integrating his Blackberry with the executive branch email systems when he came into office. Secretary Clinton must have sent emails to the President at some time. How can he claim he didn't realize she wasn't using the executive branch email systems? Security is everyone's responsibility. He should have told her she was out of compliance and refused to correspond with her in that manner.
Gamingmuseum.com: Give your 3D accelerator a rest.
Yet cited email as a tertiary reason for firing the African ambassador.
If email truly wasn't that big a deal why was that listed as a reason for his dismissal. I realize you tack on as much as you can to make it stick, but still reflects bad on her now.
Also it's not what every other Secretary of State did, there's a massive difference in setting up a server you own and are the only one to have 24/7 unfettered access vs using a free email provider.
I'm sure that doesn't fit your narrative.
So you are aware there was a memo put out by Pres O. 24 August 2012 concerning use of private email for state business. While I'll agree not illegal and a no-no it does show a disregard for following procedures set out by your superior.
Next up those emails in your inbox purporting member growth work.
I am Bennett Haselton! I am Bennett Haselton!
Yes, she did. It may not have been against the law just yet, but it was certainly against the State Department's own rules already.
The stupid arrangement left communications of the top American diplomat vulnerable — something Russia and other enemies would be happy to exploit on any day, but fine, a President is not supposed to be proficient in communication security.
But we should discard public servants at the first sign of hypocrisy — and that's exactly, what's on display here. And here...
Citations needed.
Lovers gonna love.
In Soviet Washington the swamp drains you.
Mrs. Clinton broke no laws at all. The laws requiring saving of emails by officials were passed after Mr. Clinton left office.
Nice attempt at obfuscation there. This has nothing to do with when Bill Clinton was President. This is about how Hillary Clinton handled her email while she was Secretary of State under President Obama.
#DeleteChrome
Just like the NSA surveillance programs, this isn't about "legal" vs "not legal". The NSA surveillance programs are "legal", but almost everyone outside of certain parts of the government understand that they shouldn't be. This is about choosing to circumvent systems that are in place to preserve access and security, in ways that possibly damaged national security. Should a person who would do that be elected President? Ms. Clinton is not her husband. Perhaps her best defense right now is that this was common practice. She may have been the last Secretary of State to use personal e-mail, but she was far from the first.
She did however break clear and unambiguous State Department Rules.
The fact that she is a Hypocrite is a bonus.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
To be fair ... Obama just found out about it via the news media (really!!!)
“The same time everybody else learned it through news reports,” Obama told CBS News.
Next up? "I will get to the bottom of this"
Followed by .. "Not a smidgen of evidence"
And lastly ... "Phony Scandal"
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Nonsense. LBJ, despite getting mired in the Vietnam War, had many effective strengths as a politician. I believe here, Jeb Bush is referring to LBJ's ability to get bipartisan support for his legislation. While I don't have a problem with politicians who can "work across the aisle", I find this suspiciously like George W. Bush, who said much the same thing and then abandoned bipartisanship for a significant part of his tenure.
In comparison, I find Hillary Clinton's casual and persistent corruption and selective rule breaking to be a worse thing than Jeb Bush's choice of role models. Still I wouldn't be broken up, if neither ever was ever elected president.
Why not? Current POTUS wasn't tested nor ready to lead.
I am Bennett Haselton! I am Bennett Haselton!
These are just politicians. They probably just forward porn and memes to eachother all day long, and occasionally mail some billionaire to ask for a donation..
Troll is not a replacement for I disagree.
Now there's no excuse. The NSA should definitely have backups of those emails. Crisis averted everyone.
The first thing I did when I saw the discrepancies is look for a test date listed on the page, and here it was: ue Mar 10 09:50:02 PDT 2015 .
So this "B" score was earned literally minutes ago. People who are seeing an "F" are probably seeing cached data.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Did not violate any rules regarding email retention
I'm curious. What is your agenda that you think lying about the situation will improve it? I mean, we know that's the historically Clintonian way of handling things when they get busted, but do you really think it helps when other people do it too, when the lies are so obviously debunked?
The 2009 National Archives regulation requires federal officials to use each agency's established communication archiving systems to retain secured copies of all communication. This federal requirement was very much in effect when she was Secretary of State. She never made arrangements to have her official communications mirrored onto State's servers, and when she left, SHE DID NOT PROVIDE COPIES. She only provided a pile of hardcopies of cherry-picked email printouts once congress discovered that she'd been holding out in violation of the Archives requirement. She got busted, and so she put employees of her family business to the task of pawing through records kept on an unsecure server in her house to decide, with her review, what to pass along. And what a shocker, there are gaps of weeks and months in the records they turned over. This is plain violation of the letter and spirit of the 2009 regulation.
She went out of her way to avoid keeping public records available while being the second person in line to the presidency, and while roaming the world accomplishing almost nothing as SoS, except for soliciting hundreds of millions of dollars for her family's enterprise from people who are the antithesis of what she weakly proclaims are her main ideological grounds for wanting now to be the president. So even if you still think that makes her a good choice, that doesn't change her deliberate violating of federal regulations - and that doesn't even get into whether or not even ONE email on that system included the receipt or transmission of even one classified item - what do you think are the odds that the Secretary of State, in exchanging email with her counterparts overseas, and with senior officials in the White House (including the president) never addressed even one classified issue?
Don't disappoint your bird dog. Go to the range.
Did not violate any rules regarding email retention - rules were created after. Did what every other Secretary of State did in regards to email. Bush was president - so no, Hillary is not a bad choice.
Clearly this logic explains how Obama got elected. Twice.
Obviously we only measure our leaders on their ability to circumvent laws, not enforce them. She got an A rating.
I'd say leaving office apparently broke and then making shitloads-times-fuckloads of money later, is a sign of a successful president.
Well, then President Clinton neatly skirts any accusation of being successful by that metric: http://www.washingtonpost.com/...
They left office not just with millions, but also with the White House dinnerware: http://abcnews.go.com/Politics...
What about those with a last name and no first? Teller? First president who won't utter a lie?
Yes it's an anecdote! Were you expecting original research in a Slashdot comment?
Yet cited email as a tertiary reason for firing the African ambassador.
Installing a private Internet connection in your Dept. Of State office bathroom, in order to bypass the government link is a far cry from running a mail server out of your home.
There's a massive difference in setting up a server you own and are the only one to have 24/7 unfettered access vs using a free email provider.
That's for sure! We've all seen how secure Yahoo, AOL and Google email accounts are. That is not to say running a private email server is a walk in the park. Just because someone uses a free email provider doesn't mean they'll have a more secure server.
So you are aware there was a memo put out by Pres O. 24 August 2012 concerning use of private email for state business.
You do realize she'd set this server up in 2009 and left in Feb 2013? So she continued to use her own server her last five months, rather than do a disruptive move to the State server, when she already knew she was leaving in a few months. Your point?
For 36 years, except for the period 2013-2017, there will have been either a Clinton or a Bush, in or next to the Big Chair.
Let's try something else for a while, OK.
He's too smart to take the job though.
Looks like news came out today that the White House knew of the private domain issue.
"Press Secretary Josh Earnest corrected the statement, saying that the president must have known about Clinton’s private account because he [POTUS] had emailed that account for four years while Clinton served as his Secretary of State."
So, now we have another agency that knows that did nothing as well.
I had someone who did SECRET-grade e-mails setup in the military write the following to me:
Not sure there are biometrics installed in the Clinton home in Chappaqua. ..bruce..
Bruce F. Webster (brucefwebster.com)
hilary isnt the second in line. the vice president is. :/
The VP is first in line. :/
But then it goes to the speaker of the house, president pro tempore and then secretary of state.
"A plan fiendishly clever in its intricacies"- Homer Simpson
She was NEVER in-line for being president.
Ah, I typo-ed. She was fourth in line, not second. You know, because of that pesky US Constitution, which says so in plain language as it establishes the presidential line of succession. Your idea of "never" is pretty strange, but it sure does make you sound righteous enraged and all! You're probably so furious that your hands were shaking too badly to use Google. Here, I'll help you:
http://en.wikipedia.org/wiki/U...
As for "factual explanation," you're really going to cite a quote that refers to a blogger at Media Matters, the proudly partisan organization that exists specifically to boost the Clintons' political endeavors? Every one of Clinton's usual proxies are of course out spinning like crazy to say the situation is "muddy." Of course that's what they want to say. The NARA is clear: you don't get to be Secretary of State and hide your emails from your agency's archiving system. That's a federal regulation that she deliberately went out of her way to avoid. And her response when busted on it? Printed-out emails, deliberately avoiding all of the forensic details that come with email headers and date/time stamps, and forcing State to spend untold man hours scanning and transcribing, when she could simply be transparent about it and provide them electronically. Typical Clinton stonewalling at its finest.
Don't disappoint your bird dog. Go to the range.
Easy! All we need to do is match the combined $890B that the Koch network is dumping in to the GOP, and the $200M that Soros is dumping in to the Democrats, along with whatever funding the parties themselves have fenangled. Then we have to get the networks owned and controlled by interested barties to both run our ads AND present our candidate fairly in their "news" coverage.
This is such an easy task that the blame clearly lies with the person that went out and voted third party instead of performing this trivial task.
So far, everything I've seen says she didn't break any rules.
She deliberately broke not only her boss's rules, but violated the rules she forced her own staffers to follow. But beyond that, she violated a plainly worded federal regulation: According to Section 1236.22 of the 2009 NARA requirements, “Agencies that allow employees to send and receive official electronic mail messages using a system not operated by the agency must ensure that Federal records sent or received on such systems are preserved in the appropriate agency recordkeeping system.”
.. and she had her own family business employees print out, on paper, a culled/filtered collection of messages that have weeks-long and months-long gaps in the records - and no independent entity can say what criteria she used to decide what was, or was not official. And if even a single email exchanged between her and some other party in the course of her entire tenure as the country's chief diplomat involved any classified information, there's another whole area of federal law that comes into play.
She made no provision to make that happen while she was Secretary of State, and nor did she pass along any of those records as she left office. She set up a private server in her house to avoid complying with both the administration's own rules and that very specific federal regulation. And once a congressional investigation had their fill of her stonewalling and realized why State wasn't sending them any of her correspondence, they told her to cough them up
Don't disappoint your bird dog. Go to the range.
he was as nutty on fiscal policy as modern teabaggers
What makes fiscal responsibility "nutty"? I find the real nuts to be the crowd who thinks we can borrow as much as we like, while completely ignoring inflation.
I will be very disappointed if Clinton opponents don't use some version of an ad that highlights this.
And following that, the Democrats will put up the exact same ad, but featuring Jeb Bush.
There have been a bunch of Republicans who have admitted to using their own (non-governmental) email systems, two of which were also former secretaries of state:
Condoleezza Rice
Apparently not: http://www.politico.com/story/...
Because no one else within either party is allowed to run in their primaries right? Seriously people, there are other folks in these parties. I was quite a fan of Huntsman back in the '12 Republican primaries, but everytime I brought him up, the liberals said he wasn't liberal enough and the conservatives said he wasn't conservative enough. It's so laughable.
Go vote in primaries people!!! SERIOUSLY! Open primary states are the easiest. But if you're closed primary, register as Dem or Rep and go vote. I'm tired of all of your lazy asses whining about lack of choices when you won't engage in minimal effort.
...only $200m from Soros? May want to count MoveOn.org, DU, Being Liberal, and a whole host of other endeavors he and his buddies have been dumping way more money into... not even counting MSNBC, a goodly chunk of CNN, Verio, et al. Also, check in with Warren Buffett; he's good for (probably) at least a few hundred million or more (probably way, way more.)
Fact is, the system is soaked with money on both sides, so your original point (shitloads of money corrupting/clouding the election process) is valid, but honestly, they *both* suck.
Quo usque tandem abutere, Nimbus, patientia nostra?
Of the four Sec. of States that were around for email usage in the White House (Clinton and earlier). Two did not use email, Albright and Rice. The only other Secretary of State that used email was Colin Powell. He's admitted that he used a personal account for at least some of his official business. His emails are lost he says. Remember though, he was Sec. of State between 2001 and 2005. The means all of his emails are at least 10 years old by now.
More importantly, what previous holders of the office did does not matter here. Why? For at least a couple reasons. First, the push in recent years is for transparency. If previous holders did actions that are considered bad under the need for transparency and record keeping then continuing what they're doing is not right. Arguing that the previous guy did it and saying that absolves you of responsibility is wrong. Second, And pay attention here, Clinton in '07 in a speech railed against "secret emails" of the Bush administration, calling it cronyism and corruption; and then saying more transparency is needed. It's incredibly hypocritical to talk about that and then do what Clinton did.
Just for context here. Clinton called himself the Black Sheep of the Bush family. And W. Bush called Hillary his step-sister when asked to talk about the possibility of Jeb facing Hillary.
I am not an Obama supporter. I did not vote for him, donate to him, or otherwise assist his campaign. And yet, I'd give him a pass if this is the only reason he'd have for knowing that she had a private server. When I email someone, I typically don't have the foggiest idea whether that address is served by Google, Yahoo, the CIA, or a Pentium in their basement. While her email address wasn't @state.gov, I wouldn't put it past a government official to think, "oh, wonder how she got State to set that up for her?" and then never thinking about it again.
Dewey, what part of this looks like authorities should be involved?
You do realize she'd set this server up in 2009 and left in Feb 2013? So she continued to use her own server her last five months, rather than do a disruptive move to the State server, when she already knew she was leaving in a few months.
So how disruptive would it have been to just set up the MX record to point to a professionally managed government owned mail server?
Apocalypse Cancelled, Sorry, No Ticket Refunds